oracle secure backup - oracle | integrated cloud ... oracle secure backup (osb) enterprise tape...
TRANSCRIPT
<Insert Picture Here>
Oracle Secure Backup 10.3Secure Your Data, Protect Your Budget
2
<Insert Picture Here>
Program Agenda
• Oracle Secure Backup Overview • What’s New in Oracle Secure Backup 10.3• Ease of Management• Data Protection: Security• Advanced Media and Device Management• Summary• Q & A
3
Oracle Secure Backup (OSB) Enterprise Tape Backup Management
Oracle Enterprise Manager
Oracle DatabaseOracle Database
RMAN Integration
Oracle Secure Backup
Tape Library
Virtual Tape
Library (VTL)
Protects Entire IT Environment
•Oracle Database 11g Release 2 back to Oracle9i
•25 – 40% faster tape backup•Heterogeneous file systems (UNIX/ Linux / Windows) and NAS devices
•Built-in Oracle Integration•Centralized management in distributed environments
•Over 75% less expensive than comparable products
File System DataFile System Data
4
Oracle Integrated SolutionSecure Backup (OSB), Recovery Manager (RMAN), and Enterprise Manager (EM)
• Performance optimizations: RMAN and OSB cloud or tape backups• Unused block compression • Eliminate backup of committed undo • Shared buffer between RMAN and OSB improves CPU utilization
• Tape vaulting optimizations: OSB and RMAN integration • RMAN restore database preview identifies offsite backup tapes• RMAN restore database preview recall initiates OSB recall of
tapes for restoration• Management Interface: OSB and EM Grid Control
• Manage file system and Oracle database data protection and administration for the backup domain
5
Centralized Tape Backup ManagementClient / Server Architecture
LANAdministrative
Server
Clients
Media Server(s)
Tape Library Virtual Tape Library (VTL)
Central Management • Data protection for heterogeneous, distributed
servers managed from a central console, Administrative Server
• Media servers may be direct-attached or SAN-attached to tape devices
• OSB communicates directly with the client host to backup mounted file systems and storage
• Oracle database(s) may be located on any client or media server within the backup domain
NAS
UNIX / Linux / Windows
Storage
6
Oracle Secure Backup 10.3 Key New Features
• Advanced tape management• Server-less tape duplication for Virtual Tape Libraries (VTL)• Improved tape vaulting automation and management
• Expanded backup encryption options:• Support LTO-4 tape drive encryption• Seamless key management between host-based or LTO-4
encryption• IPv6 support• Improved manageability:
• Progress status reported during backup / restore• Device configuration accuracy checks• New monitor user class complementing EM Grid capabilities
Advanced Functionality at NO Extra Cost!
7
IT Cost Savings… 75%+Migration to Oracle Secure Backup
Imagine how much annual maintenance you’ll save!!!Oracle Secure Backup is licensed at $3500 per tape drive.
8
FeatureOracle Secure
BackupOracle Secure
Backup Express
Integration with RMAN
File system backups
Multiple tape drives or servers No
Networked backups No
Backup encryption No
Vaulting NoTape duplication NoFree, bundled with Oracle No
Two Editions Protecting all Oracle Database Editions
9
<Insert Picture Here>
Ease of Management
10
Oracle EM Grid 10.2.0.5 OSB Domain Management
Oracle Enterprise Manager Grid 10.2.0.5
New Integration•File system backup / restore
•Media lifecycle management
•Media families, vaulting and duplication
•Browse host files, then select for one-time backup or dataset creation
•Restore by backup or selected files within the backup
Oracle DatabaseOracle Database
RMAN Integration
Oracle Secure BackupFile System DataFile System Data
OSB Administrative ServerMonitored by EM with EM alerting and notifications
11
File System Protection UNIX / Linux / Windows and NAS Devices
File System DataFile System Data
• File system backup / restore management
• EM Grid Control 10.2.0.5, OSB web tool or unified command line (obtool)
• Recurring backup schedule or “Backup Now”
• Full, incremental, and offsite backup levels
• Backup / restore of Network Attached Storage (NAS) devices using Network Data Management Protocol (NDMP)
• Standards-complaint tape format: extended TAR or NDMP dump
• Tree-style catalog browsing for restoration to original or alternate location• Automatic recall of tapes located offsite to perform the restore operation
• Refer to the certification matrix on metalink.oracle.com for list of supported platforms, operating systems and NAS devices
12
Oracle Database ProtectionRMAN and OSB Integration
• Oracle database backup / recovery management• Utilize RMAN or Oracle EM (DB Control or Grid Control) restoring to original or
alternate location• Oracle Secure Backup provides the media management layer for RMAN
• Exclusive performance optimizations achieving 25 – 40% faster backup• Exclusive vaulting integrations identifying and recalling offsite tape for restore• Encrypted backups using either RMAN or OSB encryption capabilities
• Metadata regarding RMAN backup pieces is maintained within OSB catalog• Volumes may be queried for list of backup pieces contained by volume
• User-defined tape retention methodology for Oracle database backups • Leverage RMAN retention parameters (content-managed tapes)
• RMAN delete obsolete command updates OSB catalog• OSB keep time setting (time-managed tapes)
Oracle DatabaseOracle Database
RMAN Integration
13
Domain AdministrationMore Control at Your Finger Tips
Extend a tape’s expiration date
Enable or disable schedules
Remove volumes from the catalog (Physically lost tapes)
Check progress of job – how much data backed up thus far
Define name displayed in “from” line of OSB generated emails
Inventory all or part of a library
New In OSB 10.3
14
Oracle Secure Backup Catalog Automated Backup of the Administrative Server
• Catalog protection is pre-configured:• Unique dataset created containing all catalog
directories on the Administrative Server• Media family specific to the catalog defined
insuring the tapes are readily identifiable• Catalog backup scheduled and ready for user-
input on frequency of backups• New dataset directive: “Include Catalog”
• Captures all catalog directories without having to explicitly list them
Tape Device
15
Broad Tape Device Support
• Support for over 200 new and legacy devices• SCSI, Fibre, SAS and iSCSI connectivity• Dynamic drive sharing maximizes tape drive utilization in SANs
PartnersPhysical and Virtual Devices
16
Device Configuration - AccuracyVerify Utility and Policy
•OSB vfylibs command verifies accuracy of configuration
•Device policy, checkserialnumbers, identifies drive changes alerting possible mis-configuration
____________________________________________________________________________________
____________________________________________________________________________________________________________
DTE1
DTE2
DTE3
Tape Library
Storage Elements
Media Server
New In OSB 10.3
•Vfylibs utility should be run after any device updates
•Serial number checking policy proactively queries for device changes
Attach points
“Houston, we have a problem”
17
<Insert Picture Here>
Data Protection: Security
18
Security: Data and Backup Domain Policy-Based Management
• Guarding access to the backup domain• User-level access control• Direct access to tape devices restricted to
“Trusted” hosts• Embedded SSL technology provides secure transport of backup data
and messages between two-way authenticated servers
• Securing backup data on tape• Backup encryption protects data on tape while onsite, offsite or lost• User selectable encryption algorithms AES128, AES192 or AES256• Backup encryption policies at backup, host or domain level
19
Users-Level Access Control
osbuser1 can only backup and restore data
accessible to
UNIX name: jdoe
UNIX group: sysadmin
“User Class” assigns the user to a set of Oracle Secure
Backup specific privileges.
• OSB user may have preauthorized access eliminating the login process• Performing Oracle database backups using RMAN requires RMAN userpreauthorization within OSB
20
• A unique, identifying X.509 certificate is automatically created during installation
• The OSB Administrative Server is the Certificate Authority (CA)
TWO-WAY HOST AUTHENTICATION
Proven SSL Embedded TechnologyDelivers Two Important Security Requirements
• OSB messages and data are encrypted as part of SSL communication
• Encrypted backups are not re-encrypted for transport
PROTECTS DATA WHILE IN TRANSIT
LAN
SSL decryption upon arrival
101010 101001
010101000 1010010101
Client
Media Server
Tape Library
NOTE: OSB embedded SSL benefits do not apply to NAS hosts
21
Host-based and Hardware Encryption Backup Encryption Per User-Policies
OSB Host-based Encryption:• Encryption performed on the
host• AES128, AES192 or AES256
algorithms
Seamless Encryption Key ManagementLTO-4 Tape Drive Encryption:
• Encryption performed by the LTO-4 tape drive
• AES256 algorithm• Backups from NAS hosts
may be encrypted
New In OSB 10.3
• Encryption policies defined at global, host, volume or backup level
• OSB Key generation: Transparent or passphrase
• Rekey frequency per user policy• Encryption keys stored centrally on
Administrative Server
22
Transient Backup Encryption
• Ideal for backups intended to be restored at alternate site or OSB domain
• Transient encrypted backups are one-off type backups• Configured as part of an immediate backup not backup schedule• User-defined passphrase generates encryption key for the backup job
which applies to all volumes in the set• Prior to restore within alternate OSB domain, tapes must first be
imported to update the OSB catalog• Passphrase input during restore decrypts backup
Site A Site B
Oracle Secure Backup Oracle Secure Backup
Decrypted
23
<Insert Picture Here>
Advanced Media and Device Management
24
Media Management:Retention, Duplication and Vaulting
• Tapes managed from first write to reuse based on user-defined media families, duplication and rotation policies
25
Tape ManagementAs Easy as 1,2,3,4,5….
Define tape pools, storage locations, policies and schedules:
Media Family(s)
11
Association: Map policy(s) to media family
44
Schedules: Vaulting, duplication
55
Policies: Vaulting, Duplication
33
Storage* Location(s)
22
*OSB automatically defines active locations(tape devices) for all configured devices.
26
Rotation and Duplication Policies Automates Rotation of Tapes Between Locations
Media Family
Rotation Policy• Tapes are moved between
locations based on rotation policy• Defines which locations the tapes will
reside and duration at each location• Trigger for when tapes eligible to move
Duplication Policy• Defines which media family
duplicate will use (same or different from original tapes)
• # of duplicate copies needed• Trigger for when tapes eligible for
duplicationOptional: Associate a rotation and / or duplication policy to a media family
27
Vaulting and Duplication Scan Schedules Rotates or Duplicates Eligible Tapes Per Policy
Schedules: • Each schedule has
associated trigger
• Scans OSB catalog identifying eligible tapes for rotation or duplication per respective policies
• Multiple schedules may used with each designing different locations
Trigger(s) Defined Per Schedule
This example includes 3 triggers.
28
Vaulting Scan ScheduleIdentifies Tapes by Location and Media Family
Vaulting schedules may be defined:
• Globally• Per location• By media family (new in OSB 10.3)
Media Family
Locations
Storage or Active
Based on vaulting schedule triggers, OSB scans the catalog to determine which tapes are eligible for rotation per the user-defined rotation policy.
29
Managing Tape Vaulting
• Vaulting scan generates a media movement job• “Vault Now”, one-off scan outside of regular schedule – New in OSB 10.3• Based on triggers associated with Vaulting Scan Schedules
• Media Movement job includes all tapes eligible for rotation per policy• This job can run automatically or have pending status until run by user• Each media movement job has associated pick and distribution report
• Reporting• Pick and distribution reports• Location, schedule and exception reports• “In transit” and “missing” (as marked by user) reports – New in OSB 10.3
30
Automated Tape Duplication
• Tape duplication may occur per policy or on one-off, on-demand basis• Migrate option copies the tape then deletes the original
• Commonly used to reclaim space on VTL for backup jobs• Seamlessly restore from original or duplicate tape
• OSB will automatically choose tape in closest physical proximity• Original and duplicate tapes uniquely identified within OSB catalog• Duplicate tapes may have the same or different retention and rotation
schedule
Original : “X”Media Family
Duplicate –“X” Media Family
Duplicate –“Y” Media Family
31
Server-less Tape Duplication
• Increased duplication performance
• Eliminates data movement through media server
• OSB catalog updated with metadata of duplicate tape
• VTL must support NDMP tape copy functionality
Traditional Tape Duplication
Server-less Tape Duplication
Media Server
Administrative Server
VTL
Physical Tape Library
Duplicated backup data
Metadata, control messages
New In OSB 10.3
Media Server
VTL
Physical Tape Library
32
Policy-Based Media Management…In Action
• Tapes duplicated to another media family may have different retention and rotation schedule than original tape
5-Week Tape Retention
2-Year Tape Retention
33
<Insert Picture Here>
Summary:
Enterprise Data Protection
Multi-faceted Security
Advanced Media Management
34
• Reliable, built-in integration with Oracle
• 25 – 40% faster Oracle database backup to tape
• Data protection for your entire IT environment
• Advanced policy-based data protection management
• 75%+ less expensive than comparable products
Why Oracle Secure Backup? — Top 5 Reasons
11
22
33
44
55
35