1 Introduction to Oracle Secure Backup

This chapter provides an introduction to Oracle Secure Backup and includes advice on planning and configuring your administrative domain.

This chapter contains these sections:

See Also:

Oracle Secure Backup Administrator's Guide for conceptual information about Oracle Secure Backup

1.1 What Is Oracle Secure Backup?

Oracle Secure Backup enables reliable data protection through file-system backup to tape. It supports every major tape drive and tape library in SAN, Gigabit Ethernet (GbE), and SCSI environments using standard tape formats.

Oracle Secure Backup supports Internet Protocol v4 (IPv4), Internet Protocol v6 (IPv6), and mixed IPv4/IPv6 environments on all platforms that support IPv6.

Using Oracle Secure Backup on your network enables you to take data from a networked host running Oracle Secure Backup or a NAS device that support NDMP, and back up that data on a tape device on the network. That data can include ordinary file-system files and databases backed up with Recovery Manager (RMAN).

As part of the Oracle storage solution, Oracle Secure Backup provides scalable distributed backup and recovery capabilities. It reduces complexity of your backup solution, by:

  • Integrating with the Oracle stack for maximum ease of use in a single Oracle solution to back up your data from disk to tape

  • Employing single-vendor technical support for database and file-system backup and recovery to tape

  • Using existing or new hardware, with broad tape device support in SCSI, GbE, and SAN environments with dynamic tape drive sharing for maximum tape drive utilization

Oracle Secure Backup eliminates integration challenges with ready-to-use tape management software that provides single-vendor support. Oracle Secure Backup also reduces your costs. When using Oracle Secure Backup with RMAN to back up and recover databases and files to and from tape, no third-party tape management software is required. Oracle Secure Backup provides the media management layer needed to use tape storage with RMAN.

Centralized administration, heterogeneous network support, and flexible scheduling simplify and automate protection of the entire Oracle environment, including database data and file-system data such as the contents of the Oracle home.

1.2 Oracle Secure Backup Concepts

This section discusses Oracle Secure Backup concepts that enable you to better understand the installation process.

This section contains these topics:

1.2.1 Oracle Secure Backup Administrative Domains and Hosts

Oracle Secure Backup organizes hosts and tape devices into an administrative domain, representing the network of hosts containing data to be backed up, hosts with attached tape devices on which backups are stored, and each tape device with its attachment to the hosts. A host can belong to only one administrative domain. Host Roles in an Administrative Domain

Each host in an administrative domain must be assigned one or more of the following Oracle Secure Backup roles:

  • Administrative server

    Each administrative domain must have exactly one administrative server. During postinstallation configuration, the administrative server must be configured with complete data regarding the other hosts in the administrative domain, their roles, and their attached tape devices. This configuration information is maintained in a set of configuration files stored on the administrative server.

    The administrative server runs the scheduler, which starts and monitors each backup job. The scheduler also keeps a backup catalog with metadata for all backup and restore operations performed in the administrative domain.

  • Media server

    A media server is a host with at least one tape device attached to it. A media server transfers data to or from a volume loaded on one of these tape devices. A media server has at least one attachment to a tape drive or library. It might have attachments to multiple tape libraries.

    You specify the attachments between media servers and tape devices during postinstallation configuration of Oracle Secure Backup.

  • Client

    The client role is assigned to any host that has access to file-system or database data that can be backed up or restored by Oracle Secure Backup. Any host where Oracle Secure Backup is installed can be a client, including hosts that are also media servers or the administrative server. A network-attached storage device that Oracle Secure Backup accesses through NDMP can also serve the client role.


A host can be assigned multiple roles in an administrative domain. For example, a host with a tape drive attached could be both the administrative server and media server for a network that includes several other clients. For more examples of administrative domains, see "Oracle Secure Backup Administrative Domain: Examples". Host Naming in an Administrative Domain

You must assign each host in an administrative domain a unique name to be used in Oracle Secure Backup operations. Typically, the host name in your DNS for this host is a good choice for the Oracle Secure Backup host name. However, you can assign a different name to a host. Oracle Secure Backup Host Access Modes

Communication among hosts in an administrative domain is always based on NDMP, but implementations and versions of NDMP vary. Oracle Secure Backup supports two host access modes: primary access mode and NDMP access mode.

Primary access mode is used among hosts on which Oracle Secure Backup is installed. Oracle Secure Backup daemons run in the background on the host, communicate with the administrative server using the Oracle Secure Backup implementation of NDMP, and perform backup and restore tasks. Hosts on which databases reside are typically accessed using primary access mode.


In Oracle Enterprise Manager, primary access mode is referred to as native access mode. In the Oracle Secure Backup Web tool and the output of some obtool commands such as lshost, primary mode is referred to as OB access mode.

NDMP access mode is used to communicate with devices such as storage appliances that do not run Oracle Secure Backup natively. For example, devices from third-party vendors such as Network Appliance and EMC are supported only in NDMP access mode. Each NDMP host uses a vendor-specific implementation of the NDMP protocol to back up and restore file systems. Some devices support older versions of the NDMP protocol. When adding such devices to the administrative domain, extra parameters might be required.

Oracle Secure Backup supports NDMP versions 3 and 4, and various extensions to version 4. It automatically negotiates with other, non-Oracle NDMP components to select a mutually supported protocol version. Between its own components, Oracle Secure Backup uses NDMP version 4. When communicating with hosts that are not running Oracle Secure Backup, Oracle Secure Backup usually chooses the protocol version proposed by that host when the connection is established. You can change the NDMP protocol version with which Oracle Secure Backup communicates to a specific host. You might want to do this when testing or troubleshooting.

1.2.2 Oracle Secure Backup Administrative Domain: Examples

Figure 1-1 shows a minimal administrative domain, in which a single host is administrative server, media server, and client. An Oracle database also runs on the same host.

Figure 1-1 Administrative Domain with One Host

Description of Figure 1-1 follows
Description of "Figure 1-1 Administrative Domain with One Host"

Figure 1-2 shows a possible Oracle Secure Backup administrative domain that includes three client hosts, one administrative server, and one media server. A NAS appliance contains ordinary file data. One client based on UNIX and another based on Windows contain databases and other file data. Oracle Secure Backup can back up to tape the non-database files on file systems accessible on client hosts. RMAN can back up to tape database files through the Oracle Secure Backup SBT interface.

Figure 1-2 Oracle Secure Backup Administrative Domain with Multiple Hosts

Description of Figure 1-2 follows
Description of "Figure 1-2 Oracle Secure Backup Administrative Domain with Multiple Hosts"

1.2.3 Tape Devices

Oracle Secure Backup maintains information about each tape library and tape drive so that you can use them for local and network backup and restore operations. You can configure tape devices during installation or add a new tape device to an existing administrative domain. When configuring tape devices, the basic task is to inform Oracle Secure Backup about the existence of a tape device and then specify which media server can communicate with this tape device.

This section contains these topics: Tape Drives

A tape drive is a tape device that uses precisely controlled motors to wind a tape from one reel to another. The tape passes a read/write head as it winds. Most magnetic tape systems use small reels fixed inside a cartridge to protect the tape and make handling of the tape easier.

A magnetic cassette or tape is sequential-access storage. It has a beginning and an end, which means that to access data in the middle of the tape, a tape device must read through the beginning part of the tape until it locates the desired data.

In a typical format, a tape drive writes data to a tape in blocks. The tape drive writes each block in a single operation, leaving gaps between the blocks. The tape runs continuously during the write operation.

The block size of a block of data is the size of the block in bytes as it was written to tape. All blocks read or written during a given backup or restore operation have the same block size. The blocking factor of a block of data expresses the number of 512-byte records contained in the block. For example, the Oracle Secure Backup default blocking factor (128) results in a tape block size of 128*512 bytes or 64 KB.

The maximum blocking factor is an upper limit on the blocking factor that Oracle Secure Backup uses. This limit comes into play particularly during restores, when Oracle Secure Backup must pick an initial block size to use without knowing the actual block size on the tape. The maximum blocking factor limits this initial block size to a value that is acceptable to both the tape device and the underlying operating system.

When Oracle Secure Backup starts a backup, it decides what block size to use based on several factors. Listed in order of precedence, these factors are:

  • Blocking factor specified using the obtar -b option

    This option can also be specified as part of the operations/backupoptions policy. If this option is specified, then it overrides all other factors.

    See Also:

    Oracle Secure Backup Reference for more information on the obtar -b option and the operations/backupoptions policy
  • Configuration of the tape drive to be used

    You can specify what blocking factor, maximum blocking factor, or both that Oracle Secure Backup should use for a particular tape drive when you configure that drive. You might want to do this if you have tape drives with very different block size limits.

  • Domain-wide blocking factors or maximum blocking factors set with the media/blockingfactor and media/maxblockingfactor policies.

    See Also:

    Oracle Secure Backup Reference for more information on the media/blockingfactor and media/maxblockingfactor policies
  • The default blocking factor (128) and maximum blocking factor (128), resulting in a block size of 64K

When a blocking factor has been nominated by one or another of these factors, it must pass the following tests:

  • The block size must be less than or equal to the maximum block size (blocking factor) put in effect by whatever policies or tape drive configuration attributes are in force.

  • The block size must be supported by the tape drive and attach point in question.

    Sometimes a tape drive, device driver, or kernel operating system has a limitation that supersedes all other considerations.

When Oracle Secure Backup begins a restore operation, it does not know what block size was used to write a given tape. Because issuing a read for a too-small block would result in an error condition and a tape reposition, Oracle Secure Backup always starts a restore operation by reading the largest possible block size. This is either the current setting of the media/maxblockingfactor policy or the tape drive configuration attribute. The maximum blocking factor, therefore, must always be greater than or equal to the largest block size you ever want to restore.

After the first read from the backup image, Oracle Secure Backup compares the amount of data requested to the actual size of the block and adjusts the size of subsequent reads to match what is on the tape.

Each tape drive supports a specific tape format. Typical tape formats include:

  • 4mm, or Digital Audio Tape (DAT)

  • Advanced Intelligent Tape (AIT)

  • Digital Linear Tape (DLT) and Super DLT (SDLT)

  • Linear Tape-Open (LTO)

  • T9840

  • T9940

  • T10000

Information about the tape formats of tape devices supported by Oracle Secure Backup is available in the Getting Started section at the following URL:

http://www.oracle.com/technetwork/products/secure-backup/learnmore/index.html Tape Libraries

A tape library is a robotic tape device that accepts SCSI commands to move a volume between a storage element and a tape drive. A tape library is often referred to as a robotic tape device, autochanger, or medium changer.

A tape library contains one or more tape drives, slots to hold tape cartridges, and an automated method for loading tapes. Figure 1-3 illustrates a tape library that contains four tape drives.

Oracle Secure Backup automates the management of tape libraries, thereby enabling efficient and reliable use of their capabilities. Oracle Secure Backup controls the tape library robotics so that tapes can be managed easily.

Oracle Secure Backup supports the following features of tape libraries:

  • Automatic loading and unloading of volumes

    When you add a tape library to your administrative domain, it is configured in automount mode by default. In this mode, Oracle Secure Backup sends commands to the robotic arm of the tape library to mount tapes for backup and restore operations. When a new volume is needed, Oracle Secure Backup scans the tape library until it finds a suitable volume. If sufficient eligible tapes are contained in the tape library storage elements, then no operator intervention is required to load the volumes needed to store the complete backup image.

  • Barcode readers

    A barcode is a symbol code that is physically applied to volumes for identification purposes. Some tape libraries have an automated barcode reader. Oracle Secure Backup can use barcodes to identify tapes in a tape library.

  • Automatic tape drive cleaning

    Oracle Secure Backup checks for cleaning requirements when a tape is loaded into or unloaded from a tape drive. If cleaning is required, then Oracle Secure Backup loads a cleaning cartridge, waits for the cleaning cycle to complete, replaces the cleaning cartridge in its original storage element, and continues with the requested load or unload. You can also schedule a cleaning interval.

As shown in Figure 1-3, a tape library has a set of addressable elements, each of which can contain or move a tape. Libraries can contain the following types of elements:

  • Storage element (se)

    This element is an internal slot in a tape library where a tape cartridge can reside.

  • Data transfer element (dte)

    This element represents a tape device capable of reading or writing the physical volume. Typically, a data transfer element (DTE) is a tape drive used to back up or restore data on a tape.

  • Medium transport element (mte)

    This element represents the robotics mechanism used to move tapes between other elements in the tape library. Typically, a medium transport element is a robot arm that moves tape cartridges from tape library slots to tape drives.

  • Import/export element (iee)

    This is an element by which media can be imported to and exported from the tape library. Typically, an import/export element is a door-like mechanism that an operator uses to transfer tapes into and out of the library. After the door is closed, the robotic arm transfers cartridges to internal slots in the library. Because the library itself is not opened during this procedure, no re-inventory is required.

Many of the Oracle Secure Backup tape library commands require you to specify one or more tape library elements, in particular, storage elements and import/export elements. Except in the inventory display, media transport elements are never referenced. Data transfer elements are referenced only in the inventory display and indirectly by the tape drive (if any) that you select for an operation.

Oracle Secure Backup refers to elements by their abbreviation (mte, se, iee, or dte) followed by the number of the element, for example, se5, iee2, dte1. When multiple elements of a type exist, element numbering starts at 1. When only one element of a type exists, the number can be omitted. Thus, iee1 and iee both refer to the first and only import/export element. If the abbreviation is omitted, then a storage element is assumed. For example, se4 and 4 both refer to the fourth storage element. For some commands, you can specify a range of storage elements, for example, 1-5.

Oracle Secure Backup supports several tape library operations. The following operations are the most basic:

  • Inserting and extracting volumes

  • Loading and unloading volumes

  • Moving volumes

  • Importing and exporting volumes

See Also: Virtual Tape Libraries

A virtual tape library is one or more large-capacity disk drives partitioned into virtual physical tape volumes. To Oracle Secure Backup the virtual tape library appears to be a physical tape library with at least one volume and at least one tape drive. The volumes and tape drives in the virtual tape library can be configured to match common physical tapes and tape drives.

Backup operations performed to a virtual tape library complete faster than backup operations to actual tape drives, because the underlying storage device is direct access media. But a virtual tape library is not suitable for long time storage, because it has limited storage capacity. If you back up to a virtual tape library, then you can take advantage of its faster backup and then use the volume migration feature of Oracle Secure Backup to migrate the data to tapes at a later point of time. Device Names and Attachments

Because Oracle Secure Backup manages tape drive operations, it must be able to identify the tape drive and determine whether the tape drive is housed in a tape library. Oracle Secure Backup must further determine if a storage element is available for storing a volume while not in use by the tape drive. Thus, each tape device must be uniquely identified within Oracle Secure Backup by a user-defined name.

Oracle Secure Backup distinguishes a tape device and the means by which the tape device connects to a host. To be usable by Oracle Secure Backup, each tape device must have at least one attachment, which describes a data path between a host and the tape device. An attachment usually includes the identity of a host plus an attach point name in Linux or UNIX, a device name in Windows, or a NAS device name. In rare cases, additional information is needed for the attachment definition.

See Also:

1.3 Oracle Secure Backup Interfaces

There are four different interfaces for accessing different elements of Oracle Secure Backup:

  • The obtool command line utility provides the fundamental interface for Oracle Secure Backup functions, including configuration, media handling, and backup and restore of file-system files.

  • Oracle Enterprise Manager offers access to most Oracle Secure Backup functions available through obtool as part of its Database Control and Grid Control interfaces.

  • Oracle Secure Backup includes its own Web-based interface, called the Oracle Secure Backup Web tool, which exposes all functions of obtool. The Oracle Secure Backup Web tool is primarily intended for use in situations where Oracle Secure Backup is being used independently of an Oracle Database instance. It does not provide access to database backup and recovery functions.

    The Oracle Secure Backup Web tool supports Internet Protocol v4 (IPv4), Internet Protocol v6 (IPv6), and mixed IPv4/IPv6 environments on all platforms that support IPv6.

  • Backup and restore operations for Oracle Database instances and configuration of the Oracle Secure Backup media management layer are performed through the RMAN command-line client or through Oracle Enterprise Manager.


Oracle Secure Backup documentation focuses on the use of Enterprise Manager wherever possible, and describes the Oracle Secure Backup Web Tool only when there is no equivalent functionality in Enterprise Manager, as in a file-system backup.

See also:

1.4 System Requirements for Oracle Secure Backup

For the list of operating systems, web browsers and Network Attached Storage (NAS) devices supported by Oracle Secure Backup, see Certify on My Oracle Support at the following URL:


Information about every tape device supported by Oracle Secure Backup is available at the following URL:


This section contains these topics:

1.4.1 Disk Space Requirements for Oracle Secure Backup

When you install Oracle Secure Backup on Linux or UNIX, you load an install package for a particular operating system and perform the installation with the install package. Table 1-1 describes approximate disk space requirements.

Table 1-1 Disk Space Requirements for Oracle Secure Backup on Linux and UNIX

Oracle Secure Backup Installation Disk Space


75 MB


130 MB


130 MB


610 MB

Table 1-2 describes approximate disk space required for an installation of Oracle Secure Backup on Windows with and without the administrative server.

Table 1-2 Disk Space Requirements for Oracle Secure Backup on Windows

Oracle Secure Backup Installation Disk Space

Administrative server (can include the media server, client, or both)

48 MB

Media server, client, or both (no administrative server)

31 MB

The disk space required for the Oracle Secure Backup catalog depends on many factors. But as a general rule, plan for catalog space equal to 250% of your largest index created after a backup.

See Also:

Oracle Secure Backup Administrator's Guide for guidelines on the growth of the Oracle Secure Backup catalog over time

1.4.2 Other System Requirements for Oracle Secure Backup

Each host that participates in an Oracle Secure Backup administrative domain must run TCP/IP. Oracle Secure Backup uses this protocol for all communication within each of its components and between its components and other system components.

Each appliance that employs a closed operating system, such as Network Attached Storage (NAS) and tape servers, must support a version of Network Data Management Protocol (NDMP) described in "Oracle Secure Backup Host Access Modes".

Each host that participates in an Oracle Secure Backup administrative domain must also have some preconfigured way to resolve a host name to an IP address. Most systems use DNS, NIS, WINS, or a local hosts file to do this. Oracle Secure Backup does not require a specific mechanism. Oracle Secure Backup only requires that, upon presenting the underlying system software with an IP address you have configured, it obtains an IP address corresponding to that name.

The use of DHCP to assign IP addresses is not supported for hosts that participate in an Oracle Secure Backup administrative domain. Static IP addresses should be assigned to all hosts. If you cannot use static IP addresses, then you must ensure that the DHCP server guarantees that a given host is always assigned the same IP address.


You can change the static IP of a host from one address to another, but you must restart the Oracle Secure Backup administrative server for the change to take effect.

On Oracle Secure Backup network installations, it is important that there be no duplicate host names. Index catalog data is stored in a directory based on the name of the client host. Duplicate host names would result in information related to backups from multiple clients being combined in a manner that could prevent successful restore operations from backup files.

You can configure Oracle Secure Backup to use WINS, the Microsoft Windows name resolution protocol, from UNIX hosts. Although this configuration is atypical, WINS name resolution from UNIX hosts can be a practical solution.

1.4.3 Linux Media Server System Requirement: SCSI Generic Driver

Configuring a Linux host for the Oracle Secure Backup media server role requires that the SCSI Generic driver be installed on that host. This driver is required for Oracle Secure Backup to interact with a tape device. The host must also be configured to automatically reload the driver after a restart.

1.5 Acquiring Oracle Secure Backup Installation Media

Oracle Secure Backup installation media for each supported platform is available as a CD-ROM or as a ZIP file downloaded from the Oracle Technology Network (OTN) Web site for Oracle Secure Backup:


The contents of the CD-ROM and download archive are identical.

If you download the software from OTN, then you must store the downloaded file in a temporary directory and extract the contents of the installation file.


If you are installing Oracle Secure Backup on multiple platforms, then you must download the ZIP file or acquire the CD-ROM for each platform.

1.6 Installation and Configuration Overview

You must install Oracle Secure Backup on your administrative server and on each media server and client host in your administrative domain. During installation, the installation software asks you to specify the roles played by each host. An administrative domain typically includes an administrative server, one or more media servers, and one or more client hosts.

The following steps provide an overview of Oracle Secure Backup installation and configuration:

  1. Create an Oracle Secure Backup administrative server.

    1. Select a host to be the administrative server. This is the host you use to initiate and manage backup and restore jobs.

    2. Verify that this host meets the physical and network security requirements discussed in "Choosing Secure Hosts for the Administrative and Media Servers"

    3. Verify that this host meets the system requirements discussed in "Disk Space Requirements for Oracle Secure Backup".

    4. Install Oracle Secure Backup software on this host.

    When this step is complete, the administrative domain is initialized. But the only host included in the administrative domain at this point is the administrative server.

  2. Create Oracle Secure Backup media servers.

    1. Select one or more hosts to be media servers. These hosts must have a tape device or other secondary storage device attached.

    2. Verify that this host meets the physical and network security requirements discussed in "Choosing Secure Hosts for the Administrative and Media Servers"

    3. Verify that this host meets the system requirements discussed in "Disk Space Requirements for Oracle Secure Backup".

    4. Install Oracle Secure Backup software, including the Oracle Secure Backup device driver, on each of these hosts.

      On UNIX and Linux platforms you are prompted during this step for Small Computer System Interface (SCSI) device information. You obtain this information using operating system-specific utilities, as described in Appendix C, "Determining Linux SCSI Parameters".

  3. Create Oracle Secure Backup clients.

    Install Oracle Secure Backup software on each host with data to be backed up.

  4. Configure the Oracle Secure Backup administrative domain.

    The administrative server requires complete information about:

    This step is documented in Chapter 5, "Configuring and Managing the Administrative Domain". When this step is complete, Oracle Secure Backup is ready to back up any data stored on clients in the administrative domain.

1.7 About Upgrade Installations

If you are upgrading an existing Oracle Secure Backup release 10.1 installation to release 10.4, then you must upgrade every host in the Oracle Secure Backup administrative domain to the same version. Oracle Secure Backup release 10.4 is incompatible with Oracle Secure Backup release 10.1.

In an upgrade installation, the Oracle Secure Backup catalogs (contained in the admin directory) are preserved, retaining configuration information and backup metadata for your administrative domain. This state information for your administrative domain, such as the backup catalog, host, user and device configuration information, and any scheduled backup jobs, is stored in the admin directory under the Oracle Secure Backup home on your administrative server.


Oracle recommends backing up the administrative server before upgrading.

Before upgrading an existing administrative domain to Oracle Secure Backup release 10.4, you must shut down drivers and background processes related to Oracle Secure Backup on all hosts. Upgrade the administrative server host first, and then the other hosts in the domain.

Brief instructions on each step are described in the following sections.

1.7.1 Preparing Administrative Domain Hosts for Upgrade to Release 10.4

Before performing an upgrade installation, you must stop the daemons and services related to Oracle Secure Backup on all hosts in your administrative domain. The preferred commands for stopping the Oracle Secure Backup daemons on Linux and UNIX are described in Oracle Secure Backup Reference.

On both Linux and Solaris administrative servers, it is also necessary to stop the Oracle Secure Backup Web tool processes and Oracle Secure Backup httpd daemon processes. Use the ps command to confirm that all the Oracle Secure Backup processes are stopped:

# /bin/ps -ef | grep ob

Use the kill -9 command to stop each process.

On Windows hosts, you must stop the Oracle Secure Backup service:

  1. Open the Services applet.

  2. Right-click the Oracle Secure Backup Services service.

  3. Select Stop.