Oracle RMAN 11g Backup and Recovery (48 page)
Read Oracle RMAN 11g Backup and Recovery Online
Authors: Robert Freeman
Now that we have configured our retention policy, let’s see which previous backups are reported to be obsolete:
RMAN> report obsolete;
RMAN retention policy will be applied to the command
RMAN retention policy is set to recovery window of 3 days
Report of obsolete backups and copies
94
Part II: Setup Principles and Practices
Type Key Completion Time Filename/Handle
-------------------- ------ ------------------ --------------------
Archive Log 12 08-SEP-09
/oracle/app/oracle/flash recovery area/ROB1/archivelog/2009 09 08/
o1 mf 1 9 5bd8qv45 .arc
Backup Set 24 08-SEP-09
Backup Piece 34 08-SEP-09
/oracle/app/oracle/flash recovery area/ROB1/backupset/2009 09 08/
o1 mf annnn TAG20090908T202600 5bg4kr90 .bkp
Backup Set 25 08-SEP-09
Backup Piece 35 08-SEP-09
/oracle/app/oracle/flash recovery area/ROB1/backupset/2009 09 08/
o1 mf nnnd0 TAG20090908T202601 5bg4ktk1 .bkp
In this example, we have two backup sets and two related backup pieces that are obsolete based on our backup retention policy. Additionally, we have an archived redo log that is ready to be removed as well. If these backups are in a defined FRA (which these are), Oracle will remove them as required. If you are not using an FRA, or if these backups were created before you converted to using an FRA, you will need to use the
delete obsolete
command to remove them.
More information on the
delete obsolete
command can be found in Chapter 15, and an example is provided here, too:
RMAN> delete obsolete;
RMAN retention policy will be applied to the command
RMAN retention policy is set to recovery window of 3 days
using channel ORA DISK 1
using channel ORA DISK 2
Deleting the following obsolete backups and copies:
Type Key Completion Time Filename/Handle
Archive Log 12 08 SEP 09
/oracle/app/oracle/flash recovery area/ROB1/archivelog/2009 09 08/
o1 mf 1 9 5bd8qv45 .arc
Backup Set 24 08 SEP 09
Backup Piece 34 08 SEP 09
/oracle/app/oracle/flash recovery area/ROB1/backupset/2009 09 08/
o1 mf annnn TAG20090908T202600 5bg4kr90 .bkp
Backup Set 25 08 SEP 09
Backup Piece 35 08 SEP 09
/oracle/app/oracle/flash recovery area/ROB1/backupset/2009 09 08/
o1 mf nnnd0 TAG20090908T202601 5bg4ktk1 .bkp
Do you really want to delete the above objects (enter YES or NO)? yes
Note in the preceding example that the system will ask you to confirm that you really want to remove the objects that are slated to be removed. If any of the listed objects are not available to be removed, then you will need to run the
crosscheck
command (discussed in Chapter 14).
Otherwise, each item listed as deleted in the
delete obsolete
output will be deleted by Oracle.
Redundancy-Based Retention Policies
This kind of retention policy is based on the total number of backups maintained by RMAN and is more typically used if you are backing up your database infrequently. This is the default retention policy, with a default value of 1. If you were to set this value to 3, then Oracle would consider the last three backups as current, and any other
Chapter 3: RMAN Setup and Configuration
95
backups would be considered obsolete. Here is an example of configuring a redundancy retention policy of 3:
RMAN> configure retention policy to redundancy 3;
old RMAN configuration parameters:
CONFIGURE RETENTION POLICY TO REDUNDANCY 3;
new RMAN configuration parameters:
CONFIGURE RETENTION POLICY TO REDUNDANCY 3;
new RMAN configuration parameters are successfully stored
Note in the output that RMAN displays both the old and new settings for the retention policy.
No Retention Policy
If you want to disable the retention policy, you use the command
configure retention policy to none
, and no retention policy will be applicable. Use the
configure
retention policy clear
command to reset the retention policy to the default value, which is a redundancy of 1.
NOTE
If you are using a tape management system, it may have its own
retention policy. If the tape management system’s retention policy
conflicts with the backup retention policy that you have defined in
RMAN, the tape management system’s retention policy will take
precedence, and your ability to recover a backup will be in jeopardy.
Configuring Default Levels of Encryption
RMAN can create encrypted backups starting with Oracle Database 10
g
Release 2 and later.
During the backup, the backup sets are encrypted as they are created. When the backups are restored, Oracle will decrypt the backup sets. In this section, we discuss the types of encryption that are available and then look at how to configure RMAN so that it can use encryption.
Oracle offers three different encryption modes:
■
Transparent mode
Transparent mode encryption requires no DBA interaction. To use this mode, you must have configured the Oracle Encryption Wallet.
■
Password mode
Password mode encryption requires that a password be supplied when creating backups to be encrypted or when restoring backups that were encrypted when they were created. The password is supplied by using the command
set encryption on
identified by password only
in your RMAN backup scripts. This is the encryption mode we will use in this text.
■
Dual mode
Dual mode backups can be restored either by password or by the presence of the Oracle Encryption Wallet. This makes offsite restores of backups easier, since the install of the Oracle Encryption Wallet is not required. To create a dual mode encrypted backup, you use the
set encryption on identified by password
command (note that the
only
keyword is missing).
Use the
configure
command to configure various persistent settings related to RMAN
encryption of backups. You can use the RMAN
configure
command to indicate the following:
■ Whether all database files should be encrypted
96
Part II: Setup Principles and Practices
■ Whether specific tablespaces should be encrypted
■ Which of the available encryption algorithms should be used to encrypt your backups If you are using Oracle Encryption Wallet–based security, then you only need to set the persistent RMAN settings required by the
configure
command. If you wish to use password mode encryption or dual mode encryption, you need to configure the persistent security defaults with the configure
command
, and then use the
set
command when starting your backups to set the correct password for the backup. RMAN does not persistently set the backup password, so it must be entered for each RMAN backup or recovery session. The
set
command, and how to use it during backups, is covered in much more detail in Chapter 9. In the following command, we configure and enable backup encryption for the entire database. Notice that if we have not configured the Oracle Encryption Wallet, any subsequent backups will fail unless we use the
set
command to establish an encryption password for the session (we are jumping the gun just a bit, but we provide an example of using the
set
command to set the backup password in appropriate context).
-- Configures default encryption.
-- Uses transparent mode encryption by default.
RMAN> CONFIGURE ENCRYPTION FOR DATABASE ON;
-- For this session, we want password mode encryption,
-- so we have to set the
-- password. This is good only for this session, until we exit RMAN or
-- issue another connect command.
RMAN> SET ENCRYPTION ON IDENTIFIED BY robert ONLY;
-- Way ahead of ourselves, but this backs up the database!
RMAN> BACKUP DATABASE PLUS ARCHIVELOG;
Archived redo log backups are backed up using encryption if the following are true:
■ The
set encryption on
command is in effect at the time that the backup of the archived redo logs is occurring.
■ Encryption has been configured for the entire database, or for at least one tablespace of the database.
The
configure
command also provides the ability to determine the encryption algorithm you wish to use. The available algorithms can be seen in the V$RMAN_ENCRYPTION_ALGORITHMS
view as seen in this example:
SQL> select algorithm name from V$RMAN ENCRYPTION ALGORITHMS;
ALGORITHM NAME
------------------------------------------------------------
AES128
AES192
AES256
Knowing the algorithms available, we can now configure a default encryption algorithm we wish to use, as seen here:
