1. Deploy Oracle Secure Backup and NetBackup on Compute Cloud@Customer
  2. About Installing Oracle Secure Backup

About Installing Oracle Secure Backup

OSB 18.1 consists of an administration server, one or more media servers, and one or more clients. The administration server and media server are frequently combined. In a typical installation, multiple clients relay backup data to a media server, which then stores the backup data on one of several classes of storage device. The administration server presents a web interface and a command line interface to allow configuration and management of the environment.

In this example, you create a small test environment to demonstrate the viability of using OSB 18.1 to backup instances residing on Compute Cloud@Customer to both local storage and to Oracle Cloud Infrastructure object storage.

This playbook describes the installation of OSB 18.1 Media and Administration function on an Oracle Linux 7.9 server and comprises these steps:
  1. Review OSB licensing with your Oracle representative.
  2. Create an Oracle Linux instance on your Compute Cloud@Customer.
  3. Download OSB 18.1 to the Oracle Linux instance and follow the Oracle Secure Backup Installation and Configuration Guide (link available in the "Explore More" section of this playbook) to install OSB on your Media/Administration Server.
  4. Prepare one or both of these storage devices for OSB to use to store backups:
    • Block volume disk device
    • OCI Object Store cloud storage device
  5. Configure one or more client systems that you want backed up by OSB.
  6. Configure the backup datasets on each client.
  7. Configure the backup schedules.

Review OSB Licensing With Your Oracle Representative

Oracle Secure Backup is an Oracle licensed product. Please review and understand the licensing of OSB.

Create a Compute Instance on PCA X9-2 to Run the Media/Administration Server

In this example, Oracle Secure Backup Media/Admin runs in an instance residing on a Compute Cloud@Customer. OSB Media/Admin could also run on an external physical server or on an instance in the Oracle Cloud.

The size of the compute instance will vary based on load expected on the Media/Administration server. A flex shape instance with one OCPU as a base, plus one OCPU for each simultaneous scheduled backup is a starting point, but you should experiment and measure to find an optimal sizing.

Use one vNIC as a starting point. If backup performance is not optimal, and client network issues seem to be at fault, you can add more vNICs later. OSB has a Preferred Network Interface (PNI) setting that allows you to use and manage multiple IP interfaces on the Media/Admin server. If you use OCI object storage, at least one vNIC assigned to the Admin/Media server must be able to reach OCI object storage endpoints. Clients do not need to be able to reach OCI, since backups and restores will move data between the Media/Admin server and the clients, even if the data is stored in OCI.

Compute Cloud@Customer ships with Oracle Linux Platform Images which make it easy to deploy Linux instances. This example deploys an Oracle Linux 7.9 Platform Image on which you can install the Media/Admin server.

Refer to Compute Cloud@Customer Administration Guide (link provided in the "Explore More" section of this playbook) to create and configure an instance for the Media/Admin server, deploying an Oracle Linux 7.9 Platform Image. Log in to the PCA X9-2 by using Admin or a user with deployment permissions. Deploy into a compartment in a tenancy in which the PCA user also has the permissions to create a block volume and attach it to an instance.

You will likely need to update the Oracle Linux 7.9 platform server. For Oracle Linux 7.9, you should use yum to execute 
yum groupinstall Server with GUI
to install the necessary packages to allow the use of the OSB browser interface.

Install OSB 18.1 on Linux for the Media/Administration Server

When deploying a Compute Cloud@Customer Oracle Linux Platform Image, by default, the root user is not active. Use the default opc user to create a password for root. You must use root to install OSB. You can also use root as the default user for the OSB Admin/Media server, or you can create a user with root authorities. Refer to “About Operating System Accounts” in the OSB 18.1 Administrators Guide for details.

Use a browser to navigate to the OSB downloads page on the internet. (Use a search engine to search for “oracle secure backup download”.). Select the version of OSB you would like to download and you will be taken to Oracle Software Delivery Cloud, where you can log in using your Oracle credentials. Select the operating system platform on which you are installing OSB. The installation package is the same for Administration Server, Media Server, or a client. Download the .zip file to the Oracle Linux instance.

Install OSB 18.1, following instructions in the Oracle Secure Backup 18 Installation and Configuration Guide. Be sure to install using option “A”, in the installation script. This will install the Media Server, the Administration Server, and a client, on the Oracle Linux 7.9 instance.

Once OSB is installed, use a browser to access the OSB browser user interface (BUI). The OSB BUI is installed on the default HTTP port for the server; for example, if the IP of the OSB server was 192.168.10.20, entering https://192.168.10.20 in your browser would open the BUI login screen. In your OSB installation process, a password was specified for the OSB admin user. Log in to the BUI using the OSB admin user to verify that the OSB Admin server is operating.

Prepare Storage Devices for OSB Media Server Storage

OSB 18.1 can use a variety of storage devices, including block storage, NAS/file storage, tape, or OCI Object Storage. A popular option is to use an external Oracle ZFS Storage Appliance as a remote, or local, repository for OSB backup files. If you use an external ZFS Storage Appliance, you can also implement the NDMP interface to external tape libraries.

In this example, you will configure both block storage belonging to the Compute Cloud@Customer instance and OCI Object Storage.

To use Compute Cloud@Customer block storage with OSB, first create block volume(s), then attach the block volume(s) to the Media/Administration instance. Then, use Oracle Linux to format the block volumes, and add fstab entries to mount the block volumes. Then, use the OSB Administration BUI to add the volumes into OSB Device Category of Disk.

In this exercise, you will add one Compute Cloud@Customer block volume with a size of 1TB, to OSB. Multiple volumes can be added, and performance needs may call for multiple volumes if there are many simultaneous backups running. A Disk Pool can be created and managed in OSB to add capacity and spread I/O loads. You should create the volumes used for OSB backups with the Standard Performance attribute, not high performance. High performance volumes reside on all flash pools although flash storage is neither desirable nor necessary for a backup service.

To create a block volume in Compute Cloud@Customer, you can use either the OCI CLI or the Compute Cloud@Customer Customer Web Interface through a browser. This example uses the Web Interface.
  1. Log in to the Compute Cloud@Customer web interface using a user with the capability of creating and attaching block volumes in the tenancy and compartment containing the OSB Admin/Media Server Oracle Linux 7.9 instance.
  2. Navigate to Block Volumes and click Create Block Volume.
    1. Fill in Name, Compartment, and Size in GBs.
    2. Moving the slider to High Performance is not necessary.
    3. Leave Backup Policy blank. In the Tagging section, for best performance, add a key in the Tag Namespace of OracleC3, using logBias as the Key and THROUGHPUT for the Value .
    4. Add a second key with Tag Namespace of None, Key of C3_blocksize, and the value of 131072 and then click Create Block Volume. These tags will create a block volume with a blocksize of 128k, and a caching algorithm favoring sequential access.
    In a few seconds, the new block volume will be created, and will appear in the list of block volumes that reside in the compartment.
  3. Once the block volume is created, navigate to Block Volumes, and list the block volume in the compartment where it was created.
  4. Now, navigate to the instance running OSB in the Compute section of the Compute Cloud@Customer web interface.
    1. Be sure you are set to see the correct compartment to see the instance. Select the instance by clicking its name and ensure the instance is running. The status pane will appear, and at the bottom, there will be a button to attach a block volume.
    2. Click Attach Block Volume, choose the correct compartment, and then choose the block volume you just created. Leave the attachment Access as Read/Write and click Attach to Instance to attach the volume.
    3. Inside of the Oracle Linux 7.9 instance, the operating system will see the attachment of a block volume. The OS should respond as if a new SCSI disk were plugged into SCSI interface on the server. In Linux, use the dmesg command to show which disk ID was given to the new block volume. Another method of finding the new block volume is to look at the subdirectories under the /dev/disk directory.
  5. Once you have carefully determined the disk identifier for the disk attached, use fdisk to add a partition to the disk. Use the entire disk. Then, format the new partition with XFS by using the mkfs.xfs command on the new partition.
  6. Find the UUID of the new partition by listing the /dev/disk/by-uuid directory in the Linux instance.
    In this example, your new disk was added as /dev/sdb, the new partition is /dev/sdb1. Issuing the command 
    ls -al /dev/disk/by-uuid
    reveals this entry for the partition: 
    lrwxrwxrwx. 1 root root 10 Jun 30 17:30 e4750eff-2da3-45af-bb8b-fdea82b804d4 -> ../../sdb1
    You've created a directory on which to mount the new volume at /mnt/osb-volume1, then created a line in the file /etc/fstab to allow the block volume to be mounted: 
    UUID="e4750eff-2da3-45af-bb8b-fdea82b804d4" /mnt/osb-volume1 xfs defaults 0 0
  7. Finally, mount the block volume: 
    mount /mnt/osbvolume1
  8. Once the block volume is mounted, you can add it as a Disk Device in OSB:
    1. Log in to the OSB Admin BUI using the admin user.
    2. Navigate to Configure then Basic then Devices. A list of all defined devices will appear.
    3. To add the newly created block volume as a disk device, click Add on the Configure: Devices screen. The New Device screen will appear.
    4. Change the Type to disk. A new screen will appear to allow the addition of a disk device.
    5. Provide a Name.
    6. Set the capacity to match the capacity of the block volume created in the Compute Cloud@Customer; for example 1TB. The Concurrent jobs parameter will control the number of backups and restores running against the device at any given time. Block volumes in Compute Cloud@Customer are capable of handling many concurrent jobs, but the exact number depends on the overall load on the Compute Cloud@Customer, and the load on the internal storage. Oracle recommends twelve as a starting point for this parameter, with tuning possibly being needed later. Remember that the optimal number of concurrent jobs will also depend on the network bandwidth to the clients being backed up.
    7. The Free space goal percentage can be set to 5%. Leave the Blocking factor and Max blocking factor blank.
    8. For Attachment, the base path should be the mountpoint of the disk, in this example, /mnt/osb-volume1.
    9. Directory can be specified if an additional subdirectory under the mountpoint is desired.
    10. Set Initialize to no and leave Staging and Staging rules blank. Ensure force is not selected and leave Enable checksum as the system default.
    11. Click Apply, then OK. The disk pool volume should be added to OSB.

Prepare Cloud Device For Use By OSB

Oracle Cloud Infrastructure (OCI) Object Storage buckets can be used as cloud storage devices in OSB. Setting up an OCI bucket as a cloud storage device can be somewhat complicated, but it is well covered in the Tech Brief, Oracle Secure Backup – Getting Started With Cloud Storage Devices(link available in the "Explore More" topic in this playbook).

Using an OCI Object Storage bucket as a target of OSB backups requires an OCI tenancy, OCI compartment, OCI users, and OCI Object Storage entitlements. An authentication object is created in OSB that refers to the usernames and SSH keys required to use the Object Storage bucket in OCI. Refer to the tech brief for details.

Once the cloud storage device has been added, backups can be sent to OCI Object Storage. OSB will authenticate using the saved credentials in the authentication object.

Configure Client Systems For Backup

OSB uses a backup client on each host that is to be backed up to a Media Server, thus the OSB software must be installed on each client. You can use the same install file used to install the Admin/Media server on Oracle Linux to install the OSB client on each client. For other platforms, go to the OSB Downloads page on the Oracle web and download the appropriate package.

Follow the instructions in the Oracle Secure Backup 18 Installation and Configuration Guide to install the OSB client on the desired hosts (you can find a link to this document in the "Explore More" topic, elsewhere in this playbook). During the client installation, the FQDN or IP address of the Admin/Media server will be specified. The Admin/Media server also has a client role installed by default, so that the Admin/Media server can back up itself.

After the client has been installed on the desired host, it must be added into the OSB Admin server; do the following:
  1. Log in to the OSB web interface and click Configure then Basic then Hosts.
  2. Click Add.
  3. Give the client system a name and specify the IP address or FQDN of the client to be added as a client host.
  4. Refer to the OSB documentation for guidance on Encryption, Rekey frequency, Key type, and Certificate key size. For Access method, select ob, leave Disable RDS as system default, and leave TCP/IP buffer size blank (you can tune this later, if necessary).
  5. For Backup software compression, you'll need to weigh network and storage utilization against CPU utilization on the client host. Oracle recommends that you start with the low setting. If storage or network bandwidth are issues, but client CPU utilization is not high during backup windows, you can increase software compression later. The backup data is compressed on the client before being sent to the Media Server.
  6. Click Apply.

Configure Backup Datasets

OSB is a file level backup utility. In OSB, a backup dataset is a parameter file defining a set of files to be backed up. Filtered by file name or directory name. The parameter file is a text file saved in OSB. If you can edit it to add or remove files from the dataset definition, the next backup invocation that uses the backup dataset will have a different set of files. Generally, a backup dataset is used by a backup schedule to determine which files are to be backed up and from what hosts the backup should be created, when the schedule is triggered. The backup dataset can be used in multiple schedules and be triggered at multiple times.

The best reference for OSB backup datasets is in the OSB Administrator’s Guide in the section "Creating Dataset Files". Here is a simple example:

You have our host with an installed client, named sl-osb-client1a and want to create a backup dataset that includes that host and will backup all files under the / root directory.
  1. Log in to the OSB web interface and navigate to Backup then Settings then Datasets and click Add to add a backup dataset.
  2. You want to create a File level backup, so specify Dataset type as File and give the backup dataset a name of OSB-Demo1. An edit window is provided with a pre-initialized set of parameters that you can edit and save.
  3. To identify the host to be backup, specify the include host sl-osb-client1a parameter line.
  4. We then specify the include path statement to grab all files under the / root directory: 
    include path / {# include the local root directory}
    Click Save to save the backup dataset. The Backup:Datasets panel in the OSB BUI appears.
  5. Highlight the dataset you just created and click Check Dataset to ensure you don't have syntax errors but do have specified a valid host. If the Check Dataset function returns No Errors Found, the backup dataset is good.
  6. Now, to run an immediate backup of all files on the host sl-osb-client1a, navigate to Backup then Backup Now. Click Add and select the dataset you just created, OSB-Demo1.
  7. Specify the target storage and submit the job. In OSB, all backup and restore functions are run under a job queue managed by OSB.
  8. To see jobs, navigate to Home. Failed, Active, and Pending jobs, and their output, are displayed. Use the Home screen to track the status of all jobs run by the OSB Admin server. If the backup job runs successfully, every file backed up by OSB during the job run is cataloged in a browsable catalog on the OSB admin server.

    Note:

    Backups are run at a file or directory level only and restores must also be at a file or directory level. There is no provision for running a backup of a block volume, boot volume, or other physical container. Only files and directories may be specified.
  9. Once the backup job completes, clicking Completed jobs in the home screen will show the completion status of the job. If the job completed successfully, the selected files are now saved on the storage specified for the run, the individual backup files are cataloged, and files and directories can be selectively restored.
OSB has many features not called out in this playbook. OSB also has extensive support for tape, can do incremental file level backups, has a command line interface that can be scripted, and many other features. Refer to OSB documentation for full details.