Skip Headers
Oracle® Secure Backup Installation and Configuration Guide
Release 10.4

Part Number E21477-05
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

Glossary

active location

A location in a tape library or tape drive.

administrative domain

A group of computers on your network that you manage as a common unit to perform backup and restore operations. An administrative domain must include one and only one administrative server. It can include the following:

  • One or more clients

  • One or more media servers

An administrative domain can consist of a single host that assumes the roles of administrative server, media server, and client.

administrative server

The host that stores configuration information and catalog files for hosts in the administrative domain. There must be one and only one administrative server for each administrative domain. One administrative server can service all clients on your network. The administrative server runs the scheduler, which starts and monitors backups within the administrative domain.

Apache Web server

A public-domain Web server used by the Oracle Secure Backup Web tool.

attachment

The physical or logical connection (the path in which data travels) of a tape device to a host in the administrative domain.

automated certificate provisioning mode

A mode of certificate management in which the Certification Authority (CA) signs and then transfers identity certificates to hosts over the network. This mode of issuing certificates is vulnerable to a possible, although extremely unlikely, man-in-the-middle attack. Automated mode contrasts with manual certificate provisioning mode.

backup encryption

The process of obscuring backup data so that it is unusable unless decrypted. Data can be encrypted at rest, in transit, or both.

backup ID

An integer that uniquely identifies a backup section.

backup image

The product of a backup operation. A single backup image can span multiple volumes in a volume set. The part of a backup image that fits on a single volume is called a backup section.

backup image file

The logical container of a backup image. A backup image consists of one file. One backup image consists of one or more backup sections.

backup job

A backup that is eligible for execution by the Oracle Secure Backup scheduler. A backup job contrasts with a backup request, which is an on-demand backup that has not yet been forwarded to the scheduler with the backup --go command.

backup level

The level of an incremental backup of file-system data. Oracle Secure Backup supports 9 different incremental backup levels for file-system backup.

backup piece

A backup file generated by Recovery Manager (RMAN). A backup piece is stored in a logical container called a backup set.

backup request

An on-demand backup that is held locally in obtool until you run the backup command with the --go option. At this point Oracle Secure Backup forwards the requests to the scheduler, at which time each backup request becomes a backup job and is eligible to run.

backup schedule

A description of when and how often Oracle Secure Backup should back up the files specified by a dataset. The backup schedule contains the names of each dataset file and the name of the media family to use. The part of the schedule called the trigger defines the days and times when the backups should occur. In obtool, you create a backup schedule with the mksched command.

backup section

A portion of an backup image file that exists on a single tape. One backup image can contain one or more backup sections. Each backup section is uniquely identified by a backup ID.

backup transcript

A file that contains the standard output from a particular backup dispatched by the Oracle Secure Backup scheduler.

backup window

A time frame in which a backup operation can be run.

barcode

A symbol code, also called a tag, that is physically applied to a volume for identification purposes. Oracle Secure Backup supports the use of tape libraries that have an automated means to read barcodes.

blocking factor

The number of 512-byte blocks to include in each block of data written to each tape drive. By default, Oracle Secure Backup writes 64K blocks to tape, which is a blocking factor of 128. Because higher blocking factors usually result in better performance, you can try a blocking factor larger than the obtar default. If you pick a value larger than is supported by the operating system of the server, then Oracle Secure Backup fails with an error.

catalog

A repository that records backups in an Oracle Secure Backup administrative domain. You can use the Oracle Secure Backup Web tool or obtool to browse the catalog and determine what files you have backed up. The catalog is stored on the administrative server.

certificate

A digitally signed statement from a Certification Authority (CA) stating that the public key (and possibly other information) of another entity has a value. The X.509 standard specifies the format of a certificate and the type of information contained in it: certificate version, serial number, algorithm ID, issuer, validity, subject, subject public key information, and extensions such as key usage (signing, encrypting, and so on). A variety of methods are used to encode, identify, and store the certificate.

Certification Authority (CA)

An authority in a network that performs the function of binding a public key pair to an identity. The CA certifies the binding by digitally signing a certificate that contains a representation of the identity and a corresponding public key. The administrative server is the CA for an Oracle Secure Backup administrative domain.

Certificate Revocation List (CRL)

A list used in a public key infrastructure that enumerates the revoked certificates maintained by the Certification Authority (CA).

class

A named set of rights for Oracle Secure Backup users. A class can have multiple users, but each user can belong to one and only one class.

client

Any computer or server whose files Oracle Secure Backup backs up or restores.

content-managed expiration policy

A volume with this type of expiration policy expires when every backup piece on the volume is marked as deleted. You can make Recovery Manager (RMAN) backups, but not file-system backups, to content-managed volumes. You can use RMAN to delete a backup piece.

cryptographic hash function

A one-way function that accepts a message as input and produces an encrypted string called a "hash" or "message digest" as output. Given the hash, it is computationally infeasible to retrieve the input. MD5 and SHA-1 are commonly used cryptographic hash functions.

cumulative incremental backup

A type of incremental backup in which Oracle Secure Backup copies only data that has changed at a lower backup level. For example, a level 3 incremental backup copies only that data that has changed since the most recent backup that is level 2 or lower.

daemons

Background processes that are assigned a task by Oracle Secure Backup during the execution of backup and restore operations. Some daemons run continually and others are started and stopped as required.

data management application (DMA)

An application that controls a backup or restore operation over the Network Data Management Protocol (NDMP) through connections to a data service and tape service. The DMA is the session master, whereas the NDMP services are the slaves. In an Oracle Secure Backup administrative domain, obtar is an example of a DMA.

data service

An application that runs on a client and provides Network Data Management Protocol (NDMP) access to database and file-system data on the primary storage system.

data transfer element (DTE)

A secondary storage device within a tape library. In tape libraries that contain multiple tape drives, data transfer elements are sequentially numbered starting with 1.

database backup storage selector

An Oracle Secure Backup configuration object that specifies characteristics of Recovery Manager (RMAN) SBT backups. The storage selector act as a layer between RMAN, which accesses the database, and the Oracle Secure Backup software, which manages the backup media.

dataset

The contents of a file-system backup. A dataset file describes a dataset. For example, you could create the dataset file my_data.ds to describe a dataset that includes the /home directory on host brhost2.

dataset directory

A directory that contains at least one dataset file. The directory groups dataset files as a set for common reference.

dataset file

A text file that describes a dataset. The Oracle Secure Backup dataset language provides a text-based means to define file-system data to back up.

defaults and policies

A set of configuration data that specifies how Oracle Secure Backup runs in an administrative domain.

device discovery

The process by which Oracle Secure Backup automatically detects devices accessed through Network Data Management Protocol (NDMP) and configuration changes for such devices.

attach point

A file name in the /dev file system on UNIX or Linux that represents a hardware tape device. A attach point does not specify data on disk, but identifies a hardware unit and the device driver that handles it. The inode of the file contains the device number, permissions, and ownership data. An attachment consists of a host name and the attach point name by which that device is accessed by Oracle Secure Backup.

differential incremental backup

A type of incremental backup in which Oracle Secure Backup copies only data that has changed at the same or lower backup level. This backup is also called a level 10 backup. Oracle Secure Backup does not support the level 10 backup on some platforms, including Network Attached Storage (NAS) devices such as a Network Appliance filer.

digital signature

A set of bits computed by an Certification Authority (CA) to signify the validity of specified data. The algorithm for computing the signature makes it difficult to alter the data without invalidating the signature.

domain

A group of computers and devices on a network that are administered as a unit with common rules and procedures. Within the internet, domains are defined by the IP address. All devices sharing a common part of the IP address are said to be in the same domain.

error rate

The number of recovered write errors divided by the total blocks written, multiplied by 100.

expiration policy

The means by which Oracle Secure Backup determines how a volume in a media family expires, that is, when they are eligible to be overwritten. A media family can either have a content-managed expiration policy or time-managed expiration policy.

Fiber Distributed Data Interface (FDDI)

A set of ANSI protocols for sending digital data over fiber optic cable. FDDI networks are token-passing networks, and support data rates of up to 100 Mbps. FDDI networks are typically used as backbones for wide-area networks.

Fibre Channel

A protocol used primarily among devices in a Storage Area Network (SAN).

file-system backup

A backup of files on the file system initiated by Oracle Secure Backup. A file-system backup is distinct from a Recovery Manager (RMAN) backup made through the Oracle Secure Backup SBT interface.

filer

A network-attached appliance that is used for data storage.

firewall

A system designed to prevent unauthorized access to or from a private network.

full backup

An operation that backs up all of the files selected on a client. Unlike in an incremental backup, files are backed up whether they have changed since the last backup or not.

heterogeneous network

A network made up of a multitude of computers, operating systems, and applications of different types from different vendors.

host authentication

The initialization phase of a connection between two hosts in the administrative domain. After the hosts authenticate themselves to each other with identity certificates, communications between the hosts are encrypted by Secure Sockets Layer (SSL). Almost all connections are two-way authenticated; exceptions include initial host invitation to join a domain and interaction with hosts that use NDMP access mode.

identity certificate

An X.509 certificate signed by the Certification Authority (CA) that uniquely identifies a host in an Oracle Secure Backup administrative domain.

incremental backup

An operation that backs up only the files on a client that changed after a previous backup. Oracle Secure Backup supports 9 different incremental backup levels for file-system backups. A cumulative incremental backup copies only data that changed since the most recent backup at a lower level. A differential incremental backup, which is equivalent to a level 10 backup, copies data that changed since an incremental backup at the same or lower level.

An incremental backup contrasts with a full backup, which always backs up all files regardless of when they last changed. A full backup is equivalent to an incremental backup at level 0.

job list

A catalog created and maintained by Oracle Secure Backup that describes past, current, and pending backup jobs.

job summary

A text file report produced by Oracle Secure Backup that describes the status of selected backup and restore jobs. Oracle Secure Backup generates the report according to a user-specified job summary schedule.

job summary schedule

A user-defined schedule for generating job summaries. You create job summary schedules with the mksum command in obtool.

location

A location is a place where a volume physically resides; it might be the name of a tape library, a data center, or an off-site storage facility.

logical unit number

Part of the unique identifier of a tape device. See Oracle Secure Backup logical unit number and SCSI LUN.

manual certificate provisioning mode

A mode of certificate management in which you must manually export the signed identity certificate for a host from the administrative server, transfer it to the host, and manually import the certificate into the wallet of the host. Unlike automated certificate provisioning mode, this mode is not vulnerable to a possible (if extremely unlikely) man-in-the-middle attack.

media family

A named classification of backup volumes that share the same volume sequence file, expiration policy, and write window.

media server

A computer or server that has at least one tape device connected to it. A media server is responsible for transferring data to or from the devices that are attached to it.

native access mode

A synonym for primary access mode.

NDMP access mode

The mode of access for a filer or other host that uses Network Data Management Protocol (NDMP) for communications within the administrative domain. NDMP access mode contrasts with primary access mode, which uses the Oracle Secure Backup network protocol. Oracle Secure Backup uses NDMP for data transfer among hosts regardless of whether a host is accessed through the primary or NDMP access modes.

Network Attached Storage (NAS)

A NAS server is a computer on a network that hosts file systems. The server exposes the file systems to its clients through one or more standard protocols, most commonly Network File System (NFS) and CIFS.

Network Data Management Protocol (NDMP)

An open standard protocol that defines a common architecture for backups of heterogeneous file servers on a network. This protocol allows the creation of a common agent used by the central backup application, called a data management application (DMA), to back up servers running different operating systems. With NDMP, network congestion is minimized because the data path and control path are separated. Backup can occur locally—from a file server direct to a tape drive—while management can occur centrally.

network description file

A text file that lists the hosts in your network on which Oracle Secure Backup should be installed. For each host, you can identify the Oracle Secure Backup installation type, the host name, and each tape drive attached. The install subdirectory in the Oracle Secure Backup home includes a sample network description file named obndf.

Network File System (NFS)

A client/server application that gives all network users access to shared files stored on computers of different types. NFS provides access to shared files through an interface called the Virtual File System (VFS) that runs on top of TCP/IP. Users can manipulate shared files as if they were stored on local disk. With NFS, computers connected to a network operate as clients while accessing remote files, and as servers while providing remote users access to local shared files. The NFS standards are publicly available and widely used.

OB access mode

A synonym for primary access mode.

obfuscated wallet

A wallet whose data is scrambled into a form that is extremely difficult to read if the scrambling algorithm is unknown. The wallet is read-only and is not protected by a password. An obfuscated wallet supports single sign-on (SSO).

obtar

The underlying engine of Oracle Secure Backup that moves data to and from tape. obtar is a descendent of the original Berkeley UNIX tar(2) command.Although obtar is typically not accessed directly, you can use it to back up and restore files or directories specified on the command line. obtar enables the use of features not exposed through obtool or the Web tool.

obtool

The principal command-line interface to Oracle Secure Backup. You can use this tool to perform all Oracle Secure Backup configuration, backup and restore, maintenance, and monitoring operations. The obtool utility is an alternative to the Oracle Secure Backup Web tool.

offsite backup

A backup that is equivalent to a full backup except that it does not affect the full or incremental backup schedule. An offsite backup is useful when you want to create an backup image for offsite storage without disturbing your incremental backup schedule.

on-demand backup

A file-system backup initiated through the backup command in obtool or the Oracle Secure Backup Web tool. The backup is one-time-only and either runs immediately or at a specified time in the future. An on-demand backup contrasts with a scheduled backup, which is initiated by the Oracle Secure Backup scheduler.

operator

A person whose duties include backup operations, backup schedule management, tape swaps, and error checking.

Oracle Secure Backup home

The directory in which the Oracle Secure Backup software is installed. The Oracle Secure Backup home is typically /usr/local/oracle/backup on UNIX/Linux and C:\Program Files\Oracle\Backup on Windows. This directory contains binaries and configuration files. The contents of the directory differ depending on which role is assigned to the host within the administrative domain.

Oracle Secure Backup logical unit number

A number between 0 and 31 used to generate unique attach point names during device configuration (for example, /dev/obt0, /dev/obt1, and so on). Although it is not a requirement, unit numbers typically start at 0 and increment for each additional device of a given type, whether tape library or tape drive.

The Oracle Secure Backup logical unit number is part of the name of the attach point. Do not confuse it with SCSI LUN, which is part of the hardware address of the device.

Oracle Secure Backup user

An account defined within an Oracle Secure Backup administrative domain. Oracle Secure Backup users exist in a separate namespace from operating system users.

overwrite

The process of replacing a file on your system by restoring a file that has the same file name.

originating location

A location where a volume was first written.

Preferred Network Interface (PNI)

The preferred network interface for transmitting data to be backed up or restored. A network can have multiple physical connections between a client and the server performing a backup or restore on behalf of that client. For example, a network can have both Ethernet and Fiber Distributed Data Interface (FDDI) connections between a pair of hosts. PNI enables you to specify, on a client-by-client basis, which of the server's network interfaces is preferred.

preauthorization

An optional attribute of an Oracle Secure Backup user. A preauthorization gives an operating system user access to specified Oracle Secure Backup resources.

primary access mode

The mode of access for a host that uses the Oracle Secure Backup network protocol for communications within the administrative domain. Oracle Secure Backup must be installed on hosts that use primary access mode. In contrast, hosts that use NDMP access mode do not require Oracle Secure Backup to be installed. Oracle Secure Backup uses Network Data Management Protocol (NDMP) for data transfer among hosts regardless of whether a host is accessed through the primary or NDMP access modes.

private key

A number that corresponds to a specific public key and is known only to the owner. Private and public keys exist in pairs in all public key cryptography systems. In a typical public key cryptosystem, such as RSA, a private key corresponds to exactly one public key. You can use private keys to compute signatures and decrypt data.

privileged backup

A file-system backup operation initiated with the --privileged option of the backup command. On UNIX and Linux systems, a privileged backup runs under the root user identity. On Windows systems, the backup runs under the same account (usually Local System) as the Oracle Secure Backup service on the Windows client.

public key

A number associated with a particular entity intended to be known by everyone who must have trusted interactions with this entity. A public key, which is used with a corresponding private key, can encrypt communication and verify signatures.

Recovery Manager (RMAN)

A utility supplied with Oracle Database used for database backup, restore, and recovery. RMAN is a separate application from Oracle Secure Backup. Unlike RMAN, you can use Oracle Secure Backup to back up any file on the file system—not just database files. Oracle Secure Backup includes an SBT interface that RMAN can use to back up database files directly to tape.

retention period

The length of time that data in a volume set is not eligible to be overwritten. The retention period is an attribute of a time-managed media family. The retention period begins at the write window close time. For example, if the write window for a media family is 7 days, then a retention period of 14 days indicates that the data is eligible to be overwritten 21 days from the first write to the first volume in the volume set.

rights

Privileges within the administrative domain that are assigned to a class. For example, the perform backup as self right is assigned to the operator class by default. Every Oracle Secure Backup user that belongs to a class is granted the rights associated with this class.

roles

The functions that hosts in your network can have during backup and restore operations. There are three roles in Oracle Secure Backup: administrative server, media server, and client. A host in your network can serve in any of these roles or any combination of them. For example, the administrative server can also be a client and media server.

SBT interface

A media management software library that Recovery Manager (RMAN) can use to back up to tertiary storage. An SBT interface conforms to a published API and is supplied by a media management vendor. Oracle Secure Backup includes an SBT interface for use with RMAN.

scheduled backup

A file-system backup that is scheduled through the mksched command in obtool or the Oracle Secure Backup Web tool (or is modified by the runjob command). A backup schedule describes which files should be backed up. A trigger defined in the schedule specifies when the backup job should run.

scheduler

A daemon (obscheduled) that runs on an administrative server and is responsible for managing all backup scheduling activities. The scheduler maintains a job list of backup job operations scheduled for execution.

service daemon

A daemon (observiced) that runs on each host in the administrative domain that communicates through primary access mode. The service daemon provides a wide variety of services, including certificate operations.

SCSI LUN

SCSI logical unit number. A 3-bit identifier used on a SCSI bus to distinguish between up to eight devices (logical units) with the same SCSI ID. Do not confuse with Oracle Secure Backup logical unit number

Secure Sockets Layer (SSL)

A cryptographic protocol that provides secure network communication. SSL provides endpoint authentication through a certificate. Data transmitted over SSL is protected from eavesdropping, tampering or message forgery, and replay attacks.

Small Computer System Interface (SCSI)

A parallel I/O bus and protocol that permits the connection of a variety of peripherals to host computers. Connection to the SCSI bus is achieved through a host adapter and a peripheral controller.

Storage Area Network (SAN)

A high-speed subnetwork of shared storage devices. A SAN is designed to assign data backup and restore functions to a secondary network so that they do not interfere with the functions and capabilities of the server.

storage device

A computer that contains disks for storing data.

storage element

A physical location within a tape library where a volume can be stored and retrieved by a tape library's robotic arm.

storage location

A location outside of a tape library or tape drive where a volume can be stored.

tape device

A tape drive or tape library identified by a user-defined device name.

tape drive

A tape device that reads and writes data stored on a tape. Tape drives are sequential-access, which means that they must read all preceding data to read any particular piece of data. The tape drives are accessible through various protocols, including Small Computer System Interface (SCSI) and Fibre Channel. A tape drive can exist standalone or in a tape library.

tape library

A medium changer that accepts Small Computer System Interface (SCSI) commands to move a volume from a storage element to a tape drive and back again.

tape service

A Network Data Management Protocol (NDMP) service that transfers data to and from secondary storage and allows the data management application (DMA) to manipulate and access secondary storage.

TCP/IP

Transmission Control Protocol/Internet Protocol. The suite of protocols used to connect hosts for transmitting data over networks.

three-way backup

The process of backing up an NDMP server that supports NDMP but does not have a locally attached backup device to another NDMP server that has an attached backup device. The backup is performed by sending the data through a TCP/IP connection to the NDMP server with the attached backup device. In this configuration, the NDMP data service exists on the NDMP server that contains the data to be backed up and the NDMP tape service exists on the NDMP server with the attached tape device.

time-managed expiration policy

A media family expiration policy in which every volume in a volume set can be overwritten when it reaches its volume expiration time. Oracle Secure Backup computes the volume expiration time by adding the volume creation time for the first volume in the set, the write window time, and the retention period.

For example, you set the write window for a media family to 7 days and the retention period to 14 days. Assume that Oracle Secure Backup first wrote to the first volume in the set on January 1 at noon and subsequently wrote data on 20 more volumes in the set. In this scenario, all 21 volumes in the set expire on January 22 at noon.

You can make a Recovery Manager (RMAN) backup or a file-system backup to a volume that use a time-managed expiration policy.

trigger

The part of a backup schedule that specifies the days and times at which the backups should occur.

trusted certificate

A certificate that is considered valid without validation testing. Trusted certificates build the foundation of the system of trust. Typically, they are certificates from a trusted Certification Authority (CA).

unprivileged backup

File-system backups created with the --unprivileged option of the backup command. When you create or modify an Oracle Secure Backup user, you associate operating system accounts with this user. Unprivileged backups of a host run under the operating system account associate with Oracle Secure Backup user who initiates the backup.

volume

A volume is a unit of media, such as an 8mm tape. A volume can contain multiple backup images.

volume creation time

The time at which Oracle Secure Backup wrote backup image file number 1 to a volume.

volume expiration time

The date and time on which a volume in a volume set expires. Oracle Secure Backup computes this time by adding the write window duration, if any, to the volume creation time for the first volume in the set, then adding the volume retention period.

For example, assume that a volume set belongs to a media family with a retention period of 14 days and a write window of 7 days. Assume that the volume creation time for the first volume in the set was January 1 at noon and that Oracle Secure Backup subsequently wrote data on 20 more volumes in the set. In this scenario, the volume expiration time for all 21 volumes in the set is January 22 at noon.

volume ID

A unique alphanumeric identifier assigned by Oracle Secure Backup to a volume when it was labeled. The volume ID usually includes the media family name of the volume, a dash, and a unique volume sequence number. For example, a volume ID in the RMAN-DEFAULT media family could be RMAN-DEFAULT-000002.

volume label

The first block of the first backup image on a volume. It contains the volume ID, the owner's name, the volume creation time, and other information.

volume sequence file

A file that contains a unique volume ID to assign when labeling a volume.

volume sequence number

A number recorded in the volume label that indicates the order of volumes in a volume set. The first volume in a set has sequence number 1. The volume ID for a volume usually includes the media family name of the volume, a dash, and a unique volume sequence number. For example, a volume ID for a volume in the RMAN-DEFAULT media family could be RMAN-DEFAULT-000002.

volume set

A group of volumes spanned by a backup image. The part of the backup image that fits on a single volume is a backup section.

volume tag

A field that is commonly used to hold the barcode identifier, also called a volume tag, for the volume. The volume tag is found in the volume label.

wallet

A password-protected encrypted file. An Oracle wallet is primarily designed to store X.509 certificates and their associated public key/private key pair. The contents of the wallet are only available after the wallet password has been supplied, although with an obfuscated wallet no password is required.

Web tool

The browser-based GUI that enables you to configure an administrative domain, manage backup and restore operations, and browse the backup catalog.

write window

The period for which a volume set remains open for updates, usually by appending an additional backup image. The write window opens at the volume creation time for the first volume in the set and closes after the write window period has elapsed. After the write window close time, Oracle Secure Backup does not allow further updates to the volume set until it expires (as determined by its expiration policy), or until it is relabeled, reused, unlabeled, or forcibly overwritten.

A write window is associated with a media family. All volume sets that are members of the media family remain open for updates for the same time period.

write window close time

The date and time that a volume set closes for updates. Oracle Secure Backup computes this time when it writes backup image file number 1 to the first volume in the set. If a volume set has a write window close time, then this information is located in the volume section of the volume label.

write window time

The length of time during which writing to a volume set is permitted.