7 Defaults and Policies
Oracle Secure Backup defaults and policies are configuration data that control how Oracle Secure Backup operates within an administrative domain. These policies are grouped into several policy classes. Each policy class contains policies that describe a particular area of operations.
The policy classes are as follows:
See Also:
"Policy Commands" to learn about the obtool
policy commands
Backup Compression Policies
These policies, if specified, control how Oracle Secure Backups performs backup compression.
The compression policies are as follows:
Usage Notes
-
There is no one best compression level. The best level to use depends on your specific environment and compression requirements, as well as network traffic characteristics (workload), backup speed, and the content of the data set being compressed.
-
Oracle Secure Backup compression options are not applicable to database backups performed using RMAN. For database backups, similar compression options can be specified as part of RMAN commands.
-
Oracle Secure Backup compression options are not applicable to NDMP hosts (
--access ndmp
). -
If Oracle Secure Backup finds hardware capable of doing hardware compression, then it disables any software compression option that may be set, with appropriate warning messages as part of the job.
option
Use this policy to specify how to compress all backup data in a domain. By default no compression value is set when the domain is created. The value specified is used to compress all file system backups on all Oracle Secure Backup clients where compression is not enforced, either at the backup job level or at the client policy level.
Values
- low
- Compresses data as best as possible without compromising too much on CPU usage and speed. Choose this option if you want the data compressed, but you do not want backup speed or CPU load to be overly affected.
- medium
- Provides a balance between compression ratio and speed.
- basic
- This option is generally better in terms of compression ratio than the
medium
option. It is slower than thelow
andmedium
options, but faster than thehigh
option. - high
- Compresses data as much as possible, using extensive CPU. This option is best suited for backups over slower networks where the limiting factor is network speed.
buffersize
Use this policy to set the size of buffer that Oracle Secure Backup uses to allocate a buffer for performing compression.
excludeformats
Use this policy to add to the default list of compressed file formats that are always excluded from Oracle Secure Backup software compression. Use the addp
and rmp
commands, respectively, to add and remove values.
By default, the following file formats are always excluded from Oracle Secure Backup software compression: .3GP
, .7Z
, .AVI
,.BZ
, .BZ2
, .BZA
, .CAB
, .DEB
, .FLAC
, .GIF
, .GZ
, .GZ2
, .GZIP
,
.JBIG2
, .JPEG
, .JPG
, .LZ
, .LZMA
, .LZO
, .M2TS
, .MKV
, .MOV
, .MP3
, .MP4
, .MPG
,
.MPKG
, .PACK
, .PDF
, .PKG
, .PNG
, .RAR
, .RPM
, .TIF
, .VOB
, .Z
, .ZZ
, .ZIP
, and .ZIPX
Values
The following is an example of using the addp
command to specify compressed file formats which will not be considered for software compression. The lsp
command is then used to display the formats to be excluded:
ob> addp backupcomp/exclude .tar .scf .fff
ob> lsp backupcomp/exclude
excludeformats .TAR
.SCF
.FFF
Backup Encryption Policies
These policies control how Oracle Secure Backup performs backup encryption. For example, you can specify whether backups must be encrypted for the entire administrative domain or for specific clients in the domain, which encryption algorithm to use for encryption, and how keys are managed.
The global algorithm
, global keytype
, and global rekeyfrequency
policies are used to provide default values to newly created clients. The client algorithm
, client keytype
, and client rekeyfrequency
policies define the actual values used for a given client.
The encryption policies are as follows:
algorithm
Use the algorithm
policy to specify the algorithm used in encrypting backups written to tape.
At the administrative domain level, the algorithm
policy specifies the default algorithm for all backups. At the client level, it specifies the default algorithm for backups from this client.
Values
Note:
The algorithms available are the same as those available in Recovery Manager (RMAN).
enablehardwareencryption
Use the enablehardwareencryption
policy to control whether Oracle Secure Backup uses hardware-based encryption.
The LTO4 interface to hardware encryption is implemented through the SCSI specification for hardware encryption. Encryption is performed by the LTO4 drive in hardware instead of in software by Oracle Secure Backup.
Hardware-based encryption brings no changes to the existing Oracle Secure Backup encryption model. All encryption decisions, policies, key management, and settings for hardware-based encryption are identical with those for software-based encryption.
Note:
It is not possible to back up using hardware-based encryption and then restore using software-based encryption. Nor is it possible to back up using software-based encryption and then restore using hardware-base encryption.
Values
encryption
Use the encryption
policy to specify whether data written to tape backups must be encrypted by default.
This policy can be set as a global policy for the administrative domain. It can also be overridden at the client level, using the --encryption
option of the mkhost and chhost commands.
Note:
If a database backup is encrypted at the Recovery Manager (RMAN) level, then Oracle Secure Backup always writes the backup to tape in the encrypted form provided by RMAN, regardless of the setting for the encryption
policy. If encryption
is set to required
, then Oracle Secure Backup does not encrypt the data a second time.
Values
- required
-
Encrypts all backups, regardless of policy settings on specific clients or jobs. If this policy is enabled at the administrative domain level, then all backup data written to tape is encrypted, regardless of other policies for specific clients or settings for specific jobs. If this policy is defined at the client level, then all backup data written to tape from this client is encrypted, regardless of settings for specific jobs.
- allowed
-
Does not encrypt backups to tape unless the policy set on a client or the settings for a job specify encryption. This is the default.
keytype
Values
- transparent
-
Generates keys randomly using the Oracle Random Number Generator as a seed for the key. The keys are stored in a host-specific key store. This is the default.
- passphrase
-
Generates keys based on a backup administrator-supplied passphrase.
Note:
-
The backup administrator must set the passphrase for a given host using the
chhost
command. Until the passphrase is set, backups are encrypted in transparent mode. -
If the passphrase is lost or forgotten, then backups created with it cannot be restored.
-
rekeyfrequency
Use the rekeyfrequency
policy to manage how often keys are generated. Older keys are retained in a wallet-protected key store.
The rekeyfrequency
policy can be defined at the global level for an entire administrative domain. The global policy can be overridden at the client level.
Values
- duration
-
Specifies the frequency of generating keys for transparent mode encryption. Refer to "duration" for a description of the
duration
placeholder.A key is automatically generated at midnight on the day when the specified duration expires. This key is then added to the wallet and is used on subsequent backup operations. Older keys are retained in the wallet for restoring older backups.
Note:
If the keytype policy is set to
passphrase
, then the administrator is responsible for managing key regeneration.The default value is
30days
, which means keys are generated after thirty days. Minimum duration is 1 day. - perbackup
-
Generates keys for each backup. Older keys are retained in the wallet for restoring older backups.
- disabled
-
Does not generate keys automatically at regular intervals.
- systemdefault
-
Specifies that this host should use the current administrative domain policy. Valid only as a client-based policy.
Copy Backup Image Instance Policies
These policies control the behavior of copy instance jobs which copy backup image instances from one storage location to another.
The backup image instance policies are as follows:
encryption
Use the encryption
policy to specify whether data written by a copy instance job must be encrypted. This policy can be set at a global level for the administrative domain. It can be overridden at the client level, using the --encyrption
option of the cpinstance
command.
Values
- required
-
Encrypts all the backup image instances, regardless of policy settings on specific clients or jobs. If this policy is enabled at the administrative domain level, then all backup image instances written to a storage device are encrypted, regardless of other policies for specific clients or settings for specific copy instance jobs. If this policy is defined at the client level, then all backup image instances written to a storage device from this client is encrypted, regardless of settings for specific jobs.
- allowed
-
Does not encrypt backup image instance while writing them to a storage device unless the policy set on a client or the settings for a copy instance job specify encryption. This is the default.
copyoptions
Use the copyoptions
policy to specify additional options for a backup image instance copy job dispatched by the scheduler used for the obdup
program. Whenever the scheduler initiates a copy job, it supplies the specified command-line options to obdup. For example, you can turn on diagnostic output mode in obtar
by setting this value to -d
.
Values
Cloud Storage Device Policies
These policies allow you to more easily manage cloud storage devices.
The cloud storage device policies are as follows:
archiverestorehours
Use the archiverestorehours
policy to specify the number of hours for a which backup image instance must be restored from archival state. This policy is valid only for archive cloud storage device.
Values
The default value is 24 hours.
maxcsmworkers
Use the maxcsmworkers
policy to specify the maximum number of pool manager worker processes that can run, during the midnight cleanup, to delete expired backup images. Each worker process performs cleanup for one device.
Values
The default value is 4.
maxcsmthreds
Use the maxcsmthreds
policy to specify the maximum number of threads for each worker process. Each thread deletes one backup image instance.
Values
The default value is 4.
proxyserver
If a proxy server is specified, then Oracle Secure Backup uses it to connect to Oracle Cloud Infrastructure.
This global proxyserver
configuration can be overridden for a specific client by setting that client's local proxyserver
policy.
Values
There is no default value.
proxyuser
This policy defines the credentials if your proxy server requires a user name.
Values
There is no default value.
proxypassword
This policy provides a password if your proxy server requires authentication for connecting to Oracle Cloud Infrastructure.
Values
There is no default value.
segmentsize
A backup is split into multiple segments for uploading to Oracle Cloud Infrastructure. This policy defines the size of a segment.
Values
The default value is 10485760.
streamsperjob
This policy defines the number of parallel connections that Oracle Secure Backup makes for each job when uploading backups to Oracle Cloud Infrastructure.
Values
The default value is 4.
Daemon Policies
These policies control aspects of the behavior of daemons and services. For example, you can specify whether logins should be audited and control how the index daemon updates the catalog.
The daemon policies are as follows:
obhttpdwindowspassword
Use the obhttpdwindowspassword
policy to set the password for the username created using theobhttpdwindowslogon policy.
Values
obixdmaxupdaters
Use the obixdmaxupdaters
policy to specify the maximum number of catalog update processes that can operate concurrently.
The Oracle Secure Backup index daemon (obixd
) is a daemon that manages the Oracle Secure Backup catalogs for each client. Oracle Secure Backup starts the index daemon at the conclusion of each backup and at other times throughout the day.
Values
- n
-
Specifies the number of concurrent
obixd
daemons to allow. The default is 2.
obixdrechecklevel
Use the obixdrechecklevel
policy to control the level of action by the Oracle Secure Backup index daemon to ensure that a host backup catalog is valid before making it the official catalog.
Values
- structure
-
Specifies that the index daemon should verify that the structure of the catalog is sound after any updates to a backup catalog (default). This verification is a safeguard mechanism and is used to by the index daemon to double-check its actions after a catalog update.
- content
-
Specifies that the index daemon should verify that the structure and content of the catalog is sound after any updates to a backup catalog. This is the most time-consuming and comprehensive method.
- none
-
Specifies that the index daemon should take no extra action to affirm the soundness of the catalog after updates to the backup catalog. This is the fastest but also the least safe method.
obixdupdaternicevalue
Use the obixdupdaternicevalue
policy to set the priority at which the index daemon runs. The higher the value, the more of the CPU the index daemon yields to other competing processes. This policy is not applicable to Windows hosts.
Values
- n
-
Specifies the index daemon priority. The default is 0, which means that the index daemon runs at a priority assigned by the system, which is normal process priority. You can use a positive value (1 to 20) to decrease the priority, thereby making more CPU time available to other processes. To give the daemon a higher priority, enter a negative number.
webautostart
Use the webautostart
policy to specify whether the Apache Web server automatically starts when you restart observiced
.
Values
webpass
Use the webpass
policy to specify a password to be passed to the Web server.
If the Web server's Secure Sockets Layer (SSL) certificate requires a password (PEM pass phrase), then entering it in this policy enables observiced
to pass it to the Oracle Secure Backup Web server when it is started. The password is used when decrypting certificate data stored locally on the administrative server and never leaves the computer.
The installation script configures a password for the webpass
policy. You can change this password, although in normal circumstances you should not be required to do so.
Values
Required Actions If the Web Server Password Is Changed
If you change the Oracle Secure Backup Web tool server password, then you must regenerate the web server key and certificate. Use the following procedure:
-
At the command line, issue the
obwebcert upgrade
command, and follow the instructions given:# obwebcert upgrade Please enter admin password: Web Certificate has been successfully updated. The Oracle Secure Backup Service Daemon (observiced) will need to be restarted before the web server will be functional. Please execute the following command to restart observiced: obctl restart # obctl restart Oracle Secure Backup Service Daemon has been stopped. Oracle Secure Backup Service Daemon has been started. #
-
Confirm that the
obhttpd
daemons are running. You can do so by logging in to the Web tool, or on Linux and UNIX systems you can also issue aps -ef | grep ob
command.
windowscontrolcertificateservice
Use the windowscontrolcertificateservice
to specify whether Oracle Secure Backup should attempt to put the Windows certificate service in the appropriate mode before backing up or recovering a certificate service database.
Values
Device Policies
These policies control how a tape device is automatically detected during device discovery and when tape device write warnings are generated.
The device policies are as follows:
checkserialnumbers
Use the checkserialnumbers
policy to control tape device serial number checking.
While not a requirement of the SCSI-2 standard, practically all modern tape drives and libraries support the Unit Serial Number Inquiry Page, by which a device can be programmatically interrogated for its serial number.
If the checkserialnumbers
policy is enabled, then whenever Oracle Secure Backup opens a tape device, it checks the serial number of that device. If the tape device does not support serial number reporting, then Oracle Secure Backup simply opens the tape device. If the tape device does support serial number checking, then Oracle Secure Backup compares the reported serial number to the serial number stored in the device object. Three results are possible:
-
There is no serial number in the device object.
If Oracle Secure Backup has never opened this tape drive since the device was created or the serial number policy was enabled, then it cannot have stored a serial number in the device object. In this case, the serial number is stored in the device object, and the open succeeds.
-
There is a serial number in the device object, and it matches the serial number just read from the device.
In this case, Oracle Secure Backup opens the tape device.
-
There is a serial number in the device object, and it does not match the serial number just read from the device.
In this case, Oracle Secure Backup returns an error message and does not open the tape device.
Note:
Oracle Secure Backup also performs serial number checking as part of the --geometry/-g
option to the obtool lsdev
command. This option causes an Inquiry command to be sent to the specified device, and lsdev
displays its vendor, product ID, firmware version, and serial number.
Values
deletediskorphans
Use the deletediskorphans
policy to control the automatic daily (midnight) clean-up of disk pool orphans from the disk pool. A disk pool orphan is a backup image that exists in the disk pool but has not been put into the catalog database. This can occur is there is a failure during the backup operation
You must catalog any disk pool that you import in your domain. If you do not catalog the imported disk pool before the automatic orphan clean-up, then all your backup files that do not have corresponding catalog entries will be seen as disk pool orphans and will be deleted.
Values
disableasyncio
discovereddevicestate
Use the discovereddevicestate
policy to determine whether a tape device discovered by the discoverdev command is immediately available for use by Oracle Secure Backup.
Values
errorrate
Use the errorrate
policy to set the error rate. The error rate is the ratio of recovered write errors that occur during a backup job per the total number of blocks written, multiplied by 100. If the error rate for any backup is higher than this setting, then Oracle Secure Backup displays a warning message in the backup transcript.
Values
- n
-
Specifies the error rate to be used with the tape device. The default is
8
. - none
-
Disables error rate checking. You can disable error rate checking to avoid warning messages when working with a tape drive that does not support the Small Computer System Interface (SCSI) commands necessary to check the error rate.
enablecloudchecksum
Use the enablecloudchecksum
policy to specify whether a checksum must be computed and stored for backup image instances that are written to Cloud storage. This policy is applicable to all Cloud storage devices in the administrative domain, unless the policy is overridden by the device-level setting. Backup image instances can be created as part of a backup, copy instance, or staging operation.
Values
- yes
-
Computes and stores a checksum for all backup image instances that are written to Cloud storage. This is the default setting.
- no
-
Does not compute or store a checksum for all backup image instances that are written to Cloud storage.
- systemdefault
-
Determines whether a checksum must be computed and stored depending on the configuration settings of the Cloud storage device to which backup data is written. For example, if the
enablecloudchecksum
policy is set tosystemdefault
, and a Cloud storage device is configured withenablechecksum
set to yes, then a checksum is computed and stored for all backup image instances written to that Cloud storage device.
enablediskchecksum
Use the enablediskchecksum
policy to specify whether a checksum must be computed and stored for backup image instances that are written to disk pools. This policy is applicable to all disk pools in the administrative domain, unless the policy is overridden by the device-level setting for a particular disk pool. Backup image instances can be created as part of a backup, copy instance, or staging operation.
Values
- yes
-
Computes and stores a checksum for all backup image instances that are written to disk pools. This is the default setting.
- no
-
Does not compute or store a checksum for all backup image instances that are written to disk pools.
- systemdefault
-
Determines whether a checksum is computed and stored based on the configuration setting of the disk pool to which backup data is written.
enabletapechecksum
Use the enabletapechecksum
policy to specify whether a checksum must be computed and stored for backup image instances that are written to tape devices. This policy is applicable to all tape devices in the administrative domain, unless it is overridden by the device-level setting for a specific tape device. Backup image instances can be created as part of a backup, copy instance, or staging operation.
Values
- yes
-
Computes and stores a checksum for all backup image instances that are written to tape. This is the default setting.
- no
-
Does not compute or store a checksum for all backup image instances that are written to tape.
- systemdefault
-
Determines whether a checksum is computed and stored based on the configuration setting of the tape device to which backup data is written. For example, if the
enabletapechecksum
policy is set tosystemdefault
and a tape device is configured withenablechecksum
set to no, then checksums are not computed or stored for backup image instances written to that tape device.
maxdriveidletime
Use the maxdriveidletime
policy to set how long a tape can remain idle in a tape drive after the conclusion of a backup or restore operation. When this set time is up, Oracle Secure Backup automatically unloads the tape from the tape drive.
You cannot specify this parameter on a drive-by-drive basis. You must have the modify administrative domain's configuration right to modify this policy.
Values
- duration
-
Specifies the length of time that a tape can remain idle before Oracle Secure Backup unloads it. Refer to "duration" for a description of the
duration
placeholder. The default is5minutes
, which means that Oracle Secure Backup unloads a tape when it has been idle for five minutes.Note:
The
duration
placeholder must be specified by some combination ofseconds
,minutes
andhours
only.The minimum value that can be specified is
0seconds
. The maximum value is24hours
. A duration of0
results in an immediate tape unload at the conclusion of any backup or restore operation. - forever
-
Specifies that a tape remains in the tape drive at the conclusion of a backup or restore operation. The tape is not unloaded automatically.
maxacsejectwaittime
This policy applies only to StorageTek Automated Cartridge System Library Software (ACSLS) systems. Use the maxacsejectwaittime
policy to set how long an outstanding exportvol
request waits for the ACS cartridge access port to be cleared.
Values
- duration
-
Specifies the length of time that Oracle Secure Backup waits for an ACS cartridge access port to be cleared before canceling an
exportvol
request.Manual operator intervention is required to remove the tapes from the cartridge access port after an ACS
exportvol
operation has finished. Access to the ACSLS server is denied until the tapes are removed or a period greater thanmaxacsjecetwaittime
has passed. Oracle recommends that you schedule exports only when a human operator is locally available and that you batch export operations such that multiple volumes are specified for eachexportvol
operation.Refer to "duration" for a description of the
duration
placeholder. The default is5minutes
.Note:
The
duration
placeholder must be specified by some combination ofseconds
,minutes
andhours
only.The minimum value that can be specified is
0seconds
. The maximum value isforever
. - forever
-
Specifies that Oracle Secure Backup never cancels an
exportvol
request while waiting for an ACS cartridge access port to clear.
poolfreespacegoal
Duplication Policies
These policies control how Oracle Secure Backup performs volume duplication.
The volume duplication policies are as follows:
duplicateovernetwork
Use the duplicateovernetwork
policy to control whether Oracle Secure Backup is allowed to duplicate a volume to a different media server than the one containing the original volume being duplicated. Oracle Secure Backup does not duplicate between tape devices attached to different media servers by default, because it requires heavy use of network bandwidth.
Values
duplicationjobpriority
Use the duplicationjobpriority
policy to specify the priority of volume duplication jobs relative to other jobs.
Values
duplicationoptions
Use the duplicationoptions
policy to specify additional options that are used during duplication. The option values must be preceded by a hyphen (-).
Values
- d
-
Enables debug mode. When specified, additional information is printed in the duplication job transcript. This option does not take any argument.
- K mask
-
Specifies device driver debug options. mask is the bitwise inclusive or one of the values listed in Table B-3.
- l
-
Does not display volume label details in duplication job transcripts during a copy operation.
- N
-
Does not use the tape helper during the duplication operation.
- n
-
Uses NDMP to perform the volume duplication. This is the default setting.
- s
-
Uses the SCSI interface to perform volume duplication, instead of the NDMP protocol. This option cannot be used with –n.
Index Policies
These policies control how Oracle Secure Backup generates and manages the catalog. For example, you can specify the amount of elapsed time between catalog cleanups.
The index policies are as follows:
asciiindexrepository
Use the asciiindexrepository
policy to specify the directory where ASCII index files are saved before being imported into the Oracle Secure Backup catalog by the index daemon.
Values
- pathname
-
Specifies the path name for the index files. The default path name is the
admin/history/host/hostname
subdirectory of the Oracle Secure Backup home.
autoindex
Use the autoindex
policy to specify Oracle Secure Backup whether backup catalog data should be produced for each backup it performs.
Values
earliestindexcleanuptime
Use the earliestindexcleanuptime
policy to specify the earliest time of day at which catalog information should cleaned up. Cleanup activities should take place during periods of lowest usage of the administrative server.
Values
- time
-
Specifies the time in hour and minutes. Refer to "time" for a description of the
time
placeholder. The default value is23:00
.
generatendmpindexdata
Use the generatendmpindexdata
policy to specify whether Oracle Secure Backup should produce backup catalog information when backing up a client accessed through Network Data Management Protocol (NDMP).
Values
indexcleanupfrequency
Use the indexcleanupfrequency
policy to specify the amount of elapsed time between catalog cleanups.
Typically, you should direct Oracle Secure Backup to clean up catalogs on a regular basis. This technique eliminates stale data from the catalog and reclaims disk space. Catalog cleanup is a CPU-intensive and disk I/O-intensive activity, but Oracle Secure Backup performs all data backup and restore operations without interruption when catalog cleanup is in progress.
Values
- duration
-
Specifies the frequency of catalog cleanup operations. Refer to "duration" for a description of the
duration
placeholder. The default is21days
, which means that Oracle Secure Backup cleans the catalog every three weeks.
latestindexcleanuptime
Use the latestindexcleanuptime
policy to specify the latest time of day at which index catalogs can be cleaned up.
Values
- time
-
Specifies the latest index cleanup time. Refer to "time" for a description of the
time
placeholder. The default value is07:00
.
maxindexbuffer
Use the maxindexbuffer
policy to specify a maximum file size for the local index buffer file.
Backup performance suffers if index data is written directly to an administrative server that is busy with other tasks. To avoid this problem, Oracle Secure Backup buffers index data in a local file on the client during the backup, which reduces the number of interactions that are required with an administrative server. This policy enables you to control the maximum size to which this buffer file can grow.
Values
positiondatainterval
saveasciiindexfiles
Use the saveasciiindexfiles
policy to determine whether to save or delete temporary ASCII files used by the index daemon.
When Oracle Secure Backup performs a backup, it typically generates index information that describes each file-system object it saves. Specifically, it creates a temporary ASCII file on the administrative server in the admin/history/index/client
subdirectory of the Oracle Secure Backup home. When the backup completes, the index daemon imports the index information into the index catalog file for the specified client.
Values
- yes
-
Directs Oracle Secure Backup to retain each temporary ASCII index file. This option might be useful if you have written tools to analyze the ASCII index files and generate site-specific reports.
- no
-
Directs Oracle Secure Backup to delete each temporary ASCII index file when the backup completes (default).
Log Policies
These policies control historical logging in the administrative domain. For example, you can specify which events should be recorded in the activity log on the administrative server: all, backups only, restore operations only, and so forth.
The log policies are as follows:
adminlogevents
Use the adminlogevents
policy to specify the events to be logged in the activity log on the administrative server. Separate multiple event types with a comma. By default this policy is not set, which means that no activity log is generated.
Values
- backup
-
Logs all backup events.
- backup.commandline
-
Logs command-line backups that specify files to be backed up on the command line.
- backup.scheduler
-
Logs scheduled backup operations.
- restore
-
Logs restore operations.
- all
-
Logs everything specified by the preceding options.
adminlogfile
Use the adminlogfile
policy to specify the path name for the activity log on the administrative server.
Values
clientlogevents
Use the clientlogevents
policy to specify the events to be logged in the activity log on the client host.
Values
See the values for the adminlogevents policy. By default this policy is not set.
jobretaintime
Use the jobretaintime
policy to set the length of time to retain job list history.
Once a job completes the duration value specified in the jobretaintime
policy, the job history in the obscheduled process is refreshed and information for that job is no longer available.
Values
- duration
-
Retains the job history for the specified period. The default is
30days
. Refer to "duration" for a description of theduration
placeholder.
logretaintime
Use the logretaintime
policy to set the length of time to retain Oracle Secure Backup log files.
Several components of Oracle Secure Backup maintain log files containing diagnostic messages. This option lets you limit the size of these files, which can grow quite large. Oracle Secure Backup periodically deletes all entries older than the specified duration.
Values
- duration
-
Retains the diagnostic logs for the specified period. The default is
7days
. Refer to "duration" for a description of theduration
placeholder.
transcriptretaintime
Use the transcriptretaintime
policy to specify the length of time to retain Oracle Secure Backup job transcripts.
When the Oracle Secure Backup scheduler runs a job, it saves the job output in a transcript file. You can specify how long transcript files are to be retained.
Values
- duration
-
Retains the job transcripts for the specified period. The default is
7days
. Refer to "duration" for a description of theduration
placeholder.
unixclientlogfile
Use the unixclientlogfile
policy to specify the path name for log files on UNIX client hosts. Oracle Secure Backup logs each of the events selected for clientlogevents to this file on every UNIX client.
Values
windowsclientlogfile
Use the windowsclientlogfile
to specify the path name for log files on Windows client hosts. Oracle Secure Backup logs each of the events selected for clientlogevents to this file on each Windows client.
Values
Media Policies
These policies control domain-wide media management. For example, you can specify a retention period for tapes that are members of the null media family.
The media policies are as follows:
barcodesrequired
Use the barcodesrequired
policy to determine whether every tape is required to have a readable barcode.
By default, Oracle Secure Backup does not discriminate between tapes with readable barcodes and those without. This policy ensures that Oracle Secure Backup can always solicit a tape needed for restore by using both the barcode and the volume ID. Use this feature only if every tape drive is contained in a tape library with a working barcode reader.
Values
blockingfactor
Use the blockingfactor
policy to define the size of every tape block written during a backup or restore operation. You can modify this value so long as it does not exceed the limit set by the maxblockingfactor policy.
See Also:
Oracle Secure Backup Administrator's Guide for more information on blocking factors
Values
freedstucktapethreshold
maxblockingfactor
Use the maxblockingfactor
policy to define the maximum size of a tape block read or written during a backup or restore operation. Blocks over this size are not readable.
See Also:
Oracle Secure Backup Administrator's Guide for more information on maximum blocking factors
Values
- unsigned integer
-
Specifies the maximum block factor in blocks of size 512 bytes. The default value is
128
, which represents a maximum block size of 64 KB. The maximum setting is4096
, which represents a maximum tape block size of 2 MB. This maximum is subject to further constraints by tape device and operating system limitations outside of the scope of Oracle Secure Backup.
overwriteblanktape
Use the overwriteblanktape
policy to specify whether Oracle Secure Backup should overwrite a blank tape.
Values
overwriteforeigntape
Use the overwriteforeigntape
policy to specify whether Oracle Secure Backup should overwrite an automounted tape recorded in an unrecognizable format.
Values
overwriteunreadabletape
Use the overwriteunreadabletape
policy to specify whether Oracle Secure Backup should overwrite a tape whose first block cannot be read.
Values
volumeretaintime
Use the volumeretaintime
policy to specify a retention period for tapes that are members of the null
media family.
Values
writewindowtime
Use the writewindowtime
policy to specify a write-allowed time for tapes that are members of the null
media family.
Values
- duration
-
Retains the volumes for the specified period. The default is
disabled
, which means that the write window never closes. Refer to "duration" for a description of theduration
placeholder.
Naming Policies
This class contains a single policy, which specifies a WINS server for the administrative domain.
The naming policy is as follows:
winsserver
Use the winsserver
policy to specify an IP address of a Windows Internet Name Service (WINS) server. The WINS server is used throughout the administrative domain.
Oracle Secure Backup provides the ability for UNIX systems to resolve Windows client host names through a WINS server. Setting this policy enables Oracle Secure Backup to support clients that are assigned IP addresses dynamically by WINS.
Values
NDMP Policies
These policies specify Network Data Management Protocol (NDMP) data management application (DMA) defaults. For example, you can specify a password used to authenticate Oracle Secure Backup to each NDMP server.
The NDMP policies are as follows:
authenticationtype
Use the authenticationtype
policy to specify the means by which the Oracle Secure Backup Network Data Management Protocol (NDMP) client authenticates itself to an NDMP server.
You can change the authentication type for individual hosts by using the --ndmpauth
option of the mkhost and chhost commands.
Values
- authtype
-
Specifies the authentication type. Refer to "authtype" for a description of the
authtype
placeholder. The default isnegotiated
, which means that Oracle Secure Backup determines (with the NDMP server) the best authentication mode to use. Typically, you should use the default setting.
backupev
Use the backupev
policy to specify backup environment variables. Oracle Secure Backup passes each variable to the client host's Network Data Management Protocol (NDMP) data service every time it backs up NDMP-accessed data.
Note:
NDMP environment variables are specific to each data service. For this reason, specify them only if you are knowledgeable about the data service implementation.
You can also select client host-specific environment variables, which are sent to the NDMP data service each time data is backed up from or recovered to the client host, by using the --backupev
and --restoreev
options of the mkhost and chhost commands.
Values
backuptype
Use the backuptype
policy to specify a default backup type. Backup types are specific to Network Data Management Protocol (NDMP) data services; a valid backup type for one data service can be invalid, or undesirable, for another. By default Oracle Secure Backup chooses a backup type appropriate to each data service.
You can change the backup type for individual hosts by using the --ndmpbackuptype
option of the mkhost and chhost commands.
Values
- ndmp-backup-type
-
Specifies a default backup type. Refer to "ndmp-backup-type" for a description of the
ndmp-backup-type
placeholder.
dmahosts
Use the dmahosts policy to list Oracle Secure Backup hosts eligible to run the NDMP Data Management Agent (DMA) while performing backups on a third-party NDMP server.
You can add a comma separated list of hosts running the Oracle Secure Backup software with either the admin sever role or the media server role.
password
Use the password
policy to specify a password used to authenticate Oracle Secure Backup to each Network Data Management Protocol (NDMP) server.
You can change the NDMP password for individual hosts by using the --ndmppass
option of the mkhost and chhost commands.
Values
port
Use the port
policy to specify a TCP port number for use with Network Data Management Protocol (NDMP).
You can change the TCP port for individual hosts by using the --ndmpport
option of the mkhost and chhost commands.
Values
protocolversion
Use the protocolversion
policy to specify a Network Data Management Protocol (NDMP) version.
Typically, you should let Oracle Secure Backup negotiate a protocol version with each NDMP server (default). If it is necessary for testing or some other purpose, then you can change the NDMP protocol version with which Oracle Secure Backup communicates with this server. If an NDMP server cannot communicate using the protocol version you select, then Oracle Secure Backup reports an error rather than using a mutually supported version.
You can change the NDMP protocol version for individual hosts by using the --ndmppver
option of the mkhost and chhost commands.
Values
- protocol_num
-
Specifies a protocol number. Refer to "protover" for a description of the
protover
placeholder. The default is0
, which means "as proposed by server."
restoreev
Use the restoreev
policy to specify restore environment variables. Oracle Secure Backup passes each variable to the client host's Network Data Management Protocol (NDMP) data service every time it recovers NDMP-accessed data.
You can also select client host-specific environment variables, which are sent to the NDMP data service each time data is backed up from or recovered to the client host, by using the --backupev
and --restoreev
options of the mkhost and chhost commands.
Note:
NDMP environment variables are specific to each data service. For this reason, specify them only if you are knowledgeable with the data service implementation.
Values
username
Use the username
policy to specify the name used to authenticate Oracle Secure Backup to each Network Data Management Protocol (NDMP) server.
You can change the NDMP username for individual hosts by using the --ndmpuser
option of the mkhost and chhost commands.
Values
Operations Policies
These policies control various backup and restore operations. For example, you can set the amount of time that a Recovery Manager (RMAN) backup job waits in the Oracle Secure Backup scheduler queue for the required resources to become available.
The operations policies are as follows:
autohistory
Use the autohistory
policy to specify whether Oracle Secure Backup updates backup history data every time a client host is backed up. This history data is used to form file selection criteria for an incremental backup.
Values
autolabel
Use the autolabel
policy to specify whether Oracle Secure Backup creates a volume label and a backup image label for a backup image whenever it backs up data.
Values
backupimagerechecklevel
Use the backupimagerechecklevel
policy to specify whether Oracle Secure Backup performs block-level verification after each backup section is completed.
Oracle Secure Backup can optionally reread each block that it writes to tape during a backup job. It provides a second verification that the backup data is readable. The first check is performed by the read-after-write logic of the tape drive immediately after the data is written.
Values
- block
-
Performs block-level verification after each backup section is completed. Oracle Secure Backup backspaces the tape to the beginning of the backup section, reads the contents, and performs one of these actions:
-
Leaves the tape positioned after the backup section if it was the last section of the backup
-
Continues with volume swap handling if it has more data to write
Note:
Choosing
block
substantially increases the amount of time it takes to back up data. -
backupoptions
Use the backupoptions
policy to specify additional options to apply to backups dispatched by the scheduler. Whenever the scheduler initiates a backup, it supplies the specified command-line options to obtar. For example, you can turn on diagnostic output mode in obtar
by setting this value to -J
.
Values
- obtar-options
-
Specifies user-supplied obtar options. See "obtar Options" for details on obtar options. By default no options are set.
Note:
Whatever you enter is passed directly to obtar, so be sure to specify valid options. Otherwise, your backup or restore jobs fails to run.
databuffersize
Use the databuffersize
policy to control the size of the shared memory buffer used for data transfer in a local file-system backup or restore operation. It is expressed in tape blocks, and the default value is 6. The default size of this shared memory, therefore, is 6 times the current tape block size.
You can use this policy to tune backup performance. It is relevant only to file-system backup and restore operations where the client and the media server are collocated.
See Also:
"blockingfactor" for more information on tape block size
disablerds
Use the disablerds
policy to specify whether Reliable Datagram Socket (RDS) is used for communication between the client and media server. Where possible, Remote Direct Memory Access (RDMA) is used along with RDS. To use RDS, the client and media server must be connected over Infiniband.
This setting, which is applicable to the entire administrative domain, can be overridden at the host level by using the --disablerds
option of the chhost
or mkhost
commands.
Values
fullbackupcheckpointfrequency
Use the fullbackupcheckpointfrequency
policy to specify checkpoint frequency, that is, how often Oracle Secure Backup takes a checkpoint during a full backup for restartable backups.
Values
- nMB
-
Takes a checkpoint after every
n
MB transferred to a volume. - nGB
-
Takes a checkpoint after every
n
GB transferred to a volume. By default, Oracle Secure Backup takes a checkpoint for every 8 GB transferred to a volume.
incrbackupcheckpointfrequency
Use the incrbackupcheckpointfrequency
policy to specify checkpoint frequency, that is, how often Oracle Secure Backup takes a checkpoint during an incremental backup for restartable backups.
Values
- nMB
-
Takes a checkpoint after every
n
MB transferred to a volume. - nGB
-
Takes a checkpoint after every
n
GB transferred to a volume. By default, Oracle Secure Backup takes a checkpoint for every 2 GB transferred to a volume.
Choose the period at which Oracle Secure Backup takes a checkpoint during an incremental backup for any backup that is restartable. The value is represented in volume of bytes moved. (In the default case, a checkpoint is taken for each 8 GB transferred to a volume.)
overwritecheckfrequency
Use the overwritecheckfrequency
policy to control the frequency at which the tape position is monitored for being overwritten.
Values
mailport
Use the mailport
policy to specify the TCP/IP (Transmission Control Protocol/Internet Protocol) port number to which Oracle Secure Backup sends e-mail requests from Windows hosts.
Values
mailfrom
Use the mailfrom
policy to specify a from address for e-mails generated by Oracle Secure Backup. The default value is (none), in which case the from address is root@
fqdn
or SYSTEM@
fqdn
, where fqdn
is the fully qualified domain name of the Oracle Secure Backup administrative server.
Specifying a different address can help in configurations with multiple backup domains, because it minimizes the requirement to configure the mail server to allow e-mail from each specific system.
maxcheckpointrestarts
maxentriesrestoreoperation
Use the maxentriesrestoreoperation
policy to set the maximum number of concurrent restore jobs that can be run at a given time. If the maximum number of restore jobs is already running, any additional requests will generate a request error message.
Values
progressupdatefrequency
Use the progressupdatefrequency
policy to control the frequency at which the Oracle Secure Backup data service communicates its progress during a backup or restore operation. The information communicated includes details such as the number of files and the amount of data transferred. You can view this information by using the --progress
option of the lsjob
command.
Values
restartablebackups
Use the restartablebackups
policy to specify whether the restartable backups feature is enabled. This feature enables Oracle Secure Backup to restart certain types of failed backups from a mid-point rather than from the beginning.
Values
- yes
-
Enables restartable backups (default).
Note:
If you use the restartable backups feature, then ensure that the
/tmp
directory on the administrative server is on a partition that maintains at least 1 GB of free space. - no
-
Disables restartable backups.
restoreoptions
Use the restoreoptions
policy to specify additional options to apply to restore operations dispatched by the scheduler. Whenever the scheduler initiates a restore operation, it supplies the specified command-line options to obtar. For example, you can turn on diagnostic output mode in obtar by setting this value to -J
.
Values
- obtar-options
-
Specifies user-supplied obtar options. See "obtar Options" for details on obtar options. By default no restore options are set.
Note:
Whatever you enter is passed directly to obtar, so be sure to specify valid options. Otherwise, your backup or restore jobs fail to run.
rmanpriority
This topic describes the rmanpriority
policy and its usage.
Use the rmanpriority
policy to set the default priority value for scheduling rman backup jobs and rman restore jobs.
A job priority specified at the database storage selector level or the media management parameter level will override the priority value set using this policy for that particular job.
Values
rmanresourcewaittime
Use the rmanresourcewaittime
policy to select the duration to wait for a resource.
When a Recovery Manager (RMAN) job has been started and requires certain resources, the resources might not be available immediately. The rmanresourcewaittime
policy controls the amount of time that the job waits in the Oracle Secure Backup scheduler queue for the required resources to become available. If the resources are unavailable after the wait time, then the job fails with an error message. If the resources become available within the specified time, then the job completes successfully.
Values
- duration
-
Specifies the time to wait for a resource. Refer to "duration" for a description of the
duration
placeholder. Note that all values are valid exceptdisabled
. The default isforever
.
rmanrestorestartdelay
tcpbufsize
Use the tcpbufsize
policy to specify the size of TCP/IP (Transmission Control Protocol/Internet Protocol) buffers used in performing backups over the network, for hosts for which no buffer size has been specified directly using mkhost
or chhost
. The default value for tcpbufsize
is the system default.
This policy is used in tuning backup performance.
useloadbalance
Use the useloadbalance
policy to determine whether Oracle Secure Backup should use network load balancing while transferring data between clients and media servers.
Network load balancing distributes the load of multiple backup and restore jobs across all the network connections available between the client and media server.
See Also:
Oracle Secure Backup Installation and Configuration Guide for more information about network load balancing
Values
Scheduler Policies
These policies control the behavior of the scheduler. For example, you can specify a frequency at which the scheduler attempts to dispatch backup jobs.
The scheduler policies are as follows:
applybackupsfrequency
Use the applybackupsfrequency
policy to specify a frequency at which the Oracle Secure Backup scheduler attempts to dispatch jobs.
Values
- duration
-
Specifies how often the scheduler dispatches jobs. Refer to "duration" for a description of the
duration
placeholder. Note that theforever
anddisabled
values are not legal. The default value is5minutes
, that is, Oracle Secure Backup attempts to dispatch jobs every five minutes.
cachealljobs
Use the cachealljobs
policy to specify whether all details of the Oracle Secure Backup scheduler jobs should be stored. By default, Oracle Secure Backup caches information for all jobs in the obscheduled process. The job cache enables Oracle Secure Backup to list job information rapidly and efficiently. Each cached job consumes less than 10 KB of memory.
To disable job caching, after setting the policy value to no
, you must also terminate and relaunch the obsheduled process for the new policy setting to reflect.
You can use the jobretaintime policy to set the duration for which job related information will be retained.
See Also:
"ctldaemon" for more information on suspending and resuming obscheduled
Values
maxdataretries
Use the maxdataretries
policy to specify the maximum number of times to retry a failed client backup.
While attempting to back up a client, certain errors can occur that cause the backup to fail. (See the Oracle Secure Backup Administrator's Guide for a description of triggers.) Retryable failures include those caused by the client being unavailable because it is out of service or down, unable to communicate through the network, or has insufficient disk space for temporary backup files.
Values
pollfrequency
Use the pollfrequency
policy to specify the frequency at which Oracle Secure Backup scans the contents of the scheduler catalog for manual changes.
Values
- duration
-
Specifies the scheduler catalog polling frequency. Refer to "duration" for a description of the
duration
placeholder. Note that theforever
value is not legal. The default value is30minutes
.
recyclejobthreshhold
Use the recyclejobthreshold
policy to specify the number of scheduler jobs that must be completed before resetting the jobs back to the beginning. Once a scheduler job reaches the recyclejobthreshold
value, the next scheduler job will start a fresh series of scheduler jobs.
Values
retainbackupmetrics
Use the retainbackupmetrics
policy to specify whether Oracle Secure Backup saves a summary of metrics produced by each backup operation in the client host's observiced log.
Values
Security Policies
These policies control aspects of domain security. For example, you can enable Secure Sockets Layer (SSL) encryption for backup data in transit or set the key size for each host identity certificate.
The security policies are as follows:
autocertissue
Use the autocertissue
policy to indicate whether observiced on the administrative server transmits signed certificates (certificate response messages) over the network as part of the mkhost command processing.
Values
certkeysize
Use the certkeysize
policy to indicate the key size to be used when creating the public key/private key pair used in every identity certificate in the administrative domain. Certification Authorities typically choose key sizes of 1024
or 2048
.
Values
certlifetime
certlifetime
policy to define the lifetime for certificates created during domain re-certification.
See Also:
obcm for more information on the recertifydomain
option
Values
certwarning
Use the certwarning
policy to set the duration through which backup results display a warning about the upcoming expiry of the existing host certificate.
This policy also defines the advisory period, during which less obvious warnings appear in log files, transcripts, emails, and reminder messages. The advisory period is always three times the length of the warning period. For example, if you use the certwarning
policy to set the warning period to 7 days, then the advisory period is automatically set to 21 days.
The certificate warning period must be less than the certificate lifetime set in the certlifetime policy.
Values
- duration
- You can set the host certificate warning period to a minimum of
3 days
and a maximum of18 months
. The default value is14 days
.For more information on setting the duration, see the duration placeholder.
encryptdataintransit
Use the encryptdataintransit
policy to enable Secure Sockets Layer (SSL) encryption for file-system and unencrypted Recovery Manager (RMAN) backup data before it passes over the network. This policy does not enable or disable encryption for data at rest, that is, data stored on disk or tape.
If RMAN backup data is encrypted by RMAN, then this policy does not encrypt it again.
Values
loginduration
Use the loginduration
policy to specify the amount of time a login token remains valid in obtool after it is created.
Oracle Secure Backup creates a login token each time you log in through the obtool. If a valid token exists when you invoke either tool, then you do not have to log in again.
Values
- duration
-
Specifies the duration of the login token. Refer to "duration" for a description of the
duration
placeholder. The default value is15minutes
.
minuserpasswordlen
Use the minuserpasswordlen
security policy to specify the minimum required Oracle Secure Backup user password length. Valid values are the integers from 8 (the default value) to 16.
This security policy only affects passwords for users created with the mkuser
or chuser
commands. Other passwords in the Oracle Secure Backup domain, such as NDMP host passwords, are not affected because they are not under the control of Oracle Secure Backup.
You can change the minuserpasswordlen
security policy value when you install Oracle Secure Backup on UNIX and Linux by modifying the minimum
user
password
length
parameter in the obparameters
file.
passwordgracetime
Use the passwordgracetime
policy to specify the grace time for an Oracle Secure Backup user password. The grace time of a password is the time, in number of days, during which the user can continue using the current password even after it has expired.
This value must be greater than or equal to 1 day. The default grace time of a password is set to 3 days. If the grace time is set to ‘disabled, no grace time is provided and the user must change the password during the next login after the password expiration.
passwordlifetime
Use the passwordlifetime
policy to specify the lifetime, in number of days, of an Oracle Secure Backup user password. This value must be greater than or equal to 1 day. The default lifetime of a password is set to 180 days. If the password lifetime is set to ‘disabled', then the password never expires.
passwordreusetime
Use the passwordreusetime
policy to specify the time, in number of days, after which an Oracle Secure Backup user password can be reused. This value must be greater than or equal to 1 day. The default reuse time of a password is set to 1 year. If the password reuse time is set to ‘disabled', the password can never be reused.
securecomms
Use the securecomms
policy to specify whether daemon components use Secure Sockets Layer (SSL) for authentication and message integrity.
Values
trustedhosts
Use the trustedhosts
policy to control whether Oracle Secure Backup restricts certain operations to trusted hosts only. These operations include:
-
Use of obtar commands
-
Direct access to physical devices and libraries
-
Access to encryption keys
Values
- yes
-
Specifies that restricted operations can be run only from an administrative or media server. If a restricted operation is attempted from a host that has only the client role, then the attempt fails with an
illegal
request
from
non-trusted
host
error. - no
-
The restricted operations can be run from any host in the administrative domain.
See Also:
Oracle Secure Backup Installation and Configuration Guide for more information on trusted hosts
untrustedhostjobs
Use the untrustedhostjobs
policy to control whether Oracle Secure Backup accepts jobs from an untrusted client host (hosts that are not the administrative server or media server).
Values
- yes
-
Specifies that jobs from untrusted client hosts must be accepted. This is the default setting.
- no
-
Specifies that jobs from untrusted hosts must not be accepted.
Specifies that no user, including the administrative user, can submit backup, duplication, copy instance, or vaulting jobs from the client host. Restore jobs from this client can be submitted by a user who has the appropriate privileges. If the
trustedhost
policy is disabled, then jobs are accepted from the host regardless of the setting of theuntrustedhostjobs
policy.
Staging Policies
These policies control stage scan properties.
The staging policies are as follows:
obstagescandebuglevel
Use the obstagescandebuglevel
policy to set the debug level for the job transcript created by a stagescan job.
Values
- fatal
-
Shows only catastrophic failures.
- error
-
Logs fatal messages and errors.
- info
-
Logs error messages and additional information. This is the default value.
- debug1
-
Displays informational messages, the backup image name, and the names of instances that are skipped because the instance flags indicate that the instance should not be copied (the flags are set to stage-in-progress, stage-complete, or deleted).
- debug2
-
Displays
debug1
messages and also full stage rule information for each disk pool that is scanned. Additionally, during scanning this level displays instance-stage rule matching information.
Vaulting Policies
These policies control how Oracle Secure Backup performs vaulting.
The vaulting policies are as follows:
autorunmmjobs
Use the autorunmmjobs
policy to control whether manual intervention is needed to start a media movement job after it has been scheduled.
Values
- no
-
If this policy is set to
no
, then media movement jobs are not started automatically by the scheduler. The Oracle Secure Backup operator must run the job through the obtoolrunjob
command. This is the default value. - yes
-
If this policy is set to
yes
, then media movement jobs are started automatically by the scheduler.Note:
Even if
autorunmmjobs
is set toyes
, manual intervention might still be required to complete a media movement job for a variety of reasons.
autovolumerelease
invretrydelay
Use the invretrydelay
policy to specify how long Oracle Secure Backup waits before retrying an export operation or inventory operation to verify if a volume has been physically removed from a library.
- duration
-
Refer to "duration" for a description of the
duration
placeholder. The default value is2minutes
.
maxinvretrytime
Use the maxinvretrytime
policy to specify how long Oracle Secure Backup continues retrying an export or inventory operation. When this duration is completed, the job is put in an input required state, an alert e-mail is sent to the e-mail recipients in the location object, and the following prompt is displayed in the transcript:
go - proceed with the volume movement quit - give up and abort this media movement job
- duration
-
Refer to "duration" for a description of the
duration
placeholder. The default value is15minutes
.
minwritablevolumes
Use the minwritablevolumes
policy to specify the minimum number of writable volumes that must be available in each tape library always. If the number of writable volumes in a tape library drops to less than this value, then Oracle Secure Backup initiates early rotation of volumes in that tape library.
You can override this policy for an individual location.
Values
offsitecustomerid
Use the offsitecustomerid
policy to define the default customer ID string used in reports generated by Oracle Secure Backup. You can override this policy for an individual location.
reportretaintime
Use the reportretaintime
policy to define how long vaulting reports (pick/distribution) are retained.
Values
- duration
-
Refer to "duration" for a description of the
duration
placeholder. The default value is7days
.