Oracle Secure Backup (OSB) is an enterprise data protection solution from Oracle that provides centralized backup management for heterogeneous file systems, Network Attached Storage (NAS), and Oracle databases. The latest version is 19.1, released in 2024.
Oracle Secure Backup (OSB) is not an appliance
hardware – it’s a software product.
What
Is Oracle Secure Backup?
Oracle Secure Backup is a centralized network-based
backup management application that provides scalable and distributed backup and
recovery capabilities.
- It
facilitates backup of Oracle Databases and file system data
across heterogeneous network operating systems, such as Linux,
Solaris, HP-UX, AIX and Windows.
- It
supports many leading tape library and tape drive in
the industry.
- It
provides data protection from malware, ransomware, and data loss, for
example physical hardware loss or accidental deletion by offering
scheduled and configurable file system and Recovery Manager
(RMAN) backups to cloud storage, disk pools, and tape libraries.
- It
supports Internet Protocol v4 (IPv4), Internet Protocol v6 (IPv6) and
mixed IPv4/IPv6 environments.
- It
works with FC-SCSI and SCSI attached devices
on SAN and Gigabit Ethernet (GbE) networks.
Oracle Cloud Infrastructure allows users to store huge
volumes of backup data and run Oracle Secure Backup on compute
instances. You can use disk pools to provide fast backups to disk that can
be staged to backup to tape.
Oracle
Secure Backup Features
Oracle Secure Backup provides the following features:
- Integration
with other Oracle products thus enabling you to easily backup and restore
both Oracle Databases and file-system data to tape
Oracle Secure Backup is fully integrated with Recovery
Manager (RMAN) and Oracle Enterprise Manager. You can use Oracle Enterprise
Manager to backup both file-system data and Oracle Databases to tape.
Oracle Secure Backup serves as a media management layer,
through the System Backup to Tape (SBT) interface, to securely backup Oracle
Databases using RMAN.
- Support
for disk pools and a wide range of tape drives and libraries that are
accessible through various protocols such as SCSI, ISCSI, SAN, NDMP, and
Fibre Channel
- Centralized
tape backup management
Oracle Secure Backup enables centralized backup management
of diverse distributed servers and multiple platforms including UNIX, Linux,
Windows, and SAN. It can backup and restore locally or over a LAN/WAN.
- Policy-based
backup management
Oracle Secure Backup provides customizable administrative
policies that enable you to control backup operations in the administrative
domain. Policies also enable you to control aspects of domain security.
- Flexible
interface options that provide maximum ease of use
Oracle Secure Backup functionality can be accessed using any
of the following interfaces: Oracle Secure Backup Web Tool, Oracle Enterprise
Manager DB Control, Oracle Enterprise Manager Cloud Control,
or obtool command-line interface.
- Maximum
security options for data and inter-host communication
Inter-domain communication is secured using the Secure
Socket Layer (SSL) protocol. All hosts in the Oracle Secure Backup
administrative domain are identified and authenticated using SSL and X.509
certificates. Data transmission within the administrative domain is secured
using encryption. You can also encrypt Oracle Database backups before they are
stored to tape.
- Automated
device discovery
Oracle Secure Backup can automatically discover and
configure each secondary storage device connected to certain types of NDMP
servers, such as a Network Appliance filer. It can also discover devices
connected to the Oracle Secure Backup media servers.
- Automated
tape library and device management that includes automated control of tape
libraries
Oracle Secure Backup automates the management of tape
libraries to ensure efficient and reliable use of their capabilities. It
controls library robotics and enables automatic loading and unloading of
volumes. It can also automatically clean tape drives in a tape library.
- Automated
media management that includes volume and backup expiration
Oracle Secure Backup enables automatic tape recycling by
specifying when volumes can be recycled. You create policies to define when
volumes are eligible to be recycled or rewritten.
- Flexible,
multi-level, backup options
Oracle Secure Backup enables you to create full,
incremental, and differential backups.
- Flexible
options for restoring backups
Oracle Secure Backup enables you to restores backup data
stored on tapes either to the original location or to an alternative server.
Architecture:
Data protection is arguably one of the most critical and
daunting tasks facing IT organizations.
Ransomware threats make it necessary to store backups on
immutable storage, so they can't be deleted or altered until they expire.
Managing data protection of heterogeneous servers spread
across data centers and remote offices, based on private, hybrid or public
cloud requires a unified solution addressing the complexities of distributed
environments consisting of both database and file system data.
With a highly scalable client-server architecture, Oracle Secure
Backup (OSB) delivers centralized cloud, disk, and tape backup management
for the entire IT environment.
Oracle Secure Backup 19.1 supports:
NEW: OCI Object Storage buckets with retention rules for
immutability or ransomware protection or regulatory compliance
NEW: Client Direct to Cloud backup and restore
operations, removing media servers from the critical data path
Easy deployment in OCI via Marketplace image and
Ansible playbooks
Oracle database integration with Recovery Manager
(RMAN) supporting versions Oracle Database 11g Release 2 to Oracle Database
23ai
OCI object storage, all tiers (standard, infrequent
access, archive)
Cloud Storage and Archive support on the Oracle Cloud
Infrastructure to protect your cloud environment or to store your backups
off-site.
Enhanced “copy instance” for migrating long-term
retention tape backups to OCI object storage
Automated, policy-based staging for easy
Disk-to-Disk-to-Cloud and Disk-to-Disk-to-Tape backups.
Functionality:
While comparable products separately license advanced
features, number and size of servers and database integration, Oracle Secure
Backup does not!
Oracle Secure Backup delivers comprehensive data protection
management with enterprise-class features and Oracle database integration in
one single solution with a simple licensing scheme based only on the number of
utilized streams.
Why utilize Oracle Secure Backup?
Enterprise data protection for your entire IT
environment—Protects heterogeneous file systems, OCI Compute Instances,
NAS devices and built-in integration with the Oracle database on-premises and
in the cloud.
Cloud Storage support—Provides protection of
cloud environments or to implement tape-less vaulting.
Ransomware protection — Creates immutable
backups in OCI Object Storage buckets with retention policies (WORM buckets)
Faster Cloud backup and restore operations — No
need to have media servers, that can become bottlenecks and single points of
failure, in the data path between the client and the cloud. With Client Direct
to Cloud each client can directly access cloud storage.
Policy-driven media lifecycle management -
Automates backup retention on disk, tape or cloud as well as backup image
duplication and vaulting.
Staging—Simplify data movement between
different storage technologies for simple and automated Disk-to-Disk-to-Tape
and Disk-to-Disk-to-Cloud backups.
Backup encryption—Secures backup data and
provides policy-based backup encryption key management.
Cost effective—Reduces licensing and associated
ongoing maintenance costs by about 75% over comparable products.
MAA Validated for Exadata—Simplifies Exadata data
protection using an Oracle Maximum Availability Architecture (MAA) Development
team tested and validated tape backup solution.
Oracle Integrated—Optimized backup to disk performance
when using the ZFS Storage Appliance as an Oracle Secure Backup disk pool.
To install and configure OSB in tour
production env this is important to review compatibility Matrix:
Secure Backup 19.1 - Tape Device Compatibility Matrix:
https://www.oracle.com/technetwork/database/availability/documentation/device-matrixosb19-1-20240515-11883487.pdf
About Tape Devices
Oracle Secure Backup maintains information about each tape
library and tape drive so that you can use them for local and network backup
and restore operations. You can configure tape devices during installation or
add a new tape device to an existing administrative domain. When configuring
tape devices, the basic task is to inform Oracle Secure Backup about the
existence of a tape device and then specify which media server can communicate
with this tape device.
About Backups in Immutable Buckets
Oracle Secure Backup supports the immutable buckets
feature provided by Oracle Cloud Infrastructure. This feature
enables Oracle Secure Backup to store backups in Oracle Cloud
Infrastructure object storage and archive storage but prevents any
modification or deletion of data.
Oracle Cloud Infrastructure provides different types of
retention rules to safeguard the data in immutable buckets for a specified
duration. When you configure retention rule for a bucket, it applies to all the
objects within the bucket.
Retention Rules
For your backup data, Oracle Secure Backup helps
you create and manage the following retention rules of Oracle Cloud
Infrastructure:
- Compliance
rule: These rules define the duration how long a particular bucket stores
an object. During this period, you can access and read the data multiple
times but cannot modify or delete them. If an object has multiple
compliance rules, then the object storage considers the rule with the
longest time period. The retention rule also depends on the last
modification time stamp of the object.
For example, an object storage bucket has three objects, A,
B, and C that are either uploaded or last modified 3 months, 6 months, and 1
year ago respectively.
- If
you create a compliance rule on the bucket for 9 months duration, then
the objects A and B becomes immutable immediately but object C can be
modified or deleted.
- If
you change the retention duration on the bucket to 2 years, then all
three objects become immutable. The object C becomes mutable after
another year, object B becomes mutable after 1 year and 6 months, and
object A becomes mutable after 1 year and 9 months.
Oracle Cloud Infrastructure provides an option to apply
locks to these time-based retention rules. When a retention rule is locked, you
can increase the retention time but cannot decrease it or delete the rule. To
delete the rule, all objects in the object storage bucket must be mutable and
the bucket must be deleted.
Note: You can delete an object storage bucket only if it is
empty.
- Legal
hold: These rules indicate any regulatory obligation to retain a backup. A
legal hold has no time period associated with it.
If a backup data in an immutable bucket has a compliance
rule and you apply legal hold to it, then the legal hold takes precedence.
As a result, the data remains in the object storage beyond
the time period specified in the compliance rule. The compliance rule comes
into effect only after the legal hold on that bucket is removed. You cannot
apply locks on a legal hold.
Using Oracle Secure Backup, you can create one
time-based compliance rule and one legal hold rule for a bucket in Oracle
Cloud Infrastructure object storage.
Note: To manage rules from Oracle Secure Backup, ensure
that you create them using Oracle Secure Backup. You cannot
use Oracle Secure Backup to modify or delete rules that were created
using other sources, such as the Oracle Cloud Infrastructure console.
Overview of Backup and Media Settings Configuration
To begin managing your file-system and Oracle Database
backups, install Oracle Secure Backup on your host (expect NDMP servers and NAS
filers) and then configure your administrative domain.
After the administrative domain is configured, the storage
devices are available to store backups.
You can perform additional configuration that enables you to
manage your storage media. Configuring media families enables you to assign
common characteristics to a set of tape volumes or disk pools.
A media family is a named classification of volume sets that
share certain common attributes. Use media families to logically group volumes
or volume sets. They ensure that volumes created at different times share
common characteristics.
Oracle Secure Backup provides policy-based media management
for Oracle Database backups through the use of database backup storage
selector. A database backup storage selector specifies the parts of the
database that need to be backed up, the media family that must be used for this
backup, and the devices that can be used to store the backed-up data.
Oracle Secure Backup automatically uses the storage
selections defined within a database backup storage selector while backing up
an Oracle Database.
You can override the storage selections for one-time backup
operations by defining alternate media management parameters in the RMAN backup
script.
Overview of Backup Encryption
Data is vital to an organization and it must be guarded
against malicious intent while it is in an active state, on production servers,
or in preserved state, on backup tapes. Data center security policies enable
you to restrict physical access to active data. To ensure security of backup
data stored on tapes, Oracle Secure Backup provides backup encryption.
You can encrypt data at the global level, client level, and
job level by setting appropriate encryption policies. You can select the
required algorithm and encryption options to complete the encryption process.
Types of Backup Encryption:
Oracle Secure Backup enables you to perform the following
types of encryptions:
- Software
encryption
Software encryption is supported for hosts that have the
Oracle Secure Backup software installed. It is not supported for NDMP hosts or
NAS filers. The data that is backed up is encrypted before it is sent over the
network to the backup storage media.
When you use software encryption for a backup, all backup
image instances associated with this backup are encrypted. If software
encryption is not enabled at the time the backup is created, you can encrypt a
backup image instance created using the original unencrypted backup if this
backup image instance is being stored in a tape device that supports hardware
encryption.
·
Hardware encryption
Hardware encryption is supported only for tape devices that
support encryption such as the LTO5 tape drive. The tape device hardware
performs the required data encryption.
If a backup that uses hardware encryption is copied to a
disk pool, the backup image instance on the disk pool is unencrypted. However,
if a backup is created using software encryption, you cannot use hardware
encryption for backup image instances created using this backup.
Disaster Recovery of Oracle Secure Backup Administrative
Data
To guard against the loss of data on a computer used to make
backups, Oracle Secure Backup protects its own catalog and settings
data. Without this metadata the backups that Oracle Secure Backup has made are
just so many assorted tapes. If the real-time Oracle Secure Backup catalog data
is lost, then you can use the metadata from an Oracle Secure Backup catalog
backup to restore Oracle Secure Backup to the state that it was in at the time
of its last catalog backup.
Data which defines an Oracle Secure Backup administrative
domain resides on the administrative host in
the $OSB_HOME/admin directory and usr/etc/ob directory.
During an Oracle Secure Backup installation, a dataset description file OSB-CATALOG-DS is
automatically generated to back up these critical directories. Ideally, you
must perform a backup of these directories daily, after completing all other
backups so that the latest state of the administrative host can be captured for
restore, in case of a hardware failure on the administrative host.
Oracle Secure Backup catalog recovery protects only the
catalog and settings on an administrative server. The operating system and
other installed software are not automatically backed up.
About Staging
Staging lets you store one or more backup image instances in
a container in preparation for automatically copying or moving the backup image
instances to another container.
For Oracle Secure Backup, the staging container can be a
disk pool or a cloud device. In a typical staging scenario, the backup instance
would be moved from a disk pool to a tape drive.
Staging can involve multiple backup image instances and can
be configured to run at scheduled times and based on certain conditions.
Examples of conditions include the size of a set of backup images, the client
hosts in the backup, and database information. Staging can also be done
on-demand.
Benefits of Staging:
- Disks
have much faster random access of backup files than tapes. Tapes can be
moved offsite for long-term storage. Staging allows a backup to be
automatically contained on both disk and tape, thus allowing both fast
restores and the benefits of being on tape.
- Staging
allows the use of multiple streams, in parallel, during backup and restore
operations. In the case of backups, the data is copied to a single tape
drive at a later time.
- Staging
can minimize the stop-and-reposition issue that occurs when slow clients
are backed up to tape because when staging is used, slow clients can be
concurrently backed up to a disk pool and then copied to tape in a single
high-speed data stream.
- Staging
allows backup instances to remain on disk after they are also written to
tape. Each instance can have a different expiration time so the backup
could remain on the disk to restore more quickly while also being on tape
for long term protection.
- Staging
can be used to create additional copies of backup image instances at an
offsite location using a remote Oracle Secure Backup media server to
provide additional data protection through redundancy.
Oracle Secure Backup Interfaces
There are four different interfaces for accessing different
elements of Oracle Secure Backup:
- The obtool command
line utility provides the fundamental interface for Oracle Secure Backup
functions, including configuration, media handling, and backup and restore
of file-system files.
- Oracle
Enterprise Manager (OEM) offers access to most Oracle Secure Backup
functions available through obtool as part of its Cloud Control
interface.
- RMAN command-line client: Used specifically for
configuring and performing Oracle database backup and restore
operations.
- Oracle
Secure Backup includes its own Web-based interface, called the Oracle
Secure Backup Web tool, which exposes all functions
of obtool.
- The
Oracle Secure Backup Web tool is primarily intended for use in situations
where Oracle Secure Backup is being used independently of an Oracle
Database instance. It does not provide access to database backup and
recovery functions.
The Oracle Secure Backup Web tool supports Internet Protocol
v4 (IPv4), Internet Protocol v6 (IPv6), and mixed IPv4/IPv6 environments on all
platforms that support IPv6.
- Backup
and restore operations for Oracle Database instances and configuration of
the Oracle Secure Backup media management layer are performed through the
RMAN command-line client or through Oracle Enterprise Manager.
·
Oracle
Secure Backup documentation focuses on the use of Enterprise Manager wherever
possible, and describes the Oracle Secure Backup Web Tool only when there is no
equivalent functionality in Enterprise Manager, as in a file-system
backup.
A Comparison Between OSB,
ZDLRA, EXADATA
Oracle
Secure Backup (OSB):
- Type:
Software (downloadable, runs on servers).
- Purpose:
Tape backup management — backs up Oracle databases (via RMAN) and file
systems to tape libraries.
- Scope:
Used if you need tape backup or offsite archival.
- Relation:
Can be used with Exadata or any Oracle DB server, and can back them
up to tape.
- Usually
not tied to ZDLRA, but can complement it for long-term retention to
tape.
https://edelivery.oracle.com
Oracle
Zero Data Loss Recovery Appliance (ZDLRA):
- Type:
Hardware appliance (like Exadata but optimized for backup).
- Purpose:
Continuous protection + centralized backup appliance for Oracle DB.
- Features:
- RMAN-integrated.
- Real-time
redo transport (zero-data-loss).
- Automates
backup validation, offloads backup I/O from production DB.
- Relation
with OSB:
- ZDLRA
is disk-based, not tape.
- If
you need tape archival from ZDLRA → you use OSB as the tape
management software.
- So
OSB can extend ZDLRA backups to tape for long-term storage.
- Type:
Hardware appliance (database machine).
- Purpose:
High-performance database platform (OLTP + DW + mixed workloads).
- Relation
with OSB & ZDLRA:
- Exadata
is the production database platform.
- Exadata
databases can back up directly to tape using OSB, or to ZDLRA for
continuous protection.
- Often:
Exadata (DB workloads) → ZDLRA (disk-based backup/redo capture) → OSB
(tape archival).
To Setup and configuration and many other notes about OSB
visit:
https://docs.oracle.com/en/database/oracle/secure-backup/19/obins/index.htm
No comments:
Post a Comment