Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23 Advanced Media and...

35
<Insert Picture Here> Oracle Secure Backup 10.3 Secure Your Data, Protect Your Budget

Transcript of Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23 Advanced Media and...

Page 1: Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23  Advanced Media and Device Management. 24 Media Management: Retention, Duplication

<Insert Picture Here>

Oracle Secure Backup 10.3Secure Your Data, Protect Your Budget

Page 2: Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23  Advanced Media and Device Management. 24 Media Management: Retention, Duplication

2

<Insert Picture Here>

Program Agenda

• Oracle Secure Backup Overview • What’s New in Oracle Secure Backup 10.3• Ease of Management• Data Protection: Security• Advanced Media and Device Management• Summary• Q & A

Page 3: Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23  Advanced Media and Device Management. 24 Media Management: Retention, Duplication

3

Oracle Secure Backup (OSB) Enterprise Tape Backup Management

Oracle Enterprise Manager

Oracle DatabaseOracle Database

RMAN Integration

Oracle Secure Backup

Tape Library

Virtual Tape

Library (VTL)

Protects Entire IT Environment

•Oracle Database 11g Release 2 back to Oracle9i

•25 – 40% faster tape backup•Heterogeneous file systems (UNIX/ Linux / Windows) and NAS devices

•Built-in Oracle Integration•Centralized management in distributed environments

•Over 75% less expensive than comparable products

File System DataFile System Data

Page 4: Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23  Advanced Media and Device Management. 24 Media Management: Retention, Duplication

4

Oracle Integrated SolutionSecure Backup (OSB), Recovery Manager (RMAN), and Enterprise Manager (EM)

• Performance optimizations: RMAN and OSB cloud or tape backups• Unused block compression • Eliminate backup of committed undo • Shared buffer between RMAN and OSB improves CPU utilization

• Tape vaulting optimizations: OSB and RMAN integration • RMAN restore database preview identifies offsite backup tapes• RMAN restore database preview recall initiates OSB recall of

tapes for restoration• Management Interface: OSB and EM Grid Control

• Manage file system and Oracle database data protection and administration for the backup domain

Page 5: Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23  Advanced Media and Device Management. 24 Media Management: Retention, Duplication

5

Centralized Tape Backup ManagementClient / Server Architecture

LANAdministrative

Server

Clients

Media Server(s)

Tape Library Virtual Tape Library (VTL)

Central Management • Data protection for heterogeneous, distributed

servers managed from a central console, Administrative Server

• Media servers may be direct-attached or SAN-attached to tape devices

• OSB communicates directly with the client host to backup mounted file systems and storage

• Oracle database(s) may be located on any client or media server within the backup domain

NAS

UNIX / Linux / Windows

Storage

Page 6: Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23  Advanced Media and Device Management. 24 Media Management: Retention, Duplication

6

Oracle Secure Backup 10.3 Key New Features

• Advanced tape management• Server-less tape duplication for Virtual Tape Libraries (VTL)• Improved tape vaulting automation and management

• Expanded backup encryption options:• Support LTO-4 tape drive encryption• Seamless key management between host-based or LTO-4

encryption• IPv6 support• Improved manageability:

• Progress status reported during backup / restore• Device configuration accuracy checks• New monitor user class complementing EM Grid capabilities

Advanced Functionality at NO Extra Cost!

Page 7: Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23  Advanced Media and Device Management. 24 Media Management: Retention, Duplication

7

IT Cost Savings… 75%+Migration to Oracle Secure Backup

Imagine how much annual maintenance you’ll save!!!Oracle Secure Backup is licensed at $3500 per tape drive.

Page 8: Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23  Advanced Media and Device Management. 24 Media Management: Retention, Duplication

8

FeatureOracle Secure

BackupOracle Secure

Backup Express

Integration with RMAN

File system backups

Multiple tape drives or servers No

Networked backups No

Backup encryption No

Vaulting NoTape duplication NoFree, bundled with Oracle No

Two Editions Protecting all Oracle Database Editions

Page 9: Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23  Advanced Media and Device Management. 24 Media Management: Retention, Duplication

9

<Insert Picture Here>

Ease of Management

Page 10: Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23  Advanced Media and Device Management. 24 Media Management: Retention, Duplication

10

Oracle EM Grid 10.2.0.5 OSB Domain Management

Oracle Enterprise Manager Grid 10.2.0.5

New Integration•File system backup / restore

•Media lifecycle management

•Media families, vaulting and duplication

•Browse host files, then select for one-time backup or dataset creation

•Restore by backup or selected files within the backup

Oracle DatabaseOracle Database

RMAN Integration

Oracle Secure BackupFile System DataFile System Data

OSB Administrative ServerMonitored by EM with EM alerting and notifications

Page 11: Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23  Advanced Media and Device Management. 24 Media Management: Retention, Duplication

11

File System Protection UNIX / Linux / Windows and NAS Devices

File System DataFile System Data

• File system backup / restore management

• EM Grid Control 10.2.0.5, OSB web tool or unified command line (obtool)

• Recurring backup schedule or “Backup Now”

• Full, incremental, and offsite backup levels

• Backup / restore of Network Attached Storage (NAS) devices using Network Data Management Protocol (NDMP)

• Standards-complaint tape format: extended TAR or NDMP dump

• Tree-style catalog browsing for restoration to original or alternate location• Automatic recall of tapes located offsite to perform the restore operation

• Refer to the certification matrix on metalink.oracle.com for list of supported platforms, operating systems and NAS devices

Page 12: Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23  Advanced Media and Device Management. 24 Media Management: Retention, Duplication

12

Oracle Database ProtectionRMAN and OSB Integration

• Oracle database backup / recovery management• Utilize RMAN or Oracle EM (DB Control or Grid Control) restoring to original or

alternate location• Oracle Secure Backup provides the media management layer for RMAN

• Exclusive performance optimizations achieving 25 – 40% faster backup• Exclusive vaulting integrations identifying and recalling offsite tape for restore• Encrypted backups using either RMAN or OSB encryption capabilities

• Metadata regarding RMAN backup pieces is maintained within OSB catalog• Volumes may be queried for list of backup pieces contained by volume

• User-defined tape retention methodology for Oracle database backups • Leverage RMAN retention parameters (content-managed tapes)

• RMAN delete obsolete command updates OSB catalog• OSB keep time setting (time-managed tapes)

Oracle DatabaseOracle Database

RMAN Integration

Page 13: Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23  Advanced Media and Device Management. 24 Media Management: Retention, Duplication

13

Domain AdministrationMore Control at Your Finger Tips

Extend a tape’s expiration date

Enable or disable schedules

Remove volumes from the catalog (Physically lost tapes)

Check progress of job – how much data backed up thus far

Define name displayed in “from” line of OSB generated emails

Inventory all or part of a library

New In OSB 10.3

Page 14: Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23  Advanced Media and Device Management. 24 Media Management: Retention, Duplication

14

Oracle Secure Backup Catalog Automated Backup of the Administrative Server

• Catalog protection is pre-configured:• Unique dataset created containing all catalog

directories on the Administrative Server• Media family specific to the catalog defined

insuring the tapes are readily identifiable• Catalog backup scheduled and ready for user-

input on frequency of backups• New dataset directive: “Include Catalog”

• Captures all catalog directories without having to explicitly list them

Tape Device

Page 15: Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23  Advanced Media and Device Management. 24 Media Management: Retention, Duplication

15

Broad Tape Device Support

• Support for over 200 new and legacy devices• SCSI, Fibre, SAS and iSCSI connectivity• Dynamic drive sharing maximizes tape drive utilization in SANs

PartnersPhysical and Virtual Devices

Page 16: Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23  Advanced Media and Device Management. 24 Media Management: Retention, Duplication

16

Device Configuration - AccuracyVerify Utility and Policy

•OSB vfylibs command verifies accuracy of configuration

•Device policy, checkserialnumbers, identifies drive changes alerting possible mis-configuration

____________________________________________________________________________________

____________________________________________________________________________________________________________

DTE1

DTE2

DTE3

Tape Library

Storage Elements

Media Server

New In OSB 10.3

•Vfylibs utility should be run after any device updates

•Serial number checking policy proactively queries for device changes

Attach points

“Houston, we have a problem”

Page 17: Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23  Advanced Media and Device Management. 24 Media Management: Retention, Duplication

17

<Insert Picture Here>

Data Protection: Security

Page 18: Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23  Advanced Media and Device Management. 24 Media Management: Retention, Duplication

18

Security: Data and Backup Domain Policy-Based Management

• Guarding access to the backup domain• User-level access control• Direct access to tape devices restricted to

“Trusted” hosts• Embedded SSL technology provides secure transport of backup data

and messages between two-way authenticated servers

• Securing backup data on tape• Backup encryption protects data on tape while onsite, offsite or lost• User selectable encryption algorithms AES128, AES192 or AES256• Backup encryption policies at backup, host or domain level

Page 19: Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23  Advanced Media and Device Management. 24 Media Management: Retention, Duplication

19

Users-Level Access Control

osbuser1 can only backup and restore data

accessible to

UNIX name: jdoe

UNIX group: sysadmin

“User Class” assigns the user to a set of Oracle Secure

Backup specific privileges.

• OSB user may have preauthorized access eliminating the login process• Performing Oracle database backups using RMAN requires RMAN userpreauthorization within OSB

Page 20: Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23  Advanced Media and Device Management. 24 Media Management: Retention, Duplication

20

• A unique, identifying X.509 certificate is automatically created during installation

• The OSB Administrative Server is the Certificate Authority (CA)

TWO-WAY HOST AUTHENTICATION

Proven SSL Embedded TechnologyDelivers Two Important Security Requirements

• OSB messages and data are encrypted as part of SSL communication

• Encrypted backups are not re-encrypted for transport

PROTECTS DATA WHILE IN TRANSIT

LAN

SSL decryption upon arrival

101010 101001

010101000 1010010101

Client

Media Server

Tape Library

NOTE: OSB embedded SSL benefits do not apply to NAS hosts

Page 21: Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23  Advanced Media and Device Management. 24 Media Management: Retention, Duplication

21

Host-based and Hardware Encryption Backup Encryption Per User-Policies

OSB Host-based Encryption:• Encryption performed on the

host• AES128, AES192 or AES256

algorithms

Seamless Encryption Key ManagementLTO-4 Tape Drive Encryption:

• Encryption performed by the LTO-4 tape drive

• AES256 algorithm• Backups from NAS hosts

may be encrypted

New In OSB 10.3

• Encryption policies defined at global, host, volume or backup level

• OSB Key generation: Transparent or passphrase

• Rekey frequency per user policy• Encryption keys stored centrally on

Administrative Server

Page 22: Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23  Advanced Media and Device Management. 24 Media Management: Retention, Duplication

22

Transient Backup Encryption

• Ideal for backups intended to be restored at alternate site or OSB domain

• Transient encrypted backups are one-off type backups• Configured as part of an immediate backup not backup schedule• User-defined passphrase generates encryption key for the backup job

which applies to all volumes in the set• Prior to restore within alternate OSB domain, tapes must first be

imported to update the OSB catalog• Passphrase input during restore decrypts backup

Site A Site B

Oracle Secure Backup Oracle Secure Backup

Decrypted

Page 23: Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23  Advanced Media and Device Management. 24 Media Management: Retention, Duplication

23

<Insert Picture Here>

Advanced Media and Device Management

Page 24: Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23  Advanced Media and Device Management. 24 Media Management: Retention, Duplication

24

Media Management:Retention, Duplication and Vaulting

• Tapes managed from first write to reuse based on user-defined media families, duplication and rotation policies

Page 25: Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23  Advanced Media and Device Management. 24 Media Management: Retention, Duplication

25

Tape ManagementAs Easy as 1,2,3,4,5….

Define tape pools, storage locations, policies and schedules:

Media Family(s)

11

Association: Map policy(s) to media family

44

Schedules: Vaulting, duplication

55

Policies: Vaulting, Duplication

33

Storage* Location(s)

22

*OSB automatically defines active locations(tape devices) for all configured devices.

Page 26: Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23  Advanced Media and Device Management. 24 Media Management: Retention, Duplication

26

Rotation and Duplication Policies Automates Rotation of Tapes Between Locations

Media Family

Rotation Policy• Tapes are moved between

locations based on rotation policy• Defines which locations the tapes will

reside and duration at each location• Trigger for when tapes eligible to move

Duplication Policy• Defines which media family

duplicate will use (same or different from original tapes)

• # of duplicate copies needed• Trigger for when tapes eligible for

duplicationOptional: Associate a rotation and / or duplication policy to a media family

Page 27: Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23  Advanced Media and Device Management. 24 Media Management: Retention, Duplication

27

Vaulting and Duplication Scan Schedules Rotates or Duplicates Eligible Tapes Per Policy

Schedules: • Each schedule has

associated trigger

• Scans OSB catalog identifying eligible tapes for rotation or duplication per respective policies

• Multiple schedules may used with each designing different locations

Trigger(s) Defined Per Schedule

This example includes 3 triggers.

Page 28: Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23  Advanced Media and Device Management. 24 Media Management: Retention, Duplication

28

Vaulting Scan ScheduleIdentifies Tapes by Location and Media Family

Vaulting schedules may be defined:

• Globally• Per location• By media family (new in OSB 10.3)

Media Family

Locations

Storage or Active

Based on vaulting schedule triggers, OSB scans the catalog to determine which tapes are eligible for rotation per the user-defined rotation policy.

Page 29: Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23  Advanced Media and Device Management. 24 Media Management: Retention, Duplication

29

Managing Tape Vaulting

• Vaulting scan generates a media movement job• “Vault Now”, one-off scan outside of regular schedule – New in OSB 10.3• Based on triggers associated with Vaulting Scan Schedules

• Media Movement job includes all tapes eligible for rotation per policy• This job can run automatically or have pending status until run by user• Each media movement job has associated pick and distribution report

• Reporting• Pick and distribution reports• Location, schedule and exception reports• “In transit” and “missing” (as marked by user) reports – New in OSB 10.3

Page 30: Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23  Advanced Media and Device Management. 24 Media Management: Retention, Duplication

30

Automated Tape Duplication

• Tape duplication may occur per policy or on one-off, on-demand basis• Migrate option copies the tape then deletes the original

• Commonly used to reclaim space on VTL for backup jobs• Seamlessly restore from original or duplicate tape

• OSB will automatically choose tape in closest physical proximity• Original and duplicate tapes uniquely identified within OSB catalog• Duplicate tapes may have the same or different retention and rotation

schedule

Original : “X”Media Family

Duplicate –“X” Media Family

Duplicate –“Y” Media Family

Page 31: Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23  Advanced Media and Device Management. 24 Media Management: Retention, Duplication

31

Server-less Tape Duplication

• Increased duplication performance

• Eliminates data movement through media server

• OSB catalog updated with metadata of duplicate tape

• VTL must support NDMP tape copy functionality

Traditional Tape Duplication

Server-less Tape Duplication

Media Server

Administrative Server

VTL

Physical Tape Library

Duplicated backup data

Metadata, control messages

New In OSB 10.3

Media Server

VTL

Physical Tape Library

Page 32: Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23  Advanced Media and Device Management. 24 Media Management: Retention, Duplication

32

Policy-Based Media Management…In Action

• Tapes duplicated to another media family may have different retention and rotation schedule than original tape

5-Week Tape Retention

2-Year Tape Retention

Page 33: Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23  Advanced Media and Device Management. 24 Media Management: Retention, Duplication

33

<Insert Picture Here>

Summary:

Enterprise Data Protection

Multi-faceted Security

Advanced Media Management

Page 34: Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23  Advanced Media and Device Management. 24 Media Management: Retention, Duplication

34

• Reliable, built-in integration with Oracle

• 25 – 40% faster Oracle database backup to tape

• Data protection for your entire IT environment

• Advanced policy-based data protection management

• 75%+ less expensive than comparable products

Why Oracle Secure Backup? — Top 5 Reasons

11

22

33

44

55

Page 35: Oracle Secure Backup · Oracle Secure Backup Oracle Secure Backup Decrypted. 23  Advanced Media and Device Management. 24 Media Management: Retention, Duplication

35