Glossary
administrative domain
A group of computers on your network that you manage as a common unit to perform backup and restore operations. An administrative domain must include one and only one administrative server. It can include the following:
-
One or more clients
-
One or more media servers
An administrative domain can consist of a single host that assumes the roles of administrative server, media server, and client.
administrative server
The host that stores configuration information and catalog files for hosts in the administrative domain. There must be one and only one administrative server for each administrative domain. One administrative server can service every client on your network. The administrative server runs the scheduler, which starts and monitors backups within the administrative domain.
attachment
The physical or logical connection (the path through which data travels) of a tape device or a disk pool to a host in the administrative domain.
backup catalog data
This is the metadata that is stored on tape and the disk pool in the /osbmeta directory, following the backup image instance, as a part of the backup. Backup catalog data provides information that rebuilds that backup image instance within the Oracle Secure Backup catalog file during the import catalog process.
backup container
The physical storage media on which a backup is stored. Backup containers can be tape devices or disk pools.
backup image
The product of a backup operation. It stores the metadata related to the backup operation. The actual data this is backed up is stored in the backup image instance.
backup image file
The logical container of a backup image. A backup image consists of one file. One backup image consists of one or more backup sections.
backup image instance
The product of a backup operation. It stores the actual data that is backed up. There can be more than one backup image instances for a single backup image.
A single backup image instance can span multiple volumes in a volume set. The part of a backup image that fits on a single volume is called a backup section.
backup image label
The data on a tape that identifies file number, backup section number, and owner of the backup image.
backup job
A backup that is eligible for execution by the Oracle Secure Backup scheduler. A backup job contrasts with a backup request, which is an on-demand backup that has not yet been forwarded to the scheduler with the backup --go command.
backup level
The level of an incremental backup of file-system data. Oracle Secure Backup supports 9 different incremental backup levels for a file-system backup.
backup operation
A process by which data is copied from primary media to secondary media. You can use Oracle Secure Backup to make a file-system backup, which can back up any file on the file system. You can also use the Oracle Secure Backup SBT library with Recovery Manager (RMAN) to back up the database to tape or disk pool.
backup piece
A backup file generated by Recovery Manager (RMAN). Backup pieces are stored in a logical container called a backup set.
backup request
An on-demand backup that is held locally in obtool until you run the backup command with the --go option. At this point Oracle Secure Backup forwards the requests to the scheduler, at which time the backup requests become backup jobs and are eligible to run.
backup schedule
A description of when and how often Oracle Secure Backup should back up the files specified by a dataset. The backup schedule contains the names of each dataset file and the name of the media family to use. The part of the schedule called the trigger defines the days and times when the backups should occur. In obtool, you create a backup schedule with the mksched command.
backup section
The portion of a backup image file that exists on a single tape. One backup image can contain one or more backup sections. Each backup section is uniquely identified by a backup ID.
barcode
A symbol code, also called a tag, that is physically applied to a volume for identification purposes. Oracle Secure Backup supports the use of tape libraries that have an automated means to read barcodes.
catalog
A repository that records backups in an Oracle Secure Backup administrative domain. You can use the Oracle Secure Backup Web tool or obtool to browse the catalog and determine what files you have backed up. The catalog is stored on the administrative server.
certificate
A digitally signed statement from a Certification Authority (CA) stating that the public key (and possibly other information) of another entity has a value. The X.509 standard specifies the format of a certificate and the type of information contained in it: certificate version, serial number, algorithm ID, issuer, validity, subject, subject public key information, and extensions such as key usage (signing, encrypting, and so on). A variety of methods are used to encode, identify, and store the certificate.
Certification Authority (CA)
An authority in a network that performs the function of binding a public key pair to an identity. The CA certifies the binding by digitally signing a certificate that contains a representation of the identity and a corresponding public key. The administrative server is the CA for an Oracle Secure Backup administrative domain.
class
A named set of rights for an Oracle Secure Backup user. A class can have multiple users, but each Oracle Secure Backup user can belong to one and only one class.
Common Internet File System (CIFS)
An Internet file-system protocol that runs on top of TCP/IP (Transmission Control Protocol/Internet Protocol).
content-managed expiration policy
A volume with this type of expiration policy expires when every backup piece on the volume is marked as deleted. You can make Recovery Manager (RMAN) backups, but not file-system backups, to content-managed volumes. You can use RMAN to delete backup pieces.
cumulative incremental backup
A type of incremental backup in which Oracle Secure Backup copies only data that has changed at a lower backup level. For example, a level 3 incremental backup copies only that data that has changed since the most recent backup that is level 2 or lower.
daemons
Background processes that are assigned a task by Oracle Secure Backup during the execution of backup and restore operations. Some daemons run continually and others are started and stopped as required.
data management application (DMA)
An application that controls a backup or restore operation over the Network Data Management Protocol (NDMP) through connections to a data service and tape service. The DMA is the session master, whereas the NDMP services are the slaves. In an Oracle Secure Backup administrative domain, obtar is an example of a DMA.
data service
An application that runs on a client and provides Network Data Management Protocol (NDMP) access to database and file-system data on the primary storage system.
database backup storage selector
An Oracle Secure Backup configuration object that specifies characteristics of Recovery Manager (RMAN) SBT backups. The storage selector act as a layer between RMAN, which accesses the database, and the Oracle Secure Backup software, which manages the backup media.
dataset
The contents of a file-system backup. A dataset file describes a dataset. For example, you could create the dataset file my_data.ds to describe a dataset that includes the /home directory on host brhost2.
dataset directory
A directory that contains at least one dataset file. The directory groups dataset files as a set for common reference.
dataset file
A text file that describes a dataset. The Oracle Secure Backup dataset language provides a text-based means to define file-system data to back up.
DBID
An internal, uniquely generated number that differentiates databases. Oracle creates this number automatically when you create the database.
defaults and policies
A set of configuration data that specifies how Oracle Secure Backup runs in an administrative domain.
device special file
A file name in the /dev file system on UNIX or Linux that represents a hardware tape device. A device special file does not specify data on disk, but identifies a hardware unit and the device driver that handles it. The inode of the file contains the device number, permissions data, and ownership data. An attachment consists of a host name and the device special file name by which that tape device is accessed by Oracle Secure Backup.
differential incremental backup
A type of incremental backup in which Oracle Secure Backup copies only data that has changed at the same or lower backup level. This backup is also called a level 10 backup. Oracle Secure Backup does not support the level 10 backup on some platforms, including NAS devices such as a Network Appliance filer.
disk pool
A file-system directory that stores backups. Disk pools can be accessed concurrently by multiple backup or restore jobs.
domain
A group of computers and tape devices on a network that are administered as a unit with common rules and procedures. Within the internet, domains are defined by the IP address. Every host or device sharing a common part of the IP address is said to be in the same domain.
expiration policy
The means by which Oracle Secure Backup determines how volumes in a media family expire, that is, when they are eligible to be overwritten. A media family can either have a content-managed expiration policy or time-managed expiration policy.
file-system backup
A backup of files on the file system initiated by Oracle Secure Backup. A file-system backup is distinct from a Recovery Manager (RMAN) backup made through the Oracle Secure Backup SBT interface.
full backup
An operation that backs up all of the files selected on a client. Unlike in an incremental backup, files are backed up whether they have changed since the last backup or not.
host authentication
The initialization phase of a connection between two hosts in the administrative domain. After the hosts authenticate themselves to each other with identity certificates, communications between the hosts are encrypted by SSL. Almost all connections are two-way authenticated; exceptions include initial host invitation to join an administrative domain and interaction with hosts that use NDMP access mode.
identity certificate
An X.509 certificate signed by the Certification Authority (CA) that uniquely identifies a host in an Oracle Secure Backup administrative domain.
import catalog
The process through which an Oracle Secure Backup user imports and catalogs a volume set from tape to the Oracle Secure Backup domain. The function reads the backup catalog data from the tape and inserts necessary information into the Oracle Secure Backup catalog file.
incremental backup
An operation that backs up only the files on a client that changed after a previous backup. Oracle Secure Backup supports 9 different incremental backup levels for a file-system backup. A cumulative incremental backup copies only data that changed since the most recent backup at a lower level. A differential incremental backup, which is equivalent to a level 10 backup, copies data that changed since an incremental backup at the same or lower level.
An incremental backup contrasts with a full backup, which always backs up all files regardless of when they last changed. A full backup is equivalent to an incremental backup at level 0.
job list
A catalog created and maintained by Oracle Secure Backup that describes each past, current, and pending backup job.
job summary
A text file report produced by Oracle Secure Backup that describes the status of selected backup and restore jobs. Oracle Secure Backup generates the report according to a user-specified job summary schedule.
job summary schedule
A user-defined schedule for generating job summaries. You create job summary schedules with the mksum command in obtool.
location
A location is a place where a volume physically resides; it might be the name of a tape library, a disk pool, a data center, or an off-site storage facility.
media family
A named classification of backup volumes that share the same volume sequence file, expiration policy, and write window.
media server
A computer or server that has at least one tape device or disk pool connected to it. A media server is responsible for transferring data to or from the devices that are attached to it.
mount mode
The mode indicates the way in which Oracle Secure Backup can use a volume physically loaded into a tape drive. Valid values are read-only, write/append, overwrite, and not mounted.
NDMP access mode
The mode of access for a filer or other host that uses Network Data Management Protocol (NDMP) for communications within the administrative domain. NDMP access mode contrasts with primary access mode, which uses the Oracle Secure Backup network protocol. Note that Oracle Secure Backup uses NDMP for data transfer among hosts regardless of whether a host is accessed through the primary or NDMP access modes.
Network Attached Storage (NAS)
A NAS server is a computer on a network that hosts file systems. The server exposes the file systems to its clients through one or more standard protocols, most commonly NFS and CIFS.
Network Data Management Protocol (NDMP)
An open standard protocol that defines a common architecture for backups of heterogeneous file servers on a network. This protocol allows the creation of a common agent used by the central backup application, called a data management application (DMA), to back up servers running different operating systems. With NDMP, network congestion is minimized because the data path and control path are separated. Backup can occur locally—from a file server direct to a tape drive—while management can occur centrally.
Network File System (NFS)
A client/server application that gives all network users access to shared files stored on computers of different types. NFS provides access to shared files through an interface called the Virtual File System (VFS) that runs on top of TCP/IP (Transmission Control Protocol/Internet Protocol). Users can manipulate shared files as if they were stored on local disk. With NFS, computers connected to a network operate as clients while accessing remote files, and as servers while providing remote users access to local shared files. The NFS standards are publicly available and widely used.
obfuscated wallet
A wallet whose data is scrambled into a form that is extremely difficult to read if the scrambling algorithm is unknown. The wallet is read-only and is not protected by a password. An obfuscated wallet supports single sign-on (SSO).
object
Instance configuration data managed by Oracle Secure Backup: class, Oracle Secure Backup user, host, tape device, tape library, backup schedule, and so on. Objects are stored as files in subdirectories of admin/config in the Oracle Secure Backup home.
obtar
The underlying engine of Oracle Secure Backup that moves data to and from tape or disk. obtar is a descendent of the original Berkeley UNIX tar(2) command.
Although obtar is typically not accessed directly, you can use it to back up and restore files or directories specified on the command line. Obtar enables the use of features not exposed through obtool or the Oracle Secure Backup Web tool.
obtool
The principal command-line interface to Oracle Secure Backup. You can use this tool to perform all Oracle Secure Backup configuration, backup and restore, maintenance, and monitoring operations. The obtool utility is an alternative to the Oracle Secure Backup Web tool.
off-site backup
A backup that is equivalent to a full backup except that it does not affect the full or incremental backup schedule. An off-site backup is useful when you want to create a backup image for off-site storage without disturbing your incremental backup schedule.
on-demand backup
A file-system backup initiated through the backup command in obtool or the Web tool. The backup is one-time-only and either runs immediately or at a specified time in the future. An on-demand backup contrasts with a scheduled backup, which is initiated by the Oracle Secure Backup scheduler.
operator
A person whose duties include backup operation, backup schedule management, tape swaps, and error checking.
Oracle Secure Backup catalog file
This is the indices.cur file. This file contains complete information about all backed up files, including the name, path, and statistical information. There is one catalog file per host.
Oracle Secure Backup home
The directory in which the Oracle Secure Backup software is installed. The Oracle Secure Backup home is typically /usr/local/oracle/backup on UNIX/Linux and C:\Program Files\Oracle\Backup on Windows. This directory contains binaries and configuration files. The contents of the directory differ depending on which role is assigned to the host within the administrative domain.
Oracle Secure Backup logical unit number
A number between 0 and 31 used to generate unique device special file names during device configuration (for example: /dev/obt0, /dev/obt1, and so on). Although it is not a requirement, unit numbers typically start at 0 and increment for each additional tape device of a given type, whether tape library or tape drive.
The Oracle Secure Backup logical unit number should not be confused with the SCSI LUN. The SCSI LUN is part of the hardware address of the tape device, whereas the Oracle Secure Backup logical unit number is part of the name of the device special file.
Oracle Secure Backup user
A defined account within an Oracle Secure Backup administrative domain. Oracle Secure Backup users exist in a separate namespace from operating system users.
Oracle Secure Backup wildcard pattern matching
A technique used on UNIX-based and Linux-based operating systems to filter output using a set of wildcard character patterns, while browsing the backup catalog through the Oracle Secure Backup obtool.
overwrite
The process of replacing a file on your system by restoring a file that has the same file name.
password grace time
The length of time, after an Oracle Secure Backup user password has expired, during which the user is allowed to log in without changing the password.
password lifetime
The length of time, measured in number of days, for which an Oracle Secure Backup user password is valid.
password reuse time
The length of time which must elapse before a previously-used Oracle Secure Backup user password may be reused.
preauthorization
An optional attribute of an Oracle Secure Backup user. A preauthorization gives an operating system user access to specified Oracle Secure Backup resources.
primary access mode
The mode of access for a host that uses the Oracle Secure Backup network protocol for communications within the administrative domain. Oracle Secure Backup must be installed on hosts that use primary access mode. In contrast, hosts that use NDMP access mode do not require Oracle Secure Backup to be installed. Note that Oracle Secure Backup uses NDMP for data transfer among hosts regardless of whether a host is accessed through the primary or NDMP access modes.
private key
A number that corresponds to a specific public key and is known only to the owner. Private and public keys exist in pairs in all public key cryptography systems. In a typical public key cryptosystem, such as RSA, a private key corresponds to exactly one public key. You can use private keys to compute signatures and decrypt data.
privileged backup
File-system backup operations initiated with the --privileged option of the backup command. On UNIX and Linux systems, a privileged backup runs under the root user identity. On Windows systems, the backup runs under the same account (usually Local System) as the Oracle Secure Backup service on the Windows client.
public key
A number associated with a particular entity intended to be known by everyone who must have trusted interactions with this entity. A public key, which is used with a corresponding private key, can encrypt communication and verify signatures.
retention period
The length of time that data in a volume set is not eligible to be overwritten. The retention period is an attribute of a time-managed media family. The retention period begins at the write window close time. For example, if the write window for a media family is 7 days, then a retention period of 14 days indicates that the data is eligible to be overwritten 21 days from the first write to the first volume in the volume set.
Recovery Manager (RMAN)
A utility supplied with Oracle Database used for database backup, restore, and recovery. RMAN is a separate application from Oracle Secure Backup. Unlike RMAN, you can use Oracle Secure Backup to back up any file on the file system—not just database files. Oracle Secure Backup includes an SBT interface that RMAN can use to back up database files directly to tape or disk pool.
rights
Privileges within the administrative domain that are assigned to a class. For example, the perform backup as self right is assigned to the operator class by default. Every Oracle Secure Backup user that belongs to a class is granted the rights associated with this class.
RMAN client
The Recovery Manager (RMAN) client program, which is installed automatically with Oracle Database software, initiates database backup and recovery. The RMAN client can back up and recover any Oracle Database files accessible locally or through Oracle Net so long as it meets compatibility requirements.
RMAN recovery catalog
The recovery catalog is an optional database schema that serves as a secondary repository of Recovery Manager (RMAN) metadata. You can create a centralized recovery catalog in a database to store the metadata for multiple target databases. The recovery catalog is managed by RMAN and is independent of the Oracle Secure Backup catalog.
RMAN target database
The target is the database that Recovery Manager (RMAN) backs up or restores. The RMAN repository, which is the metadata that RMAN uses to manage backup and recovery, is stored in the control file of the target database.
roles
The functions that hosts in your network can have during backup and restore operations. There are three roles in Oracle Secure Backup: administrative server, media server, and client. A host in your network can serve in any of these roles or any combination of them. For example, the administrative server can also be a client and media server.
rotation policy
A rotation policy defines the physical management of backup media throughout the media life cycle. It determines in what sequence and at which times each volume moves from the initial active location where it is written, to another location, and so on, until it is reused.
SBT interface
A media management software library that Recovery Manager (RMAN) can use to back up to tertiary storage. An SBT interface conforms to a published API and is supplied by a media management vendor. Oracle Secure Backup includes an SBT interface for use with RMAN.
schedule
A user-defined time period for running scheduled backup operations. A file-system backup is triggered by a schedule, which you can create with the mksched command in obtool. In contrast, an on-demand backup is a one-time-only backup created with the backup command.
scheduled backup
A file-system backup that is scheduled through the mksched command in obtool or the Oracle Secure Backup Web tool (or is modified by the runjob command). A backup schedule describes which files should be backed up. A trigger defined in the schedule specifies when the backup job should run.
scheduler
A daemon (obscheduled) that runs on an administrative server and is responsible for managing all backup scheduling activities. The scheduler maintains a job list containing each backup job scheduled for execution.
service daemon
A daemon (observiced) that runs on each host in the administrative domain that communicates through primary access mode. The service daemon provides a wide variety of services, including certificate operations.
SCSI LUN
Logical unit number of a Small Computer System Interface (SCSI) tape device. Logical unit numbers make it possible for multiple tape devices to use a single SCSI ID. Do not confuse with Oracle Secure Backup logical unit number.
Secure Sockets Layer (SSL)
A cryptographic protocol that provides secure network communication. SSL provides endpoint host authentication using a certificate. Data transmitted over SSL is protected from eavesdropping, tampering or message forgery, and replay attacks.
Small Computer System Interface (SCSI)
A parallel I/O bus and protocol that permits the connection of a variety of peripherals to host computers. Connection to the SCSI bus is achieved through a host adapter and a peripheral controller.
Storage Area Network (SAN)
A high-speed storage device subnetwork. A SAN is designed to assign data backup and restore functions to a secondary network where so that they do not interfere with the functions and capabilities of the server.
storage element
A physical location within a tape library where a volume can be stored and retrieved by a tape library's robotic arm.
super-directory
A fictitious directory displayed when browsing a file-system backup that contains all files and directories saved from the top-most file-system level.
tape drive
A tape device that reads and writes data stored on a tape. Tape drives are sequential-access, which means that they must read all preceding data to read any particular piece of data. Tape drives are accessible through various protocols, including Small Computer System Interface (SCSI) and Fibre Channel. A tape drive can exist standalone or in a tape library.
tape library
A medium changer that accepts Small Computer System Interface (SCSI) commands to move a volume between a storage element and a tape drive.
tape service
An Network Data Management Protocol (NDMP) service that transfers data to and from secondary storage and allows the data management application (DMA) to manipulate and access secondary storage.
TCP/IP (Transmission Control Protocol/Internet Protocol)
The suite of protocols used to connect hosts for transmitting data over networks.
time-managed expiration policy
A media family expiration policy in which all volumes in a volume set can be overwritten when they reach their volume expiration time. Oracle Secure Backup computes the volume expiration time by adding the volume creation time for the first volume in the set, the write window time, and the retention period.
For example, you set the write window for a media family to 7 days and the retention period to 14 days. Assume that Oracle Secure Backup first wrote to the first volume in the set on January 1 at noon and subsequently wrote data on 20 more volumes in the set. In this scenario, all 21 volumes in the set expire on January 22 at noon.
You can make Recovery Manager (RMAN) backups or file-system backups to volumes that use a time-managed expiration policy.
trigger
The part of a backup schedule that specifies the days and times at which the backups should occur.
trusted certificate
A certificate that is considered valid without the need for validation testing. Trusted certificates build the foundation of the system of trust. Typically, they are certificates from a trusted Certification Authority (CA).
unprivileged backup
A file-system backup created with the --unprivileged option of the backup command. When you create or modify an Oracle Secure Backup user, you associate operating system accounts with this user. Unprivileged backups of a host run under the operating system account associate with Oracle Secure Backup user who initiates the backup.
UUID
Universal Unique Identifier. An identifier used for tagging objects across an Oracle Secure Backup administrative domain.
virtual tape library
One or more large-capacity disk drives partitioned into virtual physical tape volumes. To Oracle Secure Backup the virtual tape library appears to be a physical library with tape volumes and at least one tape drive. The volumes and drives in the virtual tape library can be configured to match common physical tapes and drives.
volume
A volume is a unit of media, such as the LTO5 tape drive. A volume can contain multiple backup images.
volume creation time
The time at which Oracle Secure Backup wrote backup image file number 1 to a volume.
volume expiration time
The date and time on which a volume in a volume set expires. Oracle Secure Backup computes this time by adding the write window duration, if any, to the volume creation time for the first volume in the set, then adding the volume retention period.
For example, assume that a volume set belongs to a media family with a retention period of 14 days and a write window of 7 days. Assume that the volume creation time for the first volume in the set was January 1 at noon and that Oracle Secure Backup subsequently wrote data on 20 more volumes in the set. In this scenario, the volume expiration time for all 21 volumes in the set is January 22 at noon.
volume ID
A unique alphanumeric identifier assigned by Oracle Secure Backup to a volume when it was labeled. The volume ID usually includes the media family name of the volume, a dash, and a unique volume sequence number. For example, a volume ID in the RMAN-DEFAULT media family could be RMAN-DEFAULT-000002.
volume label
The first block of the first backup image on a volume. It contains the volume ID, the owner's name, the volume creation time, and other information.
volume sequence number
A number recorded in the volume label that indicates the order of the volume in a volume set. The first volume in a set has sequence number 1. The volume ID for a volume usually includes the media family name of the volume, a dash, and a unique volume sequence number. For example, a volume ID for a volume in the RMAN-DEFAULT media family could be RMAN-DEFAULT-000002.
volume set
A group of volumes spanned by a backup image. The part of the backup image that fits on a single volume is a backup section.
volume tag
A field that is commonly used to hold the barcode identifier, also called a volume tag, for the volume. The volume tag is found in the volume label.
wallet
A password-protected encrypted file. An Oracle wallet is primarily designed to store X.509 certificates and their associated public key/private key pair. The contents of the wallet are only available after the wallet password has been supplied, although with an obfuscated wallet no password is required.
Web tool
The browser-based GUI that enables you to configure an administrative domain, manage backup and restore operations, and browse the backup catalog.
write window
The period for which a volume set remains open for updates, usually by appending additional backup images. The write window opens at the volume creation time for the first volume in the set and closes after the write window period has elapsed. After the write window close time, Oracle Secure Backup does not allow further updates to the volume set until it expires (as determined by its expiration policy), or until it is relabeled, reused, unlabeled, or forcibly overwritten.
A write window is associated with a media family. All volume sets that are members of the media family remain open for updates for the same time period.
write window close time
The date and time that a volume set closes for updates. Oracle Secure Backup computes this time when it writes backup image file number 1 to the first volume in the set. If a volume set has a write window close time, then this information is located in the volume section of the volume label.