This chapter provides an overview of the Oracle Secure Backup installation requirements.
This chapter contains these sections:
Before you can use Oracle Secure Backup to manage your data protection requirements, you must install Oracle Secure Backup on all hosts and then configure the administrative domain.
The Oracle Secure Backup software must be installed on all hosts, except NDMP hosts, in the administrative domain. The administrative domain consists of one administrative server, one or more media servers, and one or more clients. The software that you install on a host depends on the role assigned to the host in the administrative domain. During the installation, you can specify the role for which you want to install Oracle Secure Backup.
See Also:
Oracle Secure Backup Administrator's Guide for more information about the administrative domain
The Oracle Secure Backup installer determines if a host system has Oracle Secure Backup software installed or if it contains data from an earlier Oracle Secure Backup installation. If no Oracle Secure Backup software or data exists, then Oracle Secure Backup is installed. If Oracle Secure Backup software or data exists on the host, then depending on the release of the software or data, either an upgrade is performed or the installer exits.
See Also:
The directories containing Oracle Secure Backup data are protected by restricting access to these directories to only privileged users.
After the Oracle Secure Backup software is installed on all hosts in the administrative domain, you must configure the administrative domain. Configuring the administrative domain ensures that the administrative server has information about all the hosts and backup containers (tape devices and disk pools) that are part of the administrative domain.
Configuring Oracle Secure Backup includes the following tasks:
Adding each host to the administrative domain
Configuring backup containers that are attached to media servers
Oracle Secure Backup client backward compatibility provides compatibility and interoperability between a current Oracle Secure Backup version with its immediate previous release. For instance, 12.1 Oracle Secure Backup is backward compatible with 10.4.0.3 Oracle Secure Backup.
To use client backward compatibility, ensure that both your administrative server and media server have Oracle Secure Backup 12.1 installed. Only clients can use Oracle Secure Backup 10.4.0.3.
To facilitate backward compatibility on your Oracle Secure Backup domain, ensure to keep the following requirements in mind:
Client backward compatibility is only supported for Oracle Secure Backup versions 10.4.0.3 and 10.4.0.4. Oracle Secure Backup 10.4.0.1 and 10.4.0.2 versions are not supported.
Oracle Secure Backup 12.1 is not supported on Linux 32-bit platforms and Windows 32-bit platforms. All Linux 32-bit hosts and Windows 32-bit hosts using 10.4.0.2 or earlier versions of Oracle Secure Backup must be upgraded to Oracle Secure Backup versions 10.4.0.3 or 10.4.0.4, to be used in a 12.1 backup domain.
See Also:
"Supported Platforms and Tape Devices" for more information about platforms that support Oracle Secure Backup 12.1
Client backward compatibility provides a restricted level of functionality for the Oracle Secure Backup 10.4.0.3 client. It is recommended that all obtool commands be executed on a host that uses Oracle Secure Backup 12.1.
You can perform file-system backup and restore operations for a Oracle Secure Backup 10.4.0.3 client added to an Oracle Secure Backup 12.1 domain, using backward compatibility. File-system backups to both tape drives and disk pools are supported. You can perform database backup and restore operations only using tape drives.
You cannot specify disk devices for database backups and restore from the Oracle Secure Backup 10.4.0.3 client.
Whenever possible, it is recommended that only Oracle Secure Backup 12.1 clients be added to backup domains running Oracle Secure Backup 12.1.
The Certification Authority (CA) maintains a signing certificate that authorizes the CA to sign the identity certificates for the other hosts in the domain.
Oracle Secure Backup allows you to set the duration for which each signing certificate is valid. This duration is set using the certificate lifetime policy.
Certificates with shorter lifetimes are more secure
Certificates with longer lifetimes are easier to manage
Select a lifetime for certificates based on your corporate policy.
Change the value of the security/certlifetime policy.
Run the obcm recertifydomain command.
For more information on the certificate lifetime policy and obcm recertifydomain command, see the Oracle Secure Backup Reference.
This section lists the basic steps to install Oracle Secure Backup on all hosts. Ensure that you meet all requirements in the section "Preparing to Install Oracle Secure Backup" before starting the installation procedure.
To install Oracle Secure Backup:
Install Oracle Secure Backup on all hosts in the administrative domain.
On the host designated as the administrative server, install the administrative server role. This is the host you use to initiate and manage backup and restore jobs.
When this step is complete, the administrative domain is initialized. But the only host included in the administrative domain at this point is the administrative server
On all hosts that contain data, both Oracle Database and file-system, that is to be backed up using Oracle Secure Backup, install the client role.
On the hosts designated with the media server role, install the client role. This creates the software required for the client role. Additionally, you must perform the following steps:
Configure the host as a media server
Configure backup containers that are attached to this media server
Configure the Oracle Secure Backup administrative domain.
The administrative server requires complete information about all the hosts and backup containers (tape devices and disk pools) in the administrative domain.
For each media server, perform the following tasks:
Add the media server to the administrative domain
Configure the backup containers attached to this media server
This includes each tape device and each attachment that associates a tape device with a media server.
For each client, add the client to the administrative domain.
This includes any Network Data Management Protocol (NDMP) clients such as Network Attached Storage (NAS) appliances.
Before you install Oracle Secure Backup on your hosts, certain decisions about how to configure and manage the administrative domain needs to be made. These decisions will determine how the software is installed, configured, and used.
The tasks involved in preparing to install Oracle Secure Backup are described in the following sections:
Before you install Oracle Secure Backup on a host, ensure that the host satisfies the specified system requirements.
This following topics describe the various system requirements:
For the list of operating systems, web browsers and Network Attached Storage (NAS) devices supported by Oracle Secure Backup, see Certify on My Oracle Support at the following URL:
Information about every tape device supported by Oracle Secure Backup is available at the following URL:
http://www.oracle.com/technetwork/products/secure-backup/learnmore/index.html
When you install Oracle Secure Backup on Linux or UNIX, you load an install package for a particular operating system and perform the installation with the install package. Table 2-1 describes approximate disk space requirements.
Table 2-1 Disk Space Requirements for Oracle Secure Backup on Linux and UNIX
| Oracle Secure Backup Installation | Disk Space for Administrative Server | Disk Space for Client or Media Server |
|---|---|---|
|
Linux x86 64-bit |
75 MB |
75 MB |
|
Solaris x86 64-bit |
130 MB |
130 MB |
|
Solaris SPARC 64-bit |
130 MB |
130 MB |
|
HP-UX |
130 MB |
130 MB |
|
IBM AIX |
610 MB |
610 MB |
Table 2-2 describes approximate disk space required for an installation of Oracle Secure Backup on Windows with and without the administrative server.
Table 2-2 Disk Space Requirements for Oracle Secure Backup on Windows
| Oracle Secure Backup Installation | Disk Space |
|---|---|
|
Administrative server (can include the media server, client, or both) |
112 MB |
|
Media server, client, or both (no administrative server) |
103 MB |
The disk space required for the Oracle Secure Backup catalog depends on many factors. But as a general rule, plan for catalog space equal to 250% of your largest index created after a backup.
See Also:
Oracle Secure Backup Administrator's Guide for guidelines on the growth of the Oracle Secure Backup catalog over time
Each host that participates in an Oracle Secure Backup administrative domain must have a network connection and run TCP/IP. Oracle Secure Backup uses this protocol for all communication within each of its components and between its components and other system components.
Each appliance that employs a closed operating system, such as Network Attached Storage (NAS) and tape servers, must support a version of Network Data Management Protocol (NDMP) described in "Oracle Secure Backup Host Access Modes".
Each host that participates in an Oracle Secure Backup administrative domain must also have some preconfigured way to resolve a host name to an IP address. Most systems use DNS, NIS, WINS, or a local hosts file to do this. Oracle Secure Backup does not require a specific mechanism. Oracle Secure Backup only requires that, upon presenting the underlying system software with an IP address you have configured, it obtains an IP address corresponding to that name.
The use of DHCP to assign IP addresses is not supported for hosts that participate in an Oracle Secure Backup administrative domain. Static IP addresses should be assigned to all hosts. If you cannot use static IP addresses, then you must ensure that the DHCP server guarantees that a given host is always assigned the same IP address.
Note:
You can change the static IP of a host from one address to another, but you must restart the Oracle Secure Backup administrative server for the change to take effect.
On Oracle Secure Backup network installations, it is important that there be no duplicate host names. Index catalog data is stored in a directory based on the name of the client host. Duplicate host names would result in information related to backups from multiple clients being combined in a manner that could prevent successful restore operations from backup files.
You can configure Oracle Secure Backup to use WINS, the Microsoft Windows name resolution protocol, from UNIX hosts. Although this configuration is atypical, WINS name resolution from UNIX hosts can be a practical solution.
Oracle Secure Backup installation media for each supported platform is available as a CD-ROM or as a ZIP file downloaded from the Oracle Software Delivery Cloud website:
The contents of the CD-ROM and download archive are identical.
Note:
If you have multiple platforms in your environment, then you must download the ZIP file or acquire the CD-ROM for each platform.
To download and extract the Oracle Secure Backup installation software:
You now have all of the files required to install Oracle Secure Backup release 12.1.
The Oracle Secure Backup administrative domain is a set of hosts that are managed as a unit to perform backup and restore operations. Each host in the administrative domain must be assigned one of the following roles: administrative server, media server, or client.
See Also:
Before you install Oracle Secure Backup on a host, you must decide the role that will be assigned to this host in the administrative domain. The software that you install depends on the role that is assigned to the host.
When you install software for the administrative role, the software required for the media server and client roles are also installed. The software required for the media server role is also installed when you install the client role. However, the host does not have the media server role until the admin user grants that role with the chhost command after Oracle Secure Backup is installed.
Note:
To add the media server role to an administrative server or client after initial installation, you must create attach points using makedev. See Oracle Secure Backup Reference for details.
When you install the client role, the software for the media server role is also installed on the host. However, you must configure the host as a media server.
Oracle Secure Backup enables you to customize your installation by modifying some configuration parameters that control the installation and administration process. The installation programs provide default values for all these configuration parameters. In most cases, the default values are sufficient. However, you can choose to modify the configuration parameters while installing Oracle Secure Backup.
The following are configuration parameters that you can modify during an Oracle Secure Backup installation:
While installing Oracle Secure Backup on a host, a temporary directory is used to store transient files. Oracle Secure Backup requires that the temporary directory be able to contain lockable files and that it be accessible during the beginning of the restart process. For these reasons, the directory must be on the local disk.
Default values are set for this parameter depending on the operating system. You can modify the default directory and specify a different directory by specifying advanced settings at the time of installation.
For Linux/UNIX and Solaris 64-bit hosts, the default temporary directory is /usr/tmp. For Windows, the default temporary directory is C:\Program Files\Oracle\Backup\temp\.
Table 2-3 Temporary Directory Requirements for Oracle Secure Backup
| Oracle Secure Backup Installation | Disk Space Required |
|---|---|
|
Linux x86 64-bit |
600 MB |
|
Solaris x86 64-bit |
1100 MB |
|
Solaris SPARC 64-bit |
1000 MB |
|
Windows 64-bit |
600 MB |
|
HP-UX |
1200 MB |
|
IBM AIX |
1200 MB |
To keep the installation and administration of Oracle Secure Backup as straightforward as possible, Oracle provides a mechanism for you to identify the name of the Oracle Secure Backup home directory for each platform in your network. The home directory, referred to as OSB_HOME in the documentation, is the directory into which the Oracle Secure Backup software is installed. This directory must be private to each platform and not shared through Network File System (NFS) or a similar remote file system.
The installation programs use an operating system-specific default value set for the home directory. These defaults may be changed based on the availability of disk space on your computer. You can override the default value and install the Oracle Secure Backup software into a different directory by modifying the advanced settings during installation.
The default home directory on Linux/UNIX and Solaris is /usr/local/oracle/backup. On Windows, the default home directory is C:\Program Files\Oracle\Backup. It is recommended that you install Oracle Secure Backup into the default home directory.
Note:
To enable users other than root to use obtool or the Oracle Secure Backup Web tool, install Oracle Secure Backup to a file system that can use the suid mechanism. On Linux/Unix platforms you can do this by excluding the nosuid option from the /etc/fstab file entry for that file system.
The directory that you specify as the Oracle Secure Backup home is created by the install program, but its parent folder must exist before you start the installation. For example, if you specify /usr/local/oracle/backup as your home, the /usr/local/oracle path must exist. The installer creates the backup directory and sets the correct owner, group, and permissions on it
Oracle Secure Backup integrates with Recovery Manager (RMAN) to enable you to backup and restore Oracle Databases. To back up Oracle Database files using RMAN with Oracle Secure Backup, you must specify an Oracle Secure Backup user who has the permissions required to perform backup and restore operations with RMAN.
During the Oracle Secure Backup installation, you can create a preauthorized user, with the rights of the oracle class, that is used for Oracle Database operations. If you choose to configure user preauthorization, the Oracle Secure Backup preauthorized user that you create is mapped to an operating system user whose credentials will be used to perform Oracle Database backup and restore operations. The default name for the preauthorized user is oracle.
To back up databases on Linux/UNIX platforms, you must specify a Linux/UNIX user name and a Linux/UNIX group name whose credentials will be used by the preauthorized user. The user name must be defined in /etc/password and the group name must be defined in /etc/group. To backup databases on Windows platforms, you must specify the domain account whose credentials are used by the preauthorized user.
Note:
Before you choose to create the preauthorized user, be aware that this choice involves a trade-off between convenience and security.
If you intend to use Oracle Secure Backup to perform one-time, RMAN-initiated, or unprivileged backup operations on Windows clients, then you must modify the Oracle Secure Backup admin and oracle users to assign them Windows credentials (a domain, user name and password) that are valid at the client with required privileges after you complete the Oracle Secure Backup installation. Otherwise, Oracle Secure Backup cannot perform these types of backup operations. This requirement applies regardless of the platform that acts as the administrative server.
If you do not create a preauthorized user during the installation, you can set up user preauthorization at a later stage.
Each user needs a valid Oracle Secure Backup user name and password to log in to Oracle Secure Backup and perform operations. By default, passwords for Oracle Secure Backup users must be at least 8 characters. During installation, you can modify the advanced settings and specify a different length, between 8 characters and 16 characters, for user passwords. The length specified during installation applies to the passwords used for all Oracle Secure Backup users.
Oracle Secure Backup enables secure communication between the hosts in the administrative domain. Each host is uniquely identified by an X.509 certificate signed by the Certification Authority (CA). Connections between hosts are established only after the hosts authenticate themselves to each other using identity certificates.
The installation program uses a default value of 1024 bits for the identity certificate key size. Starting with Oracle Secure Backup version 12.1.0.3, the default value is 3072 bits. You can modify this value to configure the level of security associated with every host identity certificate issued by the administrative service daemon.
The values you can set for identity certificate key length, in bits, are: 512, 768, 1024, 2048, 3072, and 4096. 1024 bits is the minimum length required for adequate security. A value of 2048 bits offers adequate security. A very high level of security can be provided by setting the key size to 3072 bits or 4096 bits.
Note:
Certificate key sizes smaller than 1024 are not considered secure. Certificate key sizes of 3072 or more are considered very secure.
Each platform has a discrete directory in which Oracle Secure Backup retains host-specific information. This directory must be private to each platform and not shared through Network File System (NFS) or a similar remote file system.
The installation program uses operating system-specific defaults for the database directory. You can modify the default values by configuring the advanced settings during an Oracle Secure Backup installation.
The default database directory is for Linux/UNIX and Solaris 64-bit hosts is /usr/etc/ob. On Windows, the default database directory is C:\Program Files\Oracle\Backup\db.
During installation on Linux/Unix platforms, you can create symbolic links, typically in /usr/bin and /etc, so that an Oracle Secure Backup user is not required to change search paths.
These parameters are particular to each supported platform. On some systems, it might be more appropriate to place links in /bin instead of /usr/bin or in /usr/etc instead of /etc.
By default, on Linux/UNIX and Solaris 64-bit systems, symbolic links are created in the /usr/bin/etc/lib directory.
Note:
Oracle recommends using the defaults provided for this parameter.
If you specify a lib directory for the operating system type of the current installation, then installob creates a libobk.so symbolic link in that directory. That symbolic link points to the actual libobk.so file in a platform-specific lib directory in the Oracle Secure Backup home (such as lib.linux32).