1. Installation and Configuration Guide
  2. Configuring and Managing the Administrative Domain

7 Configuring and Managing the Administrative Domain

This chapter explains the basic steps involved in setting up an Oracle Secure Backup administrative domain after initial installation of the product on all of your hosts. Some steps, such as "Adding a Host to the Administrative Domain", are also useful when managing an existing administrative domain.

This chapter contains the following sections:

Overview of Configuring the Administrative Domain

The administrative domain consists of a set of hosts and backup containers that are managed as a single unit by Oracle Secure Backup. The administrative domain enables you to manage backup and restore operations among diverse hosts, devices, and databases.

After you install the Oracle Secure Backup software on all the hosts, except NDMP hosts and NAS filers, in the administrative domain, you must configure the administrative domain. Configuring the administrative domain sets up the environment that is required to create and manage backups.

The instructions in this chapter describe how to configure the administrative domain with host and backup container information using the Web tool. It is assumed that you have installed the Oracle Secure Backup software on each host in the domain, as described in Installing Oracle Secure Backup on Linux or UNIX or Installing Oracle Secure Backup on Windows.

See Also:

Oracle Secure Backup Reference for information about the obtool commands used to configure the administrative domain

The administrative domain is set up using a default security configuration that should be adequate for most users. Further configuration of users, user classes, security options, and the Oracle Secure Backup media management layer for use with Recovery Manager (RMAN) in backing up Oracle databases might be required in some cases.

See Also:

Oracle Secure Backup Administrator's Guide for information about additional security configuration

Network Load Balancing in Oracle Secure Backup

Network load balancing ensures that multiple network connections on a client are utilized optimally and no single connection carries the data load of all the concurrent backup and restore jobs. The transfer load of multiple backup and restore jobs is distributed across the network connections available on the client and media server. Load balancing is available starting with Oracle Secure Backup 10.4 and is supported for both file-system and Oracle Database backup and restore operations. Load balancing is turned off by default.

Note:

Load balancing is not supported for NDMP clients.

Oracle Secure Backup sets up a data connection between the client and the media server over which the data transfer occurs. If a host contains more than one network interface of a particular type, Oracle Secure Backup uses all the available interfaces of that type for the data connections between the client and the media server. The type of network interface can be IPv4, IPv6, or RDS/RDMA (Reliable Datagram Socket over Remote Direct Memory Access) over Infiniband. Load balancing requires connectivity between the client and the media server on all the interfaces of the selected connection type.

Oracle Secure Backup selects a connection type only if both the client and the media server support that connection type. Therefore, if both the client and the media server support RDS/RDMA over Infiniband and the IPv6 connection types, then Oracle Secure Backup selects RDS/RDMA over Infiniband as the connection type.

If a Preferred Network Interface (PNI) is configured, then load balancing is disabled on the media server and PNI takes precedence. Load balancing will still be performed on the client.

Order of Precedence for Network Connection Types

When multiple network connections are available between a client and media server, Oracle Secure Backup decides which connection type to use based on the following order of precedence:

  • RDS/RDMA over Infiniband

  • IPv6

  • IPv4 (includes TCP/IP over Infiniband)

Steps to Configure the Administrative Domain

  1. Configure all the hosts in your administrative domain. Hosts include the administrative server, media servers, and clients.

    While configuring a host, specify the role that is assigned to the host in the administrative domain.

    See Also:

    "Steps to Configure Hosts in the Administrative Domain" for information about configuring hosts

  2. Add the tape devices in your network to the administrative domain. Tape devices include tape libraries and tape devices.

    You can automatically discover tape devices that are attached to media servers in the administrative domain or manually configure each tape device.

    See Also:

  3. Verify the configuration of tape devices that were added to the administrative domain.

    See Also:

    "Verifying and Configuring Added Tape Devices" for information about verifying tape devices

  4. Configure disk pools in your administrative domain.

    See Also:

    "Configuring Disk Pools" for information about configuring disk pools

The initial configuration of your administrative domain is complete.

Network communication among hosts in the administrative domain is configured with the default security configuration described in "Default Security Configuration".

Note:

You must still identify files to be backed up in a dataset, configure at least one backup schedule, and set up users, classes, and security policies. These tasks are described in the Oracle Secure Backup Administrator's Guide.

Configuring the Administrative Domain with Hosts

After you install Oracle Secure Backup on all hosts in your administrative domain, you must configure the domain with hosts. You can add hosts to your administrative domain either during the initial administrative domain configuration or when you subsequently define new hosts in your domain.

After the initial configuration, you can manage your hosts and perform tasks such as editing host properties, updating hosts, and removing hosts from the administrative domain.

This section contains these topics:

About Administrative Domain Host Configuration

The host configuration process makes the administrative server aware of a media server or client to be included in the administrative domain. You must perform this process for every host in the administrative domain, including each host running Oracle Secure Backup natively and each network-attached storage device managed by Network Data Management Protocol (NDMP).

For any host to be added to the administrative domain, you must provide the following attributes:

  • Host name

  • IP address

  • Assigned roles: client, media server or both

  • Whether the host is in service or not in service at the moment

After adding a host to the administrative domain, Oracle recommends that you ping the host to confirm that it can be accessed by the administrative server.

See Also:

"Pinging Hosts in the Administrative Domain"

For hosts that use NDMP access mode, such as network-attached storage devices, you must configure the following additional attributes:

  • NDMP authorization type

  • NDMP password

  • TCP port number for use with NDMP

See Also:

Oracle Secure Backup Reference for a complete account of host attributes

Steps to Configure Hosts in the Administrative Domain

After you install the Oracle Secure Backup software on hosts, use the steps in this section to configure the administrative domain with hosts.

To configure your hosts in the administrative domain:

  1. Open the Oracle Secure Backup Web tool running on the administrative server and log in as the admin user.

    See Also:

    "Starting a Web Tool Session" for information about accessing the Web tool

  2. For each host in your administrative domain that must be set up for the role of media server, perform the following steps:

    1. Add the host to the administrative domain by selecting the media server role for the host as described in "Adding a Host to the Administrative Domain".

      Note:

      If the administrative server is also assigned the media server role, then it is part of the administrative domain. See "Adding the Media Server Role to an Administrative Server" for information about assigning the media server role to the administrative server.

    2. Configure the administrative domain to include each tape device attached to this host as described in "Adding Tape Devices to an Administrative Domain" describes this task.

    3. Configure the administrative domain to include disk pools as described in "Configuring Disk Pools".

  3. (Optional) For certain NDMP hosts, you may need to define backup and restore environment variables before the host can function with Oracle Secure Backup.

    See Also:

    "Adding Backup and Restore Environment Variables to an NDMP Host" for information about defining backup and restore environment variables for NDMP hosts

  4. (Optional) For hosts that have multiple physical data paths with the administrative server or media server, you can define a Preferred Network Interface (PNI) that will be used while exchanging backup or restore data with another host.

    See Also:

    "Configuring Preferred Network Interfaces (PNI)" for information about defining a PNI for your host

  5. For each host that is to be set up only for the client role, add the host to the administrative domain by selecting the client role as described in "Adding a Host to the Administrative Domain".

  6. Verify that all the hosts that you added to your administrative domain are accessible using the IP address that was configured for the host.

    See Also:

    "Pinging Hosts in the Administrative Domain" for information about pinging hosts

After you complete the initial configuration of the hosts, you can manage hosts by performing tasks such as editing host properties, updating hosts, and removing hosts from the administrative domain as described in "Managing Hosts in the Administrative Domain".

Adding a Host to the Administrative Domain

You can add a host (media server or client) to the administrative domain either at the time of initial domain configuration or subsequently, when you want to configure additional hosts in your administrative domain.

To add a host to an administrative domain:

  1. Display the Hosts page as described in "Viewing the Hosts in the Administrative Domain".
  2. Click Hosts in the Basic section to display the Hosts page.
  3. Click Add to add a host.

    The Configure: Hosts > New Hosts page appears.

  4. In the Host field, enter the unique name of the host in the Oracle Secure Backup administrative domain.

    In most cases, this name is the host name resolvable to an IP address using the host name resolution system (such as DNS or NIS) on your network. However, you can assign a different host name purely for use with Oracle Secure Backup.

    The name you enter must start with an alphanumeric character. It can contain only letters, numerals, dashes, underscores, and periods. The maximum length of a host name is 127 characters.

  5. You must enter a value in the IP Interface name(s) field in the following situations:

    • The name of this host cannot be resolved to an IP address using a mechanism such as DNS or NIS

    • The resolvable name of your host is different from the value entered in the Host field.

    • Your host has multiple IP interface names or IP addresses to use with Oracle Secure Backup

    If any of the preceding conditions apply to this host, then enter one or more IP interface names in this field. Valid values are either resolvable host names or IP addresses. Separate multiple values with a comma.

    For example, you can use myhost.oracle.com for a host name or 141.146.8.66 for an IP address.

    If a value is specified for this field, then Oracle Secure Backup tries the host names or IP addresses in the order specified when it must contact this host, rather than using the name specified in the Host field.

    Note:

    If some hosts should contact this host using a particular network interface, then you can use the Preferred Network Interface (PNI) capability to override this order for those hosts, after completing the initial configuration of the administrative domain. See "Configuring Preferred Network Interfaces (PNI)" for details.

  6. In the Status list, select one of these:

    • in service

      Select this option to indicate that the host is available to perform backup and restore operations.

    • not in service

      Select this option to indicate that the host is unavailable to perform backup and restore operations.

  7. In the Roles list, select the roles for this host: admin, client or mediaserver.
  8. In the Encryption field, specify the encryption settings for backup operations performed for this host. Select one of the following values:

    • required

    • allowed

    See Also:

    Oracle Secure Backup Administrator's Guide for information about the encryption settings

  9. In the Algorithm field, select one of the following options to specify the algorithm that must be used to encrypt backups created for this host: aes128, aes192, or aes256.
  10. In the Access method field, select one of these:

    • OB

      Select this option for Windows, Linux and UNIX hosts that have Oracle Secure Backup installed.

    • NDMP

      Select this option for devices that support NDMP without an Oracle Secure Backup installation, such as a network-attached storage device.

    Note:

    OB access mode is a synonym for primary access mode. See "Oracle Secure Backup Host Access Modes" for a discussion of access modes.

  11. In the Disable RDS field, select one of the following:

    • yes

      Select this option to disable the use of Reliable Datagram Socket (RDS) over Infiniband for communication between the client and media server. The default protocol, TCP/IP, is used for communication.

    • no

      Select this option to enable the use of Reliable Datagram Socket (RDS) over Infiniband for communication between the client and media server.

    • systemdefault

      Select this option to specify that the administrative domain level setting, by using the operations policy disablerds, is used to decide of RDS is enabled for the host. For example, if you set systemdefault at the host level and the disablerds policy is set to no, the host uses RDS for data transfer.

    See Also:

    Oracle Secure Backup and Reliable Datagram Socket (RDS) for more information about RDS

  12. In Public and private key sizes, select the size for the public/private key associated with the identity certificate for this host.

    For hosts using the ob access mode, skip to Step 20. For hosts such as Network Attached Storage (NAS) devices that must use NDMP mode, continue to Step 13. Steps 13 through 18 apply only to hosts in NDMP mode.

  13. In the NDMP authorization type list, select an authorization type. The authorization type defines the way Oracle Secure Backup authenticates itself to the NDMP server. Typically, you should use the default setting.

    Your choices are the following:

    • default

      Select this option to use the value of the Authentication type for the NDMP policy.

    • none

      Select this option to attempt to use the NDMP server from Oracle Secure Backup and provide no authentication data. This technique is usually unsuccessful.

    • negotiated

      Select this option to negotiate with the NDMP server to determine the best authentication mode to use.

    • text

      Select this option to use unencrypted text to authenticate.

    • md5

      Select this option to use the MD5 digest algorithm to authenticate.

    See Also:

    Oracle Secure Backup Administrator's Guide to learn about NDMP-related policies

  14. In the Username field, enter the name used to authenticate Oracle Secure Backup to this NDMP server. If left blank, then Oracle Secure Backup uses the name in the NDMP policy.
  15. In the Password list, select one of these options:

    • Use default password

      Select this option to use the default NDMP password.

    • Use text password

      Select this option to enter a password.

    • Set to NULL

      Check this to use a NULL password.

    The password is used to authenticate Oracle Secure Backup to this NDMP server.

    Note:

    The practice of supplying a password in clear text on a command line or in a command script is not recommended by Oracle. It is a security vulnerability. The recommended procedure is to have the user be prompted for the password.

  16. In the Backup type field, enter an NDMP backup type. A backup type is the name of a backup method supported by the NDMP data service running on a host. Backup types are defined by each data service provider.
  17. In the Protocol Version list, select 2, 3, 4, or as proposed by server. See "Oracle Secure Backup Host Access Modes" for details on NDMP protocol versions.
  18. In the Port field, enter a port number. Typically, the TCP port (10000) in the NDMP policy is used. You can specify another port if this server uses a port other than the default.
  19. If required, add backup and restore environment variables as described in "Adding Backup and Restore Environment Variables to an NDMP Host".
  20. In the TCP/IP buffer size field, enter the value of the buffer size in bytes.
  21. If the host you are adding to the administrative domain is not currently accessible on the network, then select the Suppress communication with host option.
  22. Click OK to save your changes.

Adding the Media Server Role to an Administrative Server

If you choose both the administrative server and media server roles when installing Oracle Secure Backup on a host, then that host is automatically part of the administrative domain. But it is not recognized as a media server until that role is explicitly granted to it using the chhost command in obtool or the Oracle Secure Backup Web tool.

See Also:

Oracle Secure Backup Reference for complete syntax and semantics for the chhost command

To add the media server role to an administrative server using the Oracle Secure Backup Web tool:

  1. On the Configure page of the Oracle Secure Backup Web tool, click Hosts.

    The Configure: Hosts page appears.

  2. Select the administrative server and click Edit.

    The Configure: Hosts > host_name page appears.

  3. In the Roles list, shift-click to add the media server role and then click OK.

    The Configure: Hosts page reappears with the media server role added to the administrative server host under the Roles column.

Adding Backup and Restore Environment Variables to an NDMP Host

Some NDMP hosts might require that you add backup and restore environment variables before they function with Oracle Secure Backup.

To add backup and restore environment variables:

  1. In the field that appears next to the Backup environment vars or Restore environment vars field, enter a name-value pair.
  2. Click Add to add the name-value pair as an environment variable.

    If an environment variable name or value includes spaces, then you must use quotes around the name or value to ensure correct processing of the name or value. For example, enter A=B or "Name A"="Value B" (if the name or value includes spaces).

  3. Select an existing environment variable pair and click Remove to remove the pair.

Configuring Preferred Network Interfaces (PNI)

This section contains the following topics:

Note:

PNI configuration settings for a host are applicable only to Oracle Secure Backup services. These settings have no impact on the network selection or usage of other applications running on the same host.

About PNI

PNI (Preferred Network Interface) enables you to configure the network or interface that must be used for communication between two hosts in the administrative domain.

Multiple physical data paths can exist between a client, which contains primary storage to be backed up or restored, a media server, which controls at least one secondary storage device that writes and reads the backup media, and the administrative server. For example, a host might have multiple network interfaces connected to the network containing the hosts in the administrative domain. Typically, clients transfer huge amounts of backup data over the network. Therefore, specifying the network/interface over which data must be sent prevents performance issues that may be caused when production networks are used for backup data.

For each host, you can configure PNI to instruct Oracle Secure Backup services to use a specific network or interface for sending backup data or for requesting a remote Oracle Secure Backup service to send inbound data. PNI applies to both control connections and data connections. Data connections are used to transfer backup data. Backup data is large in size and consumes considerable network bandwidth. Control connections are used to manage the administrative domain. The messages sent over control connections are small and consume minimal bandwidth.

See Also:

Network Load Balancing in Oracle Secure Backup for information about network load balancing and PNI

About PNI for Inbound Connections

Configuring a PNI for inbound connections specifies the interface that will be used when a remote host (media server or client) establishes a connection with the host.

See Also:

About PNI for Outbound Connections

Configuring a PNI for outbound connections from a host specifies the network and interface that must be used when this host connects to a remote host (media server or client). The configured PNI is used for both data and control connections.

You can create one of the following to specify a PNI for outbound connections:

  • Single interface only

    Limits the outgoing backup and control data transfer to the interface specified in the configured PNI. The interface must exist in the remote host to which a connection is being established. You can configure one network/interface for each address family (one for IPv4 and another for IPv6). You must not use the single interface for RDS connections. When you chose this type of connection, you cannot configure other networks as PNI for outbound connections for this host.

  • One or more specified networks

    Uses the specified network when connecting to a remote host. You can specify one or more networks. Optionally, a bind address for each outgoing network can be specified. If no bind address is specified, then the operating system decides which address to bind to. When multiple networks are specified, a connection is attempted based on the order of remote host IP names specified.

    If the specified networks are not available, then you can configure Oracle Secure Backup to use any available network and interface to connect to a remote host. The following IP values are used to configure any network as PNI:

    0.0.0.0/0: any IPv4 network

    0::0/0: any IPv6 network

    0/0: any of IPv4 or IPv6 network

See Also:

PNI and Network Connection Types

A host can have different types of networks. Oracle Secure Backup supports IPv4 and IPv6 for control connections and IPv4, IPv6, RDS/RDMA over Infiniband for data connections. When multiple network connections exist between a client and the media server, Oracle Secure Backup uses the following criteria to determine which connection type is used:

  • If a PNI is configured, the network interface specified in the PNI is used to transfer backup and restore data between the client and media server. The connection type chosen is the same as the connection type of the network interface specified in PNI.

  • If a PNI is not configured, Oracle Secure Backup selects the connection type as follows:

    • For control connections, the order of precedence is based on the ordering of IP addresses in the host object. Each client has a host object. The host object contains the list of IP addresses that can be used to access that host.

    • For data connections, the default connection used depends on the type of connection. The order of precedence is described in "Order of Precedence for Network Connection Types".

      For a particular connection type to be used, both the client and media server must support that connection type.

Configuring PNI for Inbound Connections

When you configure a PNI for inbound connections for a host, remote hosts specified in inbound PNI use the interface specified in PNI to send data to the host.

To configure a PNI for inbound connections:

  1. Display the Hosts page as described in "Viewing the Hosts in the Administrative Domain".
  2. Select the host for which you want to configure a PNI and click Edit.

    The Configure Hosts > host_name page appears.

  3. Click Preferred Network Interfaces.

    The Configure Hosts > host_name > Preferred Network Interface page appears.

    Ensure that Inbound is selected in the list at the top-right of the page. This is the default selection.

  4. Select an IP address or DNS name from the Interface list.

    This list shows a list of interfaces using which this host can be referenced. The IP address or name is used by the remote host to connect to this host.

  5. From the Clients list, select one or more clients that will use this IP address or DNS name when creating a connection to this host.
  6. Click Add.
Configuring PNI for Outbound Connections

When multiple network paths exist between hosts in the administrative domain, you can configure a PNI to define the network/interface that must be used when creating connections from this host to another remote host.

To configure a PNI for outbound connections from a host:

  1. Display the Hosts page as described in "Viewing the Hosts in the Administrative Domain".
  2. Select the host for which you want to configure a PNI and click Edit.

    The Configure Hosts > host_name page appears.

  3. Click Preferred Network Interfaces.

    The Configure Hosts > host_name > Preferred Network Interface page appears.

  4. From the list at the top-right of the page, select Outbound.

    The Outbound Interfaces section is displayed.

  5. Depending on the type of outbound connection that you want to configure as the PNI, perform one of the following steps:
    1. To configure a single interface for all outbound connections:

      1. Select useonly.

      2. In the Interface column corresponding to the useonly option, select the interface that must be used as the PNI.

      Note:

      Once you configure a useonly interface, you cannot configure other networks as PNI for this host.

    2. To configure a specified network for outbound connections:

      1. Select network.

      2. In the Network column corresponding to the Network option, specify the network that must be used as the PNI.

      3. (Optional) In the Interface column, corresponding to the Network option selected, select the bind address that must be used.

    3. To configure any network for outbound connections:

      1. Select network.

      2. In the Network column corresponding to the Network option, specify one of the following in the network:

        0.0.0.0/0: any IPv4 network

        0::0/0: any IPv6 network

        0/0: any of IPv4 or IPv6 network

  6. Click Add to add the details provided as a PNI for outbound connections.

    The specified details are added and displayed at the top the page.

  7. (Optional) If you did not configure a useonly interface, configure another network as PNI by clicking Addand performing the steps listed in Step 5.
Removing a PNI for Inbound Connections

To remove a PNI for inbound connections:

  1. Display the Hosts page as described in "Viewing the Hosts in the Administrative Domain".
  2. Select the host for which you want to remove a PNI and click Edit.

    The Configure Hosts > host_name page appears.

  3. Click Preferred Network Interfaces.

    The Configure Hosts > host_name > Preferred Network Interface page appears.

  4. Under Inbound Interfaces, click Select corresponding to the interface and client that you want to remove as a PNI configuration.
  5. Click Remove.
Removing a PNI for Outbound Connections

To remove a PNI configuration for outbound connections from a host:

  1. Display the Hosts page as described in "Viewing the Hosts in the Administrative Domain".
  2. Select the host for which you want to remove a PNI and click Edit.

    The Configure Hosts > host_name page appears.

  3. Click Preferred Network Interfaces.

    The Configure Hosts > host_name > Preferred Network Interface page appears.

  4. Select Outbound at the top-right of the page.

    The list of configured PNIs for outbound connections is displayed.

  5. In the Outbound Interfaces section, click Select corresponding to the PNI configuration that you want to remove.
  6. Click Remove.

Pinging Hosts in the Administrative Domain

You can use the Oracle Secure Backup ping operation to determine whether a host responds to requests from Oracle Secure Backup on each of its configured IP addresses.

Pinging a host attempts to establish a TCP connection to the host on each of the IP addresses you have configured for it. For hosts running Oracle Secure Backup, the connection occurs on TCP port 400. For hosts that use the NDMP access mode, connections occur through the configured NDMP TCP port, usually 10000.

Oracle Secure Backup reports the status of each connection attempt and immediately closes each connection that has been established successfully.

To ping a host in the administrative domain:

  1. Display the Hosts page as described in "Viewing the Hosts in the Administrative Domain".
  2. From the Hosts page, select a host to ping.
  3. Click Ping.

    A status line appears on the page with the results of the operation.

Enable tcpkeepalive on local host

Enable tcpkeepalive in the local policy to prevent idle Oracle Secure Backup network connections from being terminated by a proxy or firewall due to inactivity.

You can set the local policy for tcpkeepalive and configure the control connections to remain open so that the backup operations, for both file system and Recovery Manager (RMAN), complete successfully.

About tcpkeeplive

Oracle Secure Backup provides a local policy for tcpkeepalive.

The tcpkeepalive policy helps maintain idle TCP connections by periodically exchanging packets between hosts in the Oracle Secure Backup domain that have the local policy enabled. By default, Oracle Secure Backup has the tcpkeepalive policy disabled.

However, you can change the local policy and enable tcpkeepalive from the obtool interface. Since tcpkeepalive is set on the local host, you must enable it individually on all media servers and administrative servers in the administrative domain.

To enable the tcpkeepalive policy:

  • Run the obtool commands for tcpkeepalive on the local host.

  • Configure the system parameters depending on your operating system.

The Web tool does not support changing or viewing the local policies.

See Also:

Configuring Firewalls for Oracle Secure Backup on Windows for information about the role of Windows firewall on network connections.

Steps to enable tcpkeepalive

Log in to the obtool command-line interface and enable tcpkeepalive in the local policy.

Here are the obtool commands to view the local policies and to enable tcpkeepalive.

To enable tcpkeepalive:

  1. Open a terminal window and enter into the obtool command-line interface.
    obtool

    See "obtool Login" for more details on how to log in to obtool.

  2. View all defaults and policies in the administrative domain.
    lsp

    See "lsp" for more details on the lsp command.

  3. View the policies local to the host.
    lsp local

    Observe that the default setting for tcpkeepalive is no.

  4. Change the local policy on your host and enable the setting for tcpkeepalive.
    setp local/tcpkeepalive yes
  5. Optionally, run the lsp local command once again and view the new setting for tcpkeepalive. 
    lsp local

    Verify that you have enabled tcpkeepalive on the local host. 

    tcpkeepalive                     yes

The system parameters to set the timers associated with tcpkeepalive vary for each operating system. After a restart, the system parameters may reset to their default values.

Tip:

Consult with your system administrators or network administrators to define the system parameters and control the behavior of the connection timeouts.

Overview of Automatic Device Discovery

Oracle Secure Backup allows you to discover and configure libraries and tape drives that are attached to media servers in the administrative domain.

If you choose not to discover devices automatically, then you can manually configure attached tape devices as described in "Adding Tape Devices to an Administrative Domain".

About Automatic Device Discovery

You can automatically discover and then configure libraries and tape drives that are attached to media servers in the administrative domain. This includes NDMP servers and media servers that have Oracle Secure Backup software installed. Automated device discovery makes the process of configuring attached libraries and drives automatic so that you can quickly add attached tape drives to the administrative domain. Its options allow you to configure all attached libraries and drives, or devices attached to specific hosts.

In addition to the initial configuration, automatic device discovery can also detect changes in the configuration of libraries and tape drives. When automatic device discovery is performed for a media server that has existing tape devices configured, devices that have already been configured in Oracle Secure Backup will not be reconfigured. This information can be used to update the configuration information of existing tape devices. By default, Oracle Secure Backup discovers Solaris, Linux, and AIX attached libraries and tape devices that have their attachments located in the /dev directory.

Note:

It is recommended that you use the automatic device discovery feature to rediscover devices only when the existing devices in the current domain are not in use.

Tape Device Configuration Changes Oracle Secure Backup Detects

During automatic device discovery, the following media changers and tape drives can be detected:

  • Media changers and tape drives that were not previously part of the current administrative domain.

    For each such device discovered, Oracle Secure Backup can create a device with an internally-assigned name and then configure its device attachment.

  • Previously configured libraries and/or tape devices that have new attachments.

    In this case, Oracle Secure Backup can add new attachments to an existing device configuration.

    Libraries and tape devices are detected by Oracle Secure Backup by reading the serial number reported for the device by the media server's operating system. Devices having multiple attachments are detected based on their having the same serial number reported by multiple media servers. Oracle Secure Backup will configure devices based on the serial number associated with its attachments rather than any logical name assigned by the operating system.

  • Previously configured devices which have lost an attachment

    Oracle Secure Backup displays information about the lost device attachment.

About Persistent Binding for SCSI Tape Devices

Oracle Secure Backup uses device file names, such as /dev/sg3, to refer to the actual physical tape devices. These device file names are specified during device configuration as part of the attach point specification. Hardware configuration changes or a system reboot may sometimes cause an existing device file name to point to a different tape device instead of the originally-configured tape device. To ensure that SCSI tape device configuration remains constant across hardware configuration changes and system reboots, the system administrator can use persistent binding to set up the tape devices. When persistent binding is used, the operating system uses symbolic links to manage the mapping of device files to the configured SCSI tape devices. Therefore, Oracle Secure Backup device files will always map to the correct tape devices. Tape devices that use persistent binding can also be automatically discovered and configured as described in "Overview of Automatic Device Discovery".

Note:

Persistent binding is supported only for the Linux 64-bit platform.

By default, Oracle Secure Backup discovers Solaris, Linux, and AIX attached libraries and tape drives that have their attachments located in the /dev directory. However, when persistent binding is used, the tape device files may be located in a different directory. You can specify the directory from which SCSI persistent devices must be discovered by using the OB_DEVICE_SEARCH_PATH environment variable.

See Also:

discoverdev in the Oracle Secure Backup Reference for information about the OB_DEVICE_SEARCH_PATH environment variable

Steps to Discover and Configure Tape Devices in the Administrative Domain

Depending on the requirement, you can either discover tape devices attached to media servers in the administrative domain or you can also configure the discovered devices.

See Also:

discovereddevicestate policy in the Oracle Secure Backup Reference for more information on the policy setting for managing the availability of discovered tape devices

To automatically discover and configure tape devices:

  1. Open the Oracle Secure Backup Web tool running on the administrative server and log in as the admin user.

    See Also:

    "Starting a Web Tool Session" for information about accessing the Web tool

  2. Click the Configure tab.

    The Configure page is displayed.

  3. Click Discover Devices.

    The Configure: Device Discovery > Discover page appears.

  4. In the Media Servers field, select one of the following options:

    • Specific type

      Discover all tape devices or tape devices attached to hosts of a specific type. Select one of the following:

      • All: Discovers tape devices attached to all hosts in the administrative domain.

      • OSB: Discovers tape devices attached to hosts that have the Oracle Secure Backup software installed.

      • NDMP: Discovers tape devices attached to all NDMP devices in the administrative domain.

    • Specific host

      Discovers tape devices attached to specific hosts. Multiple hosts can be specified by holding down the Shift key while selecting the hosts.

  5. If the tape devices are being set up using SCSI persistent binding, then you must specify the path in which Oracle Secure Backup searches for device files by using the OB_DEVICE_SEARCH_PATH parameter.

    See Also:

    Oracle Secure Backup Reference for information about the OB_DEVICE_SEARCH_PATH parameter

  6. In the Options field, select one of the following options:

    • Display Discovered Devices

      Displays information about the attached tape devices that was discovered by Oracle Secure Backup. The discovered devices are not configured in the domain.

    • Automatically Configure Discovered Devices

      Discovers tape devices attached to media servers and then configures them as devices in the administrative domain.

    • Only Show Missing Devices

      Displays information about tape devices that were previously configured but whose attachments are not discovered during the device discovery process.

  7. Click Discover.

    If changed tape devices are discovered, then the Oracle Secure Backup Web tool displays a message similar to the following:

    Figure 7-1 Device Discovery Page

    Description of Figure 7-1 follows
    Description of "Figure 7-1 Device Discovery Page"

Steps to Detect Missing Tape Devices

Automatic device discovery can detect tape devices that were previously configured but are now missing from the administrative domain.

To detect missing devices in the administrative domain:

  1. Open the Oracle Secure Backup Web tool running on the administrative server and log in as the admin user.

    See Also:

    "Starting a Web Tool Session" for information about accessing the Web tool

  2. Click the Configure tab.

    The Configure page is displayed.

  3. Click Discover Devices.

    The Configure: Device Discovery > Discover page appears.

  4. In the Media Servers field, select one of the following options:

    • Specific type

      Discovers all tape devices or tape devices attached to hosts of a specific type. Select one of the following:

      • All: Discovers tape devices attached to all hosts in the administrative domain.

      • OSB: Discovers tape devices attached to hosts that have the Oracle Secure Backup software installed.

      • NDMP: Discovers tape devices attached to all NDMP devices in the administrative domain.

    • Specific host

      Discovers tape devices attached to the specified hosts. Multiple hosts can be specified by holding down the Shift key while selecting the hosts.

  5. In the Options field, select Only Show Missing Devices.
  6. Click Discover.

Adding Tape Devices to an Administrative Domain

This section explains how to configure tape drives and tape libraries for use with Oracle Secure Backup. During initial configuration of the administration domain, you must add all tape devices in your environment to the domain. Subsequently, when you add new devices to your domain, you must configure the new tape devices using the steps described in this section.

This section contains the following topics:

About Tape Device Names

A tape device can be assigned a logical name by the host operating system (such as nrst0a), but it also can have a worldwide name, such as nr.WWN[2:000:0090a5:0003f7]L1.a. On some platforms, such as a Fibre Channel tape drive or tape library connected to a Network Appliance filer, the logical name might vary at each operating system restart. Oracle Secure Backup supports such tape devices, but they must be referred to by their worldwide name, which does not change across operating system restarts.

Any substring of the raw device name for the attachment that is the string $WWN is replaced with the value of the WWN each time the tape device is opened. For example a usable raw device name for a Storage Area Network (SAN) Network Appliance filer is nr.$WWN.a, specifying a no-rewind, best-compression tape device having the World Wide Name found in the device object.

The WWN is usually automatically discovered by the device discovery function in Oracle Secure Backup. However, you can enter it manually if necessary.

About Manually Configuring Tape Drives and Libraries

For both tape drives and tape libraries, you can configure the following attributes:

  • The name of the tape device

  • The attachment, which is the description of a physical or logical connection of a tape device to a host

  • Whether the tape device is in service

For tape drives, you can configure the following additional attributes:

  • The tape library in which the tape drive is housed, if the tape drive is not standalone

  • A storage element range that the tape device can use, if the tape drive is in a tape library

Note:

Oracle Secure Backup identifies each tape drive within a tape library by its data transfer element (DTE) number. You must assign each tape device a DTE number if it is installed within a tape library. DTEs are numbered 1 through n. See the description of the --dte option to the mkdev command in Oracle Secure Backup Reference for more details on data transfer element numbers.

For tape libraries, you can configure the following additional attributes:

  • Whether automatic cleaning is enabled

  • The duration of a cleaning interval

  • Whether a barcode reader is present

See Also:

Oracle Secure Backup Reference for a complete account of tape device attributes.

Methods of Configuring Tape Devices

You can configure a tape drive or tape library for use with Oracle Secure Backup using one of the following methods:

Note:

You must add the media server role to a host before adding any tape devices whose attachment point references that host. Oracle Secure Backup does not do this automatically.

Steps to Configure Tape Devices in the Administrative Domain

This section provides an overview of the steps used to configure tape devices, with each step containing links to the sections that describe how to perform each device configuration task.

To configure your administrative domain to include tape devices:

  1. Perform one of the following steps to add tape devices to the administrative domain:

  2. Configure tape devices that are network-accessible but are not locally attached.

    You must decide which media servers should control the tape devices and, for each media server, specify an attachment between the media server and the tape device. The procedure is identical to configuring a tape device attached locally to a media server.

  3. Verify each device attachment as described in "Verifying Tape Device Configuration".

  4. Inventory each tape library, and then list its volumes as described in "Updating Tape Library Inventory".

    Each volume in a tape library should show either a barcode or the status unlabeled. If a library shows a slot as occupied, then this slot is in an invalid state.

Displaying the Devices Page

The Devices page, illustrated in Figure 7-2, lists each tape library and tape drive that is currently in the administrative domain. The page lists the type, status, and name of every tape device.

Figure 7-2 Devices Page

Description of Figure 7-2 follows
Description of "Figure 7-2 Devices Page"

To display the Devices page:

  1. Open the Oracle Secure Backup Web tool running on the administrative server and log in as the admin user.

    See Also:

    "Starting a Web Tool Session" for information about accessing the Web tool

  2. Click the Configure tab.
  3. Click Devices in the Basic section.

    The Configure: Devices page appears.

Manually Configuring Tape Libraries

Automatic Device Discovery is the recommended method for configuring a tape library for use with Oracle Secure Backup. This section explains how to manually configure a tape library.

See Also:

"Overview of Automatic Device Discovery"

To configure a tape library:

  1. Disable any system software that scans and opens arbitrary SCSI targets before adding a tape device to an administrative domain. If Oracle Secure Backup has to contend with other system software (such as monitoring software) for access to a tape library or tape drive, then unexpected behavior can result.
  2. Display the Devices page as described in "Displaying the Devices Page".
  3. Click Add to add a tape device.
  4. In the Device field, enter a name for the tape device.

    The name must start with an alphanumeric character. It can only contain letters, numerals, dashes, underscores, or periods. It can contain at most 127 characters.

    The tape device name is of your choosing. It must be unique among all Oracle Secure Backup device names. It is unrelated to any other name used in your computing environment or the Oracle Secure Backup administrative domain.

  5. In the Type list, select library.
  6. In the ACSLS field, select yes if the tape library is an ACSLS library.
  7. In the Status list, select one of these options:

    • in service

      Select this option to indicate that the tape device is available to perform Oracle Secure Backup backup and restore operations.

    • not in service

      Select this option to indicate that the tape device is unavailable to perform backup or restore operations.

    • auto not in service

      This option indicates that the tape device is unavailable to perform backup or restore operation and is set automatically for a failed operation.

  8. In the Debug mode list, select yes or no. The default is yes.
  9. In the World Wide Name field, enter a worldwide name for the tape device, if required.

    See Also:

    "About Tape Device Names" for more information on World Wide Names

  10. In the Barcode reader list, select one of these options to indicate whether a barcode reader is present:

    • yes

      Select this option to indicate that the tape library has a barcode reader.

    • no

      Select this option to indicate that the tape library does not have a barcode reader.

    • default

      Select this option to indicate that Oracle Secure Backup should automatically determine the barcode reader using information reported by either the tape library, the external device file, or both.

  11. In the Barcode required list, select yes or no. If you specify yes, then Oracle Secure Backup refuses to use any tape that lacks a readable barcode.

    By default, Oracle Secure Backup does not discriminate between tapes with readable barcodes and those without. This policy ensures that Oracle Secure Backup can always solicit a tape needed for a restore operation by using either the barcode or the volume ID.

  12. Set whether the tape library should use automatic cleaning.
  13. In the Unload required list, select yes or no to specify if an unload operation is required before moving a tape from a tape drive to a storage element.

    The default value is no.

  14. Select an ejection type. Your choices are:

    • auto

      Whenever a volume becomes eligible to be ejected from the tape library, Oracle Secure Backup moves that volume to an export element and notifies the backup operator that it is available there. If no export elements are available, then Oracle Secure Backup requests operator assistance.

    • ondemand

      Whenever a volume becomes eligible to be ejected from the tape library, Oracle Secure Backup marks the volume to that effect. A media movement job then waits for the operator to reply to the job. The operator replies to the job through the job transcript. When the operator replies to the job to continue, Oracle Secure Backup ejects all such volumes through export elements.

    • manual

      No automation is used to eject volumes from the tape library. The backup operator determines which storage elements contain volumes ready to be ejected and manually removes them. This option can be useful when the tape library has no import/export slots.

  15. Enter a value in the Minimum writable volumes field.

    When Oracle Secure Backup scans tape devices for volumes to be moved, it looks at this minimum writable volume threshold. If the minimum writable volume threshold is nonzero, and if the number of writable volumes in that tape library is less than this threshold, then Oracle Secure Backup creates a media movement job for the full volumes even if their rotation policy does not require it. When this happens, Oracle Secure Backup notes in the media movement job transcript that volumes have been moved early.

  16. Click OK to save your changes.

See Also:

"Adding Tape Device Attachments"

Configuring Automatic Tape Drive Cleaning for a Library

Oracle Secure Backup can automatically clean each tape drive in a tape library. A cleaning cycle is initiated either when a tape drive reports that it needs cleaning or when a specified usage time has elapsed.

Oracle Secure Backup checks for cleaning requirements when a cartridge is either loaded into or unloaded from a tape drive. If at that time a cleaning is required, then Oracle Secure Backup loads a cleaning cartridge, waits for the cleaning cycle to complete, replaces the cleaning cartridge in its original storage element, and continues with the requested load or unload.

To configure automatic cleaning for a tape library:

  1. In the Auto clean list, select yes to enable automatic tape drive cleaning or no to disable it. You can also manually request that a cleaning be performed whenever a tape drive is not in use.

    Note:

    Not all tape drives can report that cleaning is required. For those tape drives, you must define a cleaning interval.

    In the Clean interval (duration) field, enter a value and then select the cleaning frequency from the adjacent list. This interval is the amount of time a tape drive is used before a cleaning cycle is initiated. If automatic tape drive cleaning is enabled, then this duration indicates the interval between cleaning cycles.

  2. In the Clean using emptiest field, select one of these options:

    • yes

      Select this option to specify the emptiest cleaning tape, which causes cleaning tapes to "round robin" as cleanings are required.

    • no

      Select this option use the fullest cleaning tape, which causes each cleaning tape to be used until it fills, then the next cleaning tape fills, and so on.

    If there are multiple cleaning tapes in a tape library, then Oracle Secure Backup must decide which to use. If you do not otherwise specify, then Oracle Secure Backup chooses the cleaning tape with the fewest number of cleaning cycles remaining.

  3. Click OK to save your changes.

Configuring Tape Drives

The preferred method of configuring devices is by using automated device discovery. The following procedure describes the steps to configure tape drives manually.

This section explains how to configure a tape drive for use with Oracle Secure Backup. If the tape drive you want to configure is attached to a tape library, then you must configure the tape library first, as described in "Manually Configuring Tape Libraries".

To configure tape drives for use with Oracle Secure Backup:

  1. Disable any system software that scans and opens arbitrary SCSI targets before adding a tape device to an administrative domain. If Oracle Secure Backup has to contend with other system software (such as monitoring software) for access to tape libraries and tape drives, then unexpected behavior can result.
  2. Display the Devices page as described in "Displaying the Devices Page".
  3. Click Add to add a tape device.
  4. In the Device field, enter a name for the tape device.

    The name must start with an alphanumeric character. It can only contain letters, numerals, dashes, underscores, or periods. It can contain at most 127 characters.

    The tape device name is of your choosing. It must be unique among all Oracle Secure Backup device names. It is unrelated to any other name used in your computing environment or the Oracle Secure Backup administrative domain.

  5. Optionally, enter the serial number of the tape drive in the Serial Number field.

    If you do not enter a serial number, then Oracle Secure Backup reads and stores the tape drive serial number the first time it opens the tape drive.

    The checkserialnumbers policy is enabled by default. If you change the tape drive hardware, then you must update the serial number of the tape drive before using it.

    See Also:

  6. In the Type list, select tape.
  7. In the ACSLS field, select yes if the tape library is an ACSLS library.
  8. In the Status list, select one of these options:

    • in service

      Select this option to indicate that the tape device is available to perform Oracle Secure Backup backup and restore operations.

    • not in service

      Select this option to indicate that the tape device is unavailable to perform backup or restore operations.

    • auto not in service

      This option indicates that the tape device is unavailable to perform backup or restore operation and is set automatically for a failed operation.

  9. In the Debug mode list, select yes or no. The default is no.
  10. Optionally, in the World Wide Name field, enter a worldwide name for the tape device.

    See Also:

    "About Tape Device Names" for more information on World Wide Names

  11. If the tape drive is located in a tape library, then select the tape library by name from the Library list.
  12. In the DTE field, enter the data transfer element (DTE) number, only if it hasn't been automatically discovered using automated device discovery.

    Note:

    This parameter is not available for standalone tape drives.

  13. In the Automount field, select yes (default) or no to specify whether automount mode is on or off. Enable the automount mode if you want Oracle Secure Backup to mount tapes for backup and restore operations without operator intervention.
  14. In the Error rate field, enter an error rate percentage or leave this field blank to accept the default setting. The default is 8.

    The error rate is the ratio of restored write errors that occur during a backup job divided by the total number of blocks written, multiplied by 100. If the error rate for any backup is higher than this setting, then Oracle Secure Backup displays a warning message in the backup transcript.

    Oracle Secure Backup also issues a warning if it encounters a SCSI error when trying to read or reset the tape drive error counters. Some tape drives do not support the SCSI commands necessary to perform these operations. To avoid these warnings, error rate checking can be disabled by selecting None.

  15. In the Blocking factor field, enter the blocking factor or leave this field blank to accept the default setting. The default is 128 bytes.

    The blocking factor value specifies how many 512-byte records to include in each block of data written to tape. The default value is 128, which means that Oracle Secure Backup writes 64K blocks to tape.

    See Also:

    "Tape Drives" for more information on blocking factors and maximum blocking factors

  16. In the Max Blocking factor field, enter the maximum blocking factor.

    The largest value supported for the maximum blocking factor is 4096. This represents a maximum tape block size of 2MB.

    Note:

    Device and operating system limitations might reduce this maximum block size.

  17. In the Drive usage since last clear field, enter the amount of time the tape drive has been in use since it was last cleaned and then select the time unit from the adjacent list.
  18. Leave the Current tape field empty during initial configuration. Update the tape drive inventory after configuration, as described in "Updating Tape Library Inventory".
  19. Oracle Secure Backup allows all tapes to be accessed by all tape drives. The use list enables you to divide the use of the tapes for tape libraries in which you are using multiple tape drives to perform backups. For example, you might want the tapes in half the storage elements to be available to the first tape drive, and those in the second half to be available to the second tape drive.

    In the Use list group, select one of these options to configure the use list:

    • Storage element range or list

      Select this option for a numeric range of storage element addresses. Enter a range in the field, for example, 1-20.

    • All

      Select this option to specify all storage elements. For tape libraries with single tape drives, you can select this option to use all tapes. This is the default setting.

    • None

      Select this option to indicate that no storage elements have yet been specified. If you select All or Storage element range or list, then this option is no longer visible.

  20. In the Enable Checksum field, select one of the following options:

    • system default

      Uses the setting specified by the Enable tape checksum device policy to determine if a checksum must be computed for backup image instances stored on this tape device. This is the default setting.

    • yes

      Computes a checksum for the all backup image instances that are stored on this tape device. The checksum is stored as part of the backup metadata.

    • no

      Does not compute or store a checksum for the backup image instances that are stored on this tape device.

  21. Click OK to save your changes.

Configuring an NDMP Copy-Enabled Virtual Tape Library

An NDMP copy-enabled virtual tape library (VTL) is a virtual tape library with an embedded NDMP server and multiple access paths. The embedded NDMP server allows offloading the I/O associated with volume duplication from the application running on the media server to the VTL.

An NDMP copy-enabled virtual tape library (VTL) must be represented in Oracle Secure Backup as a group of tape devices with multiple attach specifications. This ensures that the inventory data coming through the multiple access paths is identical.

Two Oracle Secure Backup host objects must be created to represent the VTL. One object must be associated with the media server to which the VTL is attached. The other host object must be associated with the VTL's embedded NDMP server. Both host objects must be assigned the media server role in Oracle Secure Backup.

One Oracle Secure Backup library device object with two attach specifications must be created for the virtual library. One access path is through the media server to which the VTL is attached. The other access path is through the embedded NDMP server.

An Oracle Secure Backup tape device object with two access paths must also be created for each virtual drive contained within the virtual library. As in the virtual library case, one access path is through the media server, and the other is through the embedded NDMP server.

One Oracle Secure Backup library device object with a single attach specification must be created for the physical library. The access path is through the VTL's embedded NDMP server. An Oracle Secure Backup tape device object with a single attach specification must also be created for each physical drive contained within the physical library. As in the physical library case, the access path is through the VTL's embedded NDMP server.

Note:

Multiple media servers may be able to access the physical library and its drives if they are all connected to a shared SAN. In this case, the Oracle Secure Backup device objects for the physical library and its drives must be created with multiple attach points.

Here is an example of the obtool commands that would be used to configure an NDMP copy-enabled VTL. Many of the options that would be specified in a real environment have been omitted for clarity. Also, the device names shown are simply placeholders that may differ from the actual names in a real environment.

  1. This command creates the Oracle Secure Backup host object associated with the media server to which the VTL is attached. 
    mkhost --access ob --ip ipname osb_media_server
  2. This command creates the Oracle Secure Backup host object associated with the embedded NDMP server contained within the VTL.
    mkhost --access ndmp --ip ipname ndmp_server
  3. This command configures an Oracle Secure Backup device object that is associated with the virtual library vlib. 
    mkdev --type library --class vtl 
--attach osb_media_server:/dev/obl0,ndmp_media_server:/dev/sg0 vlib

    This library and its drives are accessible through the Oracle Secure Backup media server and the embedded NDMP server.

  4. This command configures an Oracle Secure Backup device object that is associated with virtual tape drive vdrive1, which is contained in the virtual library vlib. 
    mkdev --type tape --library vlib --dte 1 
--attach osb_media_server:/dev/obt0,ndmp_media_server:/dev/nst0 vdrive1

    This command must be repeated for each tape drive in the virtual tape library.

  5. This command configures an Oracle Secure Backup device object that is associated with the physical library plib.
    mkdev --type library --attach ndmp_media_server:/dev/sg1 plib

    This library and its drives are accessible only through the embedded NDMP server.

  6. This command configures an Oracle Secure Backup device object that is associated with tape drive pdrive1, which is contained in the physical library plib.
    mkdev --type tape --library plib --dte 1 
--attach ndmp_media_server:/dev/nst1 pdrive1

See Also:

Oracle Secure Backup Administrator's Guide for more information on NDMP copy-enabled virtual tape libraries

Adding Tape Device Attachments

Oracle Secure Backup distinguishes between a tape device and a device attachment. Automated Device Discovery makes it so that it is no longer necessary to manually configure device attachments in Oracle Secure Backup. This section is added as a reference for situations where detailed understanding of the process of manually configuring device attachments in Oracle Secure Backup is needed. A device attachment is the means by which that tape device is connected to a host and Oracle Secure Backup uses this attachment as a data path to communicate with the device. Each drive or library accessed by Oracle Secure Backup has one or more attachments.

Before configuring a device attachment, refer to the description of the mkdev command in Oracle Secure Backup Reference. The description of the aspec placeholder describes the syntax and naming conventions for device attachments.

To configure device attachments:

  1. After adding or editing a device, click Attachments.
  2. Select a host in the Host list.
  3. In the Raw device field, enter the raw device name. This is the operating system's name for the device, such as a Linux or UNIX attach point or a Windows device file. For example, a tape library name might be /dev/obl0 on Linux and //./obl0 on Windows.
  4. Click Add to add the attachment.
Pinging Device Attachments

You can ping a device attachment to determine whether the tape device is accessible to Oracle Secure Backup using that attachment. Pinging device attachments is a good way to test whether you set up the attachment properly.

When you ping a device, Oracle Secure Backup performs the following steps:

  1. Establishes a logical connection to the device

  2. Inquires about the device's identity data with the SCSI INQUIRY command

  3. Closes the connection

If the attachment is remote from the host running the Oracle Secure Backup Web tool (or obtool), then Oracle Secure Backup establishes an NDMP session with the remote media server to effect this function.

To ping an attachment from the Attachments page:

  1. From the Oracle Secure Backup Web Tool Home Page, click Configure.
  2. On the Configure page, under Basics, click Devices.
  3. Select an attachment to ping.
  4. Click Ping.

    The Oracle Secure Backup: Devices page displays the accessibility status of the attachment.

  5. Click Close to exit the page.
Displaying Device Attachment Properties

You can display device attachment properties from the Devices page.

To display attachment properties:

  1. Select the name of the tape device whose attachment properties you want to view.
  2. Click Show Properties.

    The Oracle Secure Backup Web tool displays device attachments and other properties for the tape device you selected.

  3. Click Close to exit the page.

Multiple Attachments for SAN-Attached Tape Devices

A tape device attached to a SAN often has multiple attachments, one for each host with local access to the tape device through its Fibre Channel interface. A tape device attached to a SAN is also distinguished by a World Wide Name (WWN), an internal identifier that uniquely names the tape device on the SAN. Systems such as a Network Appliance filer permit access to tape devices attached to a SAN through their WWN. Oracle Secure Backup includes a reference to the WWN in the device attachment's raw device name.

Tape devices such as certain Quantum and SpectraLogic tape libraries appear to be connected directly to an Ethernet LAN segment and accessed through NDMP. In fact, Oracle Secure Backup views these devices as having two discrete components:

  • A host, which defines the IP address and which you configure through the Oracle Secure Backup Web tool Hosts page or the mkhost command

  • A tape device, which has one attachment to the single-purpose host that serves as the front end for the tape device

Devices such as DinoStor TapeServer use a single host to service multiple tape devices.

For NDMP servers that run version 2, other data might be required to define SCSI parameters needed to access the tape device. These parameters are sent in an NDMP message called NDMP_SCSI_SET_TARGET. Oracle Secure Backup NDMP servers do not use this data or this message.

See Also:

The description of the mkdev command aspec placeholder in Oracle Secure Backup Reference, which describes the syntax and naming conventions for device attachments

Configuring Multihosted Device Objects

A multihosted device, also known as a shared device, is a tape library shared by multiple hosts within a single administrative domain. Shared devices are common in environments that deploy SAN or iSCSI-based tape equipment. These technologies give the user the flexibility to have multiple direct connections from hosts to tape devices, which enables all hosts to act as media servers.

When a device is shared by multiple hosts, a single device object is used to ensure that it is known by its serial number across all members of the Oracle Secure Backup administrative domain. The configuration is done behind the scenes using automated device discovery and multiple attachments will be created, one for each device on each media server by which the device will be accessed.

Table 7-1 shows the correct configuration of a single tape library and tape drive shared by two hosts: host_a and host_b. After the devices are configured, Oracle Secure Backup is aware of the devices and handles device reservation properly.

Table 7-1 Correct Configuration for Tape Library and Tape Drive

Tape Device Object Attach Point 1 Attach Point 2

SAN_library_1

host_a:/dev/sg1

host_b:/dev/sg5

SAN_tape_1

host_a:/dev/sg2

host_b:/dev/sg6

If the device is configured as two separate device objects that point to the same physical device, then there is potential for contention. In this case, simultaneous backups to the these devices fail. Table 7-2 shows the incorrect configuration of a single tape library and tape drive shared by two hosts: host_a and host_b.

Table 7-2 Incorrect Configuration for Tape Library and Tape Drive

Tape Device Object Attach Point

SAN_library_1a

host_a:/dev/sg1

SAN_library_1b

host_b:/dev/sg5

SAN_tape_1a

host_a:/dev/sg2

SAN_tape_1b

host_b:/dev/sg6

Updating Tape Library Inventory

An initial inventory of the storage element contents should be taken immediately after adding a new tape library to your Oracle Secure Backup administrative domain. This is necessary before Oracle Secure Backup will be able to use the library.

To update a tape library or tape drive inventory using the Oracle Secure Backup Web tool:

  1. From the Oracle Secure Backup Web tool Home page, click Manage.

    The Manage page appears.

  2. In the Devices section, click Libraries.

    The Manage: Libraries page appears as shown in Figure 7-3.

    Figure 7-3 Manage: Libraries Page

    Description of Figure 7-3 follows
    Description of "Figure 7-3 Manage: Libraries Page "
  3. Select the tape drive or tape library you want to inventory in the Devices table.
  4. Select Inventory (Library | Drive) in the Library commands list.

    In this example, lib1 is selected.

  5. Click Apply.

    The Manage: Libraries page appears.

  6. Ensure that the Library list is set to the device you want to inventory.
  7. Select the Force option.

    Instead of reading from its cache, the tape library updates the inventory by physically scanning all tape library elements.

  8. Click OK.

    When the inventory is complete, the Manage: Libraries page reappears and displays a success message.

    To see the results of the inventory, select the tape drive or tape library again and click List Volumes.

Verifying and Configuring Added Tape Devices

This section explains how to verify that tape devices are reachable, display information about these devices, and configure serial number checking.

This section contains the following topics:

Displaying Device Properties

The Oracle Secure Backup Web tool can display tape device properties including:

  • Whether a tape device is in service

  • Which host or hosts the tape device is connected to

  • The tape device type

When a tape device is in service, then Oracle Secure Backup can use it; when it is not in service, then Oracle Secure Backup cannot use it. When a tape device is taken out of service, no more backups are dispatched to it.

To display tape device properties:

  1. Display the Devices page as described in "Displaying the Devices Page".
  2. Select the name of the tape device whose properties you want to display.
  3. Click Show Properties.

    The Oracle Secure Backup Web tool displays a page with the properties for the tape device you selected.

Pinging Tape Devices

To determine whether a tape device is reachable by Oracle Secure Backup through any available attachment, ping the tape device. You should ping each tape device after it is configured or discovered, to check it's accessibility status.

To ping a tape device:

  1. Perform the steps in "Verifying Tape Device Configuration" to ensure that the device has been configured correctly.
  2. Display the Devices page as described in "Displaying the Devices Page".
  3. Select a tape device to ping.
  4. Click the Ping button.

    The Oracle Secure Backup Web tool displays the status of the operation.

Note:

Pinging a tape library causes each service member tape drive in the tape library to be pinged as well.

Editing Device Properties

If you make an error during installation, such as not configuring every attachment for a tape device or incorrectly configuring its properties, then you can edit its properties.

To edit the properties of an existing tape device:

  1. Display the Devices page as described in "Displaying the Devices Page".
  2. Select the name of the tape device.
  3. Click Edit.

    The Oracle Secure Backup Web tool displays a page with details for the tape device you selected.

  4. Make any required changes.

    See Also:

    For information about the device properties, refer to the following sections:

  5. Click OK to save your changes.

Verifying Tape Device Configuration

Oracle Secure Backup provides the following method for confirming that libraries and tape devices are configured correctly.

To verify tape device configuration:

  1. From the Oracle Secure Backup Web tool home page, click Configure.

    The Configure page appears

  2. In the Basic section click Devices.

    The Configure Devices page appears.

  3. Select the library whose configuration you want to check and click Verify.

    The Configure: Libraries > Verify device_name page appears as shown in Figure 7-4.

    Figure 7-4 Configure: Libraries Verification Page

    Description of Figure 7-4 follows
    Description of "Figure 7-4 Configure: Libraries Verification Page"

    In this example, library vlib1 is verified. No errors are found.

Setting Serial Number Checking

You can use the Oracle Secure Backup Web tool to enable or disable tape device serial number checking. If serial number checking is enabled, then whenever Oracle Secure Backup opens a tape device, it checks the serial number of that device. If the tape device does not support serial number reporting, then Oracle Secure Backup simply opens the tape device. If the tape device does support serial number checking, then Oracle Secure Backup compares the reported serial number to the serial number stored in the device object. Three results are possible:

  • There is no serial number in the device object.

    If Oracle Secure Backup has never opened this tape drive since the device was created or the serial number policy was enabled, then it cannot have stored a serial number in the device object. In this case, the serial number is stored in the device object, and the open succeeds.

  • There is a serial number in the device object, and it matches the serial number just read from the device.

    In this case, Oracle Secure Backup opens the tape device.

  • There is a serial number in the device object, and it does not match the serial number just read from the device.

    In this case, Oracle Secure Backup returns an error message and does not open the tape device.

Note:

Oracle Secure Backup also performs serial number checking as part of the --geometry/-g option to the lsdev command in obtool. This option causes an Inquiry command to be sent to the specified device, and lsdev displays its vendor, product ID, firmware version, and serial number.

To enable or disable tape device serial number checking:

  1. From the Oracle Secure Backup Web tool Home page, click Configure.

    The Configure page appears.

  2. In the Advanced section, click Defaults and Policies.

    The Configure: Defaults and Policies page appears as shown in Figure 7-5.

    Figure 7-5 Configure Details and Policies Page

    Description of Figure 7-5 follows
    Description of "Figure 7-5 Configure Details and Policies Page"

  3. In the Policy column, click devices.

    The Configure: Defaults and Policies > Devices page appears as shown in Figure 7-6.

    Figure 7-6 Defaults and Policies for Devices

    Description of Figure 7-6 follows
    Description of "Figure 7-6 Defaults and Policies for Devices"

  4. Do one of the following:

    1. Select Yes from the Check serial numbers list to enable tape device serial number checking. This is the default setting.

    2. Select No from the Check serial numbers list to disable tape device serial number checking.

  5. Click OK.

    The Configure: Defaults and Policies page appears with a success message.

Configuring Disk Pools

Before you can store backups on a disk pool, you must configure the disk pool as a device in your administrative domain. Unlike tape devices, disk pools can be accessed concurrently by independent backup and restore jobs.

This section contains the following topics:

Displaying the Defined Disk Pools

You must have the query and display information about devices right to display disk pools.

To display the list of currently defined disk pools using the Web tool:

  1. On the Oracle Secure Backup Web tool Home page, click Configure.
  2. In the Basic section, click Devices.
  3. The Configure: Devices page is displayed. It lists all the currently-defined backup containers (disk pools, tape libraries, and tape drives). The details displayed for each backup container are the device name, status, and type of device.

Creating Disk Pools

To store your backups to a file-system on disk, you must first configure a device that corresponds to this file-system directory. You must have the manage devices and change device state right to create disk pools.

See Also:

Oracle Secure Backup Administrator's Guide for an overview of disk pools

To create a disk pool using the Web tool:

  1. Perform the steps in "Displaying the Defined Disk Pools".

    The Configure: Devices page appears.

  2. Click Add.

    The Configure: Devices > New Device page appears.

  3. In the Device field, enter a name for the disk pool.

    The name must start with an alphanumeric character and be unique across the administrative domain. It can contain letters, numerals, dashes, underscores, or periods. It cannot contain spaces. The maximum character length is 127 characters.

  4. In the Type field, select disk.
  5. In the Status field, specify if the disk pool is available for backup or restore operations by selecting one of the following options:

    • in service

      Indicates that the disk pool is available to perform Oracle Secure Backup backup and restore operations.

    • not in service

      Indicates that the disk pool is unavailable to perform Oracle Secure Backup backup and restore operations.

    • auto not in service

      Indicates that the disk pool is unavailable to perform backup or restore operation and is set automatically for a failed operation.

  6. In the Debug mode field, select yes or no. The default is yes.
  7. In the Capacity field, specify a value that represents the space allocated to the disk pool. Select one of the following to specify the unit of storage space: KB, MB, GB, TB, PB, or EB. Leave the default value of (not set) to indicate that no maximum capacity is specified for this disk pool. In this case, the capacity of the disk pool is limited only by the underlying file system that hosts the disk pool.

    If the space occupied by backups on the disk pool exceeds the capacity specified, then Oracle Secure Backup does not schedule new jobs for this disk pool until the space utilization drops to below the specified capacity.

  8. In the Concurrent Jobs field, specify the number of jobs that can be run concurrently for this disk pool. Select unlimited to indicate that no limit is set for the number of concurrent jobs.

    This property enables you to control the concurrent usage of disk pools. The jobs include backup jobs, restore jobs, and media management jobs.

  9. In the Free space goal percentage field, select system default or any value between 1-100.

    The free space goal percentage is the percentage of free space that Oracle Secure Backup maintains in a disk pool. Before scheduling a backup or restore job for a disk pool, the Oracle Secure Backup scheduler checks the disk pool utilization. If the amount of free space is lower than the specified free space goal percentage, then expired backup image instances are deleted.

  10. In the Blocking factor field, enter a value that specifies the blocking factor for the disk pool or leave the field blank to accept the default setting. The default is 128 bytes.

    See Also:

    Oracle Secure Backup Administrator's Guide for information about blocking factor and maximum blocking factor

  11. In the Max blocking factor field, enter a value for the maximum blocking factor for the disk pool.

    The largest value supported for the maximum blocking factor is 4096. This represents a maximum block size of 2MB.

  12. In the Attachment field, specify the host and file-system directory that stores backup image instances for this disk pool. Provide information in the following fields:

    • Host: Base path: Enter the host name of the Oracle Secure Backup client that stores the backups.

    • Directory: Enter the name of the file-system directory that stores the backups for this disk pool.

    • Initialize: Select yes or no.

  13. In the Enable Checksum field, select one of the following options:

    • system default

      Uses the setting specified by the Enable disk checksum device policy to determine if a checksum must be computed for backup image instances. This is the default setting.

    • yes

      Computes a checksum for the all backup image instances that are written to this disk pool. The checksum is stored as part of the backup metadata.

    • no

      Does not compute or store a checksum for the backup image instances that are written to this disk pool.

  14. Click OK to create the disk pool.

Caution:

In a dedup filesystem, the amount of disk space occupied by a diskpool (as reported by OS commands, such as "df -h") is lower than the standard storage. If you create a diskpool on a dedup filesystem and overfill the filesystem, Oracle Secure Backup utilities for managing disk space will not report accurate sizes for diskpools on dedup filesystems.

Editing Disk Pool Properties

You can use the Web tool to edit disk pool properties. You must have the manage devices and change device state right to edit disk pool properties.

To edit the properties of a disk pool:

  1. Perform the steps in "Displaying the Defined Disk Pools".

    The Configure: Devices page appears. The currently configured devices, tape devices and disk pools, are listed on this page.

  2. Select the disk pool whose properties need to be edited and click Edit.

    The Configure: Device > disk_pool_name page is displayed.

  3. Modify the required disk pool properties.

    You can edit any of the following properties: Status, Debug mode, Capacity, Concurrent jobs, Free space goal percentage, Blocking factor, Max blocking factor.

    See "Creating Disk Pools" for more details about each of these properties.

  4. Click Save to commit the changes to disk pool properties.

Renaming Disk Pools

You must have the manage devices and change device state right to edit disk pool properties.

To rename a disk pool:

  1. Perform the steps in "Displaying the Defined Disk Pools".

    The Configure: Devices page appears. The currently configured devices, tape devices and disk pools, are listed on this page.

  2. Select the disk pool that you want to rename and click Rename.
  3. In the Rename device_name to field, enter the new name of the disk pool.

Removing Disk Pools

You need the manage devices and change device state right to remove a disk pool.

To remove a disk pool:

  1. Perform the steps in "Displaying the Defined Disk Pools".

    The Configure: Devices page appears. The currently configured devices, tape devices and disk pools, are listed on this page.

  2. Select the disk pool to be removed and click Remove.

    A prompt is displayed asking if you want to delete all backup image instances for the disk pool that is being removed.

  3. Totalled the backup image instances stored on the selected disk pool, select Yes.

    To retain the backup image instances stored on the selected disk pool, select No.

    A prompt is displayed asking if you want to force a delete of backup image instances even if they are unexpired.

  4. Click Yes to force a delete of backup image instances on the selected disk pool. Click No to retain unexpired backup image instances.
  5. On the Configure: Device Remove Summary page, a confirmation is displayed asking if you want to remove the disk pool. Click Yes.

Managing Hosts in the Administrative Domain

After you configure hosts in the administrative domain, you can manage the hosts by performing any of the following tasks:

Viewing the Hosts in the Administrative Domain

To view hosts in the administrative domain:

  1. Open the Oracle Secure Backup Web tool running on the administrative server and log in as the admin user.

    See Also:

    "Starting a Web Tool Session" for information about accessing the Web tool

  2. Click the Configure tab.

    The Configure page is displayed.

  3. Select Hosts in the Basic section.

    The Configure: Hosts page appears as displayed as displayed in Figure 7-7. The Hosts page lists the host name, configured host roles, and the current status of the host.

Figure 7-7 Oracle Secure Backup Web Tool: Hosts Page

Description of Figure 7-7 follows
Description of "Figure 7-7 Oracle Secure Backup Web Tool: Hosts Page"

Note:

You can also view the current list of hosts with the obtool lshost command.

Viewing or Editing Host Properties

If you are having difficulties configuring Oracle Secure Backup, you might be required to view and/or edit hosts that are members of the domain.

To display or edit host properties:

  1. Display the Hosts page as described in "Viewing the Hosts in the Administrative Domain".
  2. Select the name of the host whose properties require editing.

    Select the Suppress communication with host option to edit a host that is currently not accessible through the network.

  3. Click Edit.

    The Oracle Secure Backup Web tool displays a page with details for the host you selected.

  4. Make any desired changes to the host properties.
  5. Click OK to save your changes.

Updating Hosts in the Administrative Domain

When you add or modify a host in an Oracle Secure Backup administrative domain, Oracle Secure Backup exchanges messages with that host to inform it of its changed state. If you make changes to your administrative host, your client will likely contain outdated configuration information. Update Host can be used to send fresh state information to the client.

Updating is useful only for hosts running Oracle Secure Backup natively. Hosts accessed in NDMP mode, such as NAS devices, do not maintain any Oracle Secure Backup state data and therefore it is not necessary to update their state information.

To update a host:

  1. Display the Hosts page as described in "Viewing the Hosts in the Administrative Domain".
  2. Select the name of the host to be updated.
  3. Click Update.

Removing Hosts from an Administrative Domain

This section explains how to remove a host from an Oracle Secure Backup administrative domain. When you remove a host, Oracle Secure Backup destroys all information pertinent to that host, including:

  • Configuration data

  • Incremental backup state information

  • Metadata in the backup catalog for this host

  • Each device attachment

  • PNI references

When you remove a host, Oracle Secure Backup contacts that host and directs it to delete the administrative domain membership information it maintains locally. You can suppress this communication if the host is no longer accessible.

To remove a host:

  1. Display the Hosts page as described in "Viewing the Hosts in the Administrative Domain".
  2. Select the name of the host to remove.

    Check Suppress communication with host to remove a host that is not connected to the network.

  3. Click Remove.

    Oracle Secure Backup prompts you to confirm the removal of the host.

  4. Click Yes to remove the host or No to leave the host undisturbed.

    Oracle Secure Backup removes the host and returns you to the Host page.

Configuring Cloud Storage Devices

Before you can store backups on a cloud storage device, you must configure it as a device in your administrative domain.

This section contains the following topics:

Prerequisites for Configuring Storage Devices for OCI Classic

You must complete the following tasks before you can configure an Oracle Secure Backup cloud storage device for Oracle Cloud Infrastructure Classic:

  1. Subscribe to Oracle Cloud Infrastructure Object Storage Classic.

  2. Acquire your login credentials and identity domain.

The information provided in this topic explains how to perform each of these tasks.

Subscribing to Oracle Cloud

Oracle Cloud Infrastructure Object Storage Classic offers different storage options with and without replication. In addition to object storage, Oracle provides Oracle Cloud Infrastructure Archive Storage Classic which provides storage for long term retention. To access these services, you must first acquire a subscription.

See Also:

Acquiring Login Credentials and an Identity Domain

When you subscribe to Oracle Cloud services, a unique identifier, called an identity domain, is created for all of your services. It is recommended that you create an identity domain administrator user to manage your cloud services. You must have the Storage_Administrator and Storage_ReadWriteGroup roles in order to do so.

After you receive your identity domain and user credentials, you can use them to create login accounts for other users who need to access the services. To access storage services from Oracle Secure Backup, it is recommended that you create another user that has the Storage_Administrator role.

See Also:

Configuring an Authentication Object for Oracle Cloud Infrastructure

You must create an authentication object for Oracle Cloud Infrastructure before you can configure a cloud storage device that stores backups in Oracle Cloud Infrastructure Object Storage. The authentication object contains information such as the public key fingerprint, private key file, identity domain, and tenancy information that is required to authenticate Oracle Secure Backup with Oracle Cloud Infrastructure.

Before configuring an authentication object for Oracle Cloud Infrastructure:

  • You must have the modify domain configuration right.

  • You must have an Oracle Cloud account with access to Oracle Cloud Infrastructure Object Storage. See Object Storage.

  • You must generate a key pair file that contains a public key and a private key used to authenticate with Oracle Cloud Infrastructure, as described in How to Generate an API Signing Key. Both keys must be in PEM format. The private key is stored on the media server, not in Oracle Cloud.

  • You must configure the key pair in the Oracle Cloud Infrastructure Console as described in How to Upload the Public Key. This generates a fingerprint for the key.

To create an authentication object for Oracle Cloud Infrastructure:

  1. On the Oracle Secure Backup Web tool Home page, click Configure.
  2. In the Basic section, click Authetications.

    The Configure: Authentications page appears.

  3. Click Add.

    The Configure: Authentications > New Authentications page appears.

  4. In the Authentication field, enter a name for the authentication object.

    The name must start with an alphanumeric character and be unique across the administrative domain. It can contain letters, numerals, dashes, underscores, or periods. It cannot contain spaces. The maximum character length is 127 characters.

  5. In the Type field, select OCI to create an Oracle Cloud Infrastructure authentication object.
  6. In the Tenancy ocid field, specify the tenancy OCID for your Oracle Cloud Infrastructure account. The tenancy contains all your Oracle Cloud Infrastructure resources and is assigned a unique ID.
  7. In the User ocid field, specify the user ID for your Oracle Cloud Infrastructure account.
  8. In the Key field, click Browse and select the file that contains the private key that you generated to authenticate Oracle Secure Backup with Oracle Cloud Infrastructure.
  9. In the Fingerprint field, specify the public key that you generated in the key pair file.
  10. In the Identity Domain field, specify the identity domain. The identity domain is a construct for managing certain features of Oracle Cloud Infrastructure.
  11. In the URL field, specify the endpoint URL provided by Oracle Cloud Infrastructure Object Storage.

    The endpoint URL depends on the region. For example: 

    https://objectstorage.us-phoenix-1.oraclecloud.com
  12. In the Comments field, enter a description of this authentication object.

    This step is optional.

  13. Click Apply.

Creating Cloud Storage Devices for Oracle Cloud Infrastructure

Use the mkdev command or the Oracle Secure Backup Web tool to create a new cloud storage device for Oracle Cloud Infrastructure.

You must have the manage devices and change device state rights to create cloud storage devices for Oracle Cloud Infrastructure. An authentication object for Oracle Cloud Infrastructure must also be configured.

To create a cloud storage device for Oracle Cloud Infrastructure using the Web tool:

  1. Perform the steps in "Displaying the Defined Cloud Storage Devices".

    The Configure: Devices page appears.

  2. Click Add.

    The Configure: Devices > New Device page appears.

  3. In the Device field, enter a name for the cloud storage device.

    The name must start with an alphanumeric character and be unique across the administrative domain. It can contain letters, numerals, dashes, underscores, or periods. It cannot contain spaces. The maximum character length is 127 characters.

  4. In the Type field, select cloudstorage.
  5. In the Status field, specify if the cloud storage device is available for backup or restore operations by selecting one of the following options:

    • in service

      Indicates that the cloud storage device is available to perform Oracle Secure Backup backup and restore operations.

    • not in service

      Indicates that the cloud storage device is unavailable to perform Oracle Secure Backup backup and restore operations.

    • auto not in service

      Indicates an error in the cloud storage device. Do not select this option during configuration.

  6. In the Debug mode field, select yes or no. The default is no.
  7. In the Service Type field, select oci.
  8. In the Authentication Object field, select the authentication object that contains the information required to authenticate Oracle Secure Backup with Oracle Cloud Infrastructure.
    The authentication object is created as described in Configuring an Authentication Object for Oracle Cloud Infrastructure.
  9. In the Compartment field, enter the name of the compartment that contains the bucket in which the backed up data will be stored.
  10. In the Mediaserver field, specify the name of the attached media server to which this cloud device must be attached.
  11. In the Storage class field, select archive, object, or infrequent access.
  12. In the Capacity field, specify a value that represents the space allocated to the cloud storage device. Select one of the following to specify the unit of storage space: KB, MB, GB, TB, PB, or EB. Leave the default value of (not set) to indicate that no maximum capacity is specified for this cloud storage device. In this case, the capacity of the cloud storage device is limited by the storage capacity you purchased or that was assigned by the account administrator.

    If the space occupied by backups on the cloud storage device exceeds the capacity specified, then Oracle Secure Backup does not schedule new jobs for this cloud storage device until the space utilization drops to below the specified capacity.

  13. In the Segment size field, enter the size of the object. (Oracle Secure Backup stores each backup image by splitting it into multiple segments and storing each segment as a single object in the container.)
  14. In the Streams per job field, enter the number of connections to Oracle Cloud Infrastructure that Oracle Secure Backup can make per job. Alternatively, you can check the box for streams per job system default, which is 4.
  15. In the Concurrent Jobs field, specify the number of jobs that can be run concurrently for this cloud storage device.

    This property enables you to control the concurrent usage of cloud storage devices. The jobs include backup jobs, restore jobs, and media management jobs.

  16. In the Blocking factor field, the value you enter defines the block transfer size from the client to the media server. Increasing this value may improve backup performance. The default value is 128.

    See Also:

    Oracle Secure Backup Administrator's Guide for information about blocking factor and maximum blocking factor

  17. In the Max blocking factor field, enter a value for the maximum blocking factor for the cloud storage device.

    The largest value supported for the maximum blocking factor is 4096. This represents a maximum block size of 2MB.

  18. In the Free space goal percentage field, select system default or any value between 1-100.

    The free space goal percentage is the percentage of free space that Oracle Secure Backup maintains in a cloud storage device. Before scheduling a backup or restore job for a cloud storage device, the Oracle Secure Backup scheduler checks the cloud storage device utilization. If the amount of free space is lower than the specified free space goal percentage, then expired backup image instances are deleted.

  19. In the Force field, check the box to force association of the device with an existing container created by Oracle Secure Backup.
  20. In the Enable Checksum field, select one of the following options:

    • system default

      Uses the setting specified by the Enable cloud checksum device policy to determine if a checksum must be computed for backup image instances. This is the default setting.

    • yes

      Computes a checksum for the all backup image instances that are written to this Cloud storage device. The checksum is stored as part of the backup metadata.

    • no

      Does not compute or store a checksum for the backup image instances that are written to this Cloud storage device.

  21. Click OK to create the cloud storage device.
  22. After the cloud storage device is created, it should be pinged. To do so, select the device from the Configure: Devices page and click on ping.

Creating Cloud Storage Devices for Oracle Cloud Infrastructure Classic

Use the mkdev command or the Oracle Secure Backup web tool to create a new cloud storage device for Oracle Cloud Infrastructure Classic. You must have the manage devices and change device state rights to create cloud storage devices.

To create a cloud storage device using the Web tool:

  1. Perform the steps in "Displaying the Defined Cloud Storage Devices".

    The Configure: Devices page appears.

  2. Click Add.

    The Configure: Devices > New Device page appears.

  3. In the Device field, enter a name for the cloud storage device.

    The name must start with an alphanumeric character and be unique across the administrative domain. It can contain letters, numerals, dashes, underscores, or periods. It cannot contain spaces. The maximum character length is 127 characters.

  4. In the Type field, select cloudstorage.
  5. In the Status field, specify if the cloud storage device is available for backup or restore operations by selecting one of the following options:

    • in service

      Indicates that the cloud storage device is available to perform Oracle Secure Backup backup and restore operations.

    • not in service

      Indicates that the cloud storage device is unavailable to perform Oracle Secure Backup backup and restore operations.

  6. In the Debug mode field, select yes or no. The default is no.
  7. In the Service Type field, select oci-classic.

  8. In the Authentication Object field, select the authentication object that contains the information required to authenticate Oracle Secure Backup with Oracle Cloud Infrastructure Classic.
    The authentication object is created as described in Configuring an Authentication Object for Oracle Cloud Infrastructure.
  9. In the Mediaserver field, specify the name of the attached media server.
  10. In the Storage class field, select archive or object.
  11. In the Capacity field, specify a value that represents the space allocated to the cloud storage device. Select one of the following to specify the unit of storage space: KB, MB, GB, TB, PB, or EB. Leave the default value of (not set) to indicate that no maximum capacity is specified for this cloud storage device. In this case, the capacity of the cloud storage device is limited by the storage capacity you purchased or that was assigned by the account administrator.

    If the space occupied by backups on the cloud storage device exceeds the capacity specified, then Oracle Secure Backup does not schedule new jobs for this cloud storage device until the space utilization drops to below the specified capacity.

  12. In the Username field, enter the user name of the cloud account. Specifying a user name is not required if you selected an authentication object.
  13. In the Password field, enter the password. In the Verify password field, enter the password again. Specifying a password is not required if you selected an authentication object.
  14. In the Container field, enter the name of the container. Oracle Secure Backup creates a new container in Oracle Cloud Infrastructure Object Storage Classic with the name you specify. You cannot specify an already existing name unless you also specify the --force option. Oracle Secure Backup does not support the use of existing containers that were not created by Oracle Secure Backup.
  15. In the Segment size field, enter the size of the object. (Oracle Secure Backup stores each backup image by splitting it into multiple segments and storing each segment as a single object in the container.)
  16. In the Streams per job field, enter the number of connections to Oracle Cloud Infrastructure that Oracle Secure Backup can make per job. Alternatively, you can check the box for streams per job system default, which is 4.
  17. In the Concurrent Jobs field, specify the number of jobs that can be run concurrently for this cloud storage device.

    This property enables you to control the concurrent usage of cloud storage devices. The jobs include backup jobs, restore jobs, and media management jobs.

  18. In the Blocking factor field, the value you enter defines the block transfer size from the client to the media server. Increasing this value may improve backup performance. The default value is 128.

    See Also:

    Oracle Secure Backup Administrator's Guide for information about blocking factor and maximum blocking factor

  19. In the Max blocking factor field, enter a value for the maximum blocking factor for the cloud storage device.

    The largest value supported for the maximum blocking factor is 4096. This represents a maximum block size of 2MB.

  20. In the Free space goal percentage field, select system default or any value between 1-100.

    The free space goal percentage is the percentage of free space that Oracle Secure Backup maintains in a cloud storage device. Before scheduling a backup or restore job for a cloud storage device, the Oracle Secure Backup scheduler checks the cloud storage device utilization. If the amount of free space is lower than the specified free space goal percentage, then expired backup image instances are deleted.

  21. In the URL field, specify the endpoint URL provided by Oracle Cloud Storage Service. This step is optional if you specified an authentication object. The endpoint URL is usually the following, where identity_domain_name is replaced with the name of an actual identity domain:

    identity_domain_name.storage.oraclecloud.com

  22. In the Identity domain field, specify the identity domain. The identity domain is a construct for managing certain features of Oracle Cloud Infrastructure.
  23. In the Force field, check the box to force association of the device with an existing container created by Oracle Secure Backup.
  24. In the Enable Checksum field, select one of the following options:

    • system default

      Uses the setting specified by the Enable cloud checksum device policy to determine if a checksum must be computed for backup image instances. This is the default setting.

    • yes

      Computes a checksum for the all backup image instances that are written to this Cloud storage device. The checksum is stored as part of the backup metadata.

    • no

      Does not compute or store a checksum for the backup image instances that are written to this Cloud storage device.

  25. Click OK to create the cloud storage device.
  26. After the cloud storage device is created, it should be pinged. To do so, select the device from the Configure: Devices page and click on ping.

Displaying the Defined Cloud Storage Devices

You must have the query and display information about devices right to display cloud storage devices.

To display the list of currently defined cloud storage devices using the Web tool:

  1. On the Oracle Secure Backup Web tool Home page, click Configure.
  2. In the Basic section, click Devices.
  3. The Configure: Devices page is displayed. It lists all the currently-defined backup containers. The details displayed for each backup container are the type of device, status, and device name.

Editing Cloud Storage Device Properties

You can use the Web tool to edit properties of cloud storage devices. You must have the manage devices and change device state rights to edit properties.

Using the Web tool to edit cloud storage device properties

  1. Perform the steps in "Displaying the Defined Cloud Storage Devices".

    The Configure: Devices page appears. The currently configured devices are listed on this page.

  2. Select the cloud storage device whose properties need to be edited and click Edit.

    The Configure: Device > cloud_storage_device_name page is displayed.

  3. Modify the required cloud storage device properties. Neither the container name nor the storage class can be modified.
  4. Click Save to commit the changes.

Renaming Cloud Storage Devices

You must have the manage devices and change device state right to rename cloud storage devices.

Using the Web tool to rename a cloud storage device

  1. Perform the steps in "Displaying the Defined Cloud Storage Devices".

    The Configure: Devices page appears. The currently configured devices, tape devices, and disk pools, are listed on this page.

  2. Select the cloud storage device that you want to rename and click Rename.
  3. In the Rename device_name to field, enter the new name of the cloud storage device.

Removing Cloud Storage Devices

You need the manage devices and change device state rights to remove cloud storage device.

Using the Web tool to remove a cloud storage device

  1. Perform the steps in "Displaying the Defined Cloud Storage Devices".

    The Configure: Devices page appears. The currently configured devices, tape devices and disk pools, are listed on this page.

  2. Select the cloud storage device to be removed and click Remove.

    A prompt is displayed asking if you want to delete all backup image instances for the device that is being removed.

  3. To delete all backup image instances stored on the selected device, select Yes.

    To retain the backup image instances stored on the selected device, select No.

    A prompt is displayed asking if you want to force a delete of backup image instances even if they are unexpired.

  4. Click Yes to force a delete of backup image instances on the selected device. Click No to retain all backup image instances.
  5. On the Configure: Device Remove Summary page, a confirmation is displayed asking if you want to remove the device. Click Yes.

About Cloud Certificates

Oracle Secure Backup uses a Cloud server CA certificate to make an SSL connection to the Oracle Cloud server. Every region in the Cloud has specific certificates.

Oracle Secure Backup installation creates a Cloud wallet in Oracle Secure Backup Home and populates the wallet with default certificates. A Cloud wallet can contain multiple certificates.

In certain situations, it may be required to add a new Cloud certificate to the Oracle Secure Backup Cloud Wallet. For example, Oracle Cloud Infrastructure publishes a new certificate for connecting to the Cloud.

Oracle Secure Backup does not add new certificates automatically to the Cloud wallet.

This section contains the following topics:

Adding Certificates to the Cloud Wallet

Add new certificates to the existing Cloud wallet, keeping the old certificates in the wallet intact.

Adding a new certificate to the wallet can resolve the ORA-29024: Certificate validation failure error.

Note:

Add the new certificate to the Cloud wallet on the Oracle Secure Backup administrative server and on all media servers in the domain.

To add a new certificate to the Cloud wallet:

  1. Download a Cloud server Certification Authority (CA) certificate.

  2. Import the certificate into the Cloud wallet.

Download a Cloud server CA certificate

Use the following steps to download the required certificate.

  1. Determine the Oracle Cloud Infrastructure Object Storage’s Region Identifier.

    1. Log on to the Oracle Cloud Infrastructure Console.

    2. Click the Region Name in the top control bar.

    3. Select Manage Regions from the drop-down menu.

      The Infrastructure page displays a list of regions and their Region Identifiers.

    4. Use the region-identifier for the region where the object storage bucket is located.

  2. Open a web browser and go to the following URL.

    https://objectstorage.region_identifier.oraclecloud.com

    Replace the region_identifier with the Region Identifier from the previous step.

    Note:

    In this example, the region_identifier is "us-phoenix-1".

    https://objectstorage.us-phoenix-1.oraclecloud.com

    Each browser, on each platform operating system, displays a slightly different message. The example below is from Firefox on a Windows 10 platform.

    code:	    "NotFound"
message:    "Not Found"
  3. Click the security icon (padlock) located on the left side of the address bar. It opens a drop-down to display site information.
  4. Click Connection secure. It opens a drop-down to display the connection security information for the site.
  5. Click More Information.

    It opens the Certificate Property page, which contains three tabs - General, Media, and Security. The Certificate Property page displays the Security tab by default.

  6. On the Security tab, click the View Certificate button. It opens a Certificate page with three certificate names on top.
  7. Click the root certificate name to open the root certificate tab. It highlights the root certificate name.

    Note:

    In this example, the root certificate name is "DigiCert Global Root G2".

  8. On the root certificate tab, scroll down to the Download link. Under Miscellaneous, it contains two links, "PEM (cert)" and "PEM (chain)".
    Click on the PEM (cert) link to download the certificate. In this example, the file name of the certificate is objectstorage-us-phoenix-1-oraclecloud-com.pem.

    Note:

    While downloading the certificate in Firefox, it populates the file name automatically and saves the certificate in *.PEM format. If you use Microsoft Edge, it prompts you to provide a file name for the certificate. In Microsoft Edge, export the certificate file as "Base-64 encoded X.509 (.CER)"

  9. Follow the download wizard and save the PEM (cert) file on your host, for example, the /tmp location.

You can now import this downloaded certificate to the Cloud wallet.

Store this certificate file on the Oracle Secure Backup administrative server and on all media servers in the domain.

Import Certificate into the Cloud wallet

Add new certificates to the Cloud wallet in the Oracle Secure Backup Home.

To add a certificate to the cloud wallet:

  1. Import the certificate into the Cloud wallet using the Oracle Secure Backup obcm tool.
    #obcm wallet --cloudwallet --add /tmp/objectstorage-us-phoenix-1-oraclecloud-com.pem
Trust point has been imported into wallet.

    Note:

    In this example, the certificate file name is "objectstorage-us-phoenix-1-oraclecloud-com.pem".

  2. Verify that the Cloud wallet displays the newly added certificate.
    # obcm display --cloudwallet –v

    Example output:

    The output displays the new trust points in the wallet with the CN of the downloaded certificate. 

    Trust point:
    DN: CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US
    Issuer: CN=DigiCert Global Root G2,OU=www.digicert.com,O=DigiCert Inc,C=US
    Type: NZDST_CLEAR_PTP
    Public key size: 2048
    Key usage: CA CERT SIGNING
    Serial number: 0x033AF1E6A711A9A0BB2864B11D09FAE5
    Version: NZTTVERSION_X509v3
    Signature algorithm: NZDCATSHA256RSA
    Valid from: 2013/08/01.12:00:00 (UTC)
    Valid to:   2038/01/15.12:00:00 (UTC)

Note:

Add the new certificate to the Cloud wallet on the Oracle Secure Backup administrative server and on all media servers in the domain.

Manually Creating a Cloud Wallet

Oracle Secure Backup installation creates a Cloud Wallet automatically in the Oracle Secure Backup Home.

However, you can manually create a new Cloud Wallet with the obcm utility. When you create a new Cloud Wallet manually, Oracle Secure Backup creates an empty wallet without any certificates.

WARNING:

Manually creating a new Cloud wallet deletes the old wallet and removes all the existing certificates stored in it. It is not recommended to create a Cloud wallet manually.

To manually create a Cloud wallet:

  1. Run the obcm utility.
    # obcm wallet --create –-cloudwallet
Wallet has been created.
  2. Display the newly created wallet.
    # obcm display –cloudwallet –v
There are 0 certificate requests in the wallet
There are 0 certificates in the wallet
There are 0 trust points in the wallet
A new Cloud wallet contains no certificates or trust points.

Note:

Oracle Secure Backup requires a Cloud Wallet on the administrative server and on all media servers in the domain.