C H A P T E R  20

Oracle Secure Backup

Protecting and securing data is a core responsibility of a database administrator. DBAs must be proficient with backup and recovery skills. As shown in Chapters 17 through 19, you can use RMAN to manage and automate the backup of Oracle databases. RMAN is easily configured to back up and restore database files to and from disk.

Most production database environments will have an additional requirement to store database backups on tape. If your database server experiences a complete failure, you can use tape backups to restore and recover. Furthermore, tape backups are easily transported outside of the data center to provide additional protection in the event an entire data center experiences a complete failure (like a tornado or flood), the idea being that the tapes are safely stored offsite and can be brought back when disaster strikes.

To this end, Oracle provides a centralized tape backup solution, Oracle Secure Backup (OSB). This tool is a full-feature enterprise backup management system that automates the tape backup and restore of operating system files. More importantly to you as the DBA, OSB can also be configured as a media management layer with RMAN. This means you can implement RMAN and OSB together for the backup and restore of database files directly to and from tape.

There are myriad tape management solutions available. Why consider OSB? OSB is particularly compelling if one of your main goals is database backups to tape. Since OSB is an Oracle product, it is tightly integrated with RMAN. OSB is aware of the Oracle database file format and can take advantage of block level validation, encrypting backups as they are written to tape, integration with Oracle's Enterprise Manager, and so on.

OSB Editions and Features

There are two different editions of Oracle Secure Backup:

• Oracle Secure Backup Express
• Oracle Secure Backup

The Oracle Secure Backup Express edition is free (well, “free” when you purchase a license for the Oracle database). It provides core features such as backup and restore of operating system files and RMAN integration, but is limited to use on a single host with one directly attached tape device.

The Oracle Secure Backup edition requires an extra license and is well suited for tape backup and restore in a distributed server environment with heterogeneous file systems (Linux, Unix, Windows, and Network Attached Storage). The Oracle Secure Backup edition contains the following additional features not available with the Express edition:

• Backup and restore of database files in a Real Application Clusters (RAC) environments
• Integrated with Oracle Enterprise Manager Grid Control (with Oracle Database 10g Release 2 or higher)
• Supports multiple tape drives
• Encrypted tape backups
• Fibre-attached device support
• Fast backup compression (with Oracle Database 11g Release 1 or higher)
• RMAN medium level compression (with Oracle Database 11g Release 2 or higher)
• Networked backup of distributed hosts and tape devices
• Automated cartridge system library software (ACSLS) and automated rotation of tapes between multiple locations (vaulting)

If you are a small shop with just one production database server, then Oracle Secure Backup Express may satisfy your business requirements, whereas the full fledged Oracle Secure Backup edition is more suitable for environments with multiple distributed hosts that require advanced data protection requirements.

OSB Terminology

Take some time to familiarize yourself with the architectural terms used with OSB. This section gives a brief description of the major OSB parts, starting with an administrative domain.

OSB Administrative Domain and Servers

An administrative domain is collection of servers (hosts) that you manage as a single group for backup and restore operations. Within an OSB administrative domain, each server can be assigned one or more of the following roles:

• Administrative (admin) server
• Media server
• Client server (or client host)

For each administrative domain, as shown in Figure 20–1, there is only one administrative server that controls the backup, restore, and scheduling operations. An administrative server manages one or more media servers and one or more clients.

Figure 20–1. Oracle Secure Backup Administrative Domain

A media server is a host that has at least one physical tape device connected to it. Media servers are responsible for transferring data to and from the attached tape devices.

The client host is the server where the Oracle databases and file-system data reside that you want to back up (and potentially restore). For a single-host environment, a server can be the admin server, media server, and client host in the OSB administrative domain.

OSB Interfaces

There are four tools you can use to run and manage OSB backup and restore tasks:

• Enterprise Manager database control and grid control
• Oracle Secure Backup Web tool
• Oracle Secure Backup command line tool (obtool)
• Recover Manager command line tool (rman)

While the graphical interfaces are somewhat intuitive and easy to use, I'm a strong believer in learning how to run a tool from the command line. There's something about running a tool from the command line gives you a better understanding of the underlying architecture. This knowledge is invaluable when troubleshooting and diagnosing problems. In that vein, this chapter focuses on using obtool and rman to configure and run OSB backup and restore tasks operations.

OSB Users and Classes

An Oracle Secure Backup user is an account defined within an OSB administrative domain. These users are separate from operating system users. OSB user information is stored in the OSB administrative domain server. You are required to enter a username and password when accessing OSB through its interfaces such as obtool or OSB Web tool.

An OSB class is a set of privileges and rights granted to a user. Each user can be assigned to only one OSB class. OSB classes help maintain a consistent user experience across all servers in an administrative domain.

OSB Daemons

Oracle Secure Backup uses seven different background processes (daemons) to manage the configuration, backup, and restore operations. The executables that start the daemons are in the OSB_HOME/etc directory on each of the servers. These processes are described in this list:

Schedule daemon runs only on the administrative server and manages the scheduled backups.

Index daemon runs only on the administrative server and manages the backup catalog for each client.

Apache web server daemon runs only on the administrative server and services the OSB web tool.

Service Daemon runs on the administrative, media, and client servers. On the administrative server, it runs jobs as requested by the schedule daemon. When running on the media or client server, it allows for remote administration of the host.

Network data management protocol (NDMP) daemon runs on the administrative, media, and client servers; it provides data communication between servers in the administrative domain.

Robot Daemon runs only on the media server and helps manage communication to tape devices.

Proxy Daemon runs only on the client server and verifies user access for SBT backup and restore operations.

Now that you have a basic understanding of the OSB architecture, you are ready to download and install the OSB software.

Download and Installation

You can download the OSB software from Oracle's Technology Network (OTN) site at www.oracle.com/technetwork/database/secure-backup/downloads/.

For the examples in this chapter, I downloaded OSB version 10.3.0.3.0, and saved the zip file osb-10.3.0.3.0_linux32.zip under a staging directory /stage/osb of my admin server in the OSB administrative domain. You can stage this binary file in a choice of your location on your server.

Oracle recommends installing the OSB software under the directory /usr/local/oracle/backup for Unix and Linux platforms and C::Program FilesOracleBackup for the Windows platform. Once you have downloaded the OSB zip file and copied it to the appropriate directory, then you may proceed to the installation steps, as shown here:

1. To perform the OSB installation, you must logon as root.
   $ su - root
2. If the uncompress utility is not available, create a link.
   # ln -s /bin/gunzip /bin/uncompress
3. Go to the staging directory, and unzip the zip file that you downloaded from OTN.
   # cd /stage/osb
# unzip osb-10.3.0.3.0_linux32.zip
4. If the OSB home directory does not exist, create the directory.
   # mkdir -p /usr/local/oracle/backup
5. Go to the OSB home directory and run the setup script.
   # cd /usr/local/oracle/backup
# /stage/osb/osb-10.3.0.3.0_linux32/setup

   The following output is displayed:

   Welcome to Oracle's setup program for Oracle Secure Backup.  This
program loads Oracle Secure Backup software from the CD-ROM to a
filesystem directory of your choosing.
This CD-ROM contains Oracle Secure Backup version 10.3.0.3.0_LINUX32.
Please wait a moment while I learn about this host... done.
-  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -
    1. linux32
       administrative server, media server, client
-  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -
Loading Oracle Secure Backup installation tools... done.
Loading linux32 administrative server, media server, client... done.
-  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -
Oracle Secure Backup has installed a new obparameters file.
Your previous version has been saved as install/obparameters.savedbysetup.
Any changes you have made to the previous version must be
made to the new obparameters file.
Would you like the opportunity to edit the obparameters file
Please answer 'yes' or 'no' [no]:
6. Since you are not modifying the obparameters file, accept the default parameters by pressing the Enter key. The following output is displayed:
   Loading of Oracle Secure Backup software from CD-ROM is complete.
You may unmount and remove the CD-ROM.
Would you like to continue Oracle Secure Backup installation with
'installob' now?  (The Oracle Secure Backup Installation Guide
contains complete information about installob.)
Please answer 'yes' or 'no' [yes]:
7. Press the Enter key to proceed with running the installob. The following output is displayed:
   Welcome to installob, Oracle Secure Backup's installation program.
For most questions, a default answer appears enclosed in square brackets.
Press Enter to select this answer.
Please wait a few seconds while I learn about this machine... done.

Have you already reviewed and customized install/obparameters for your
Oracle Secure Backup installation [yes]?
8. Press Enter to proceed with the OSB installation. The following output is displayed:
   Oracle Secure Backup is already installed on this machine (BLLNX4).
Would you like to re-install it preserving current configuration data[no]?
9. If OSB is already installed and you are performing an OSB upgrade, enter yes to retain the previous configuration. The following output is displayed:
   Oracle Secure Backup's Web server has been loaded, but is not yet configured.
Choose from one of the following options. The option you choose defines
the software components to be installed.
Configuration of this host is required after installation completes.
You can install the software on this host in one of the following ways:
    (a) administrative server, media server and client
    (b) media server and client
    (c) client
If you are not sure which option to choose, please refer to the Oracle
Secure Backup Installation Guide. (a,b or c) [a]? a
10. Press Enter to accept the default value a, which is to configure the server as the administrative server, media server, and client. The following output is displayed:
    Beginning the installation.  This will take just a minute and will produce
several lines of informational output.

Installing Oracle Secure Backup on BLLNX4 (Linux version 2.6.9-67.EL)

You must now enter a password for the Oracle Secure Backup admin user.
Oracle suggests you choose a password of at least eight characters in length,
containing a mixture of alphabetic and numeric characters.

Please enter the admin password:
Re-type password for verification:
11. Enter the password twice for the admin user. The following output is displayed:
    You should now enter an email address for the Oracle Secure Backup 'admin'
user. Oracle Secure Backup uses this email address to send job summary
reports and to notify the user when a job requires input. If you leave this
blank, you can set it later using the obtool's 'chuser' command.

Please enter the admin email address: [email protected]
12. Enter the email address for the admin user. The following output is displayed:
        generating links for admin installation with Web server
    checking Oracle Secure Backup's configuration file (/etc/obconfig)
    protecting the Oracle Secure Backup directory
    creating /etc/rc.d/init.d/observiced
    activating observiced via chkconfig
    upgrading the administrative domain (where required)
****************************** N O T E ******************************
On Linux systems Oracle recommends that you answer no to the next two
questions. The preferred mode of operation on Linux systems is to use
the /dev/sg devices for attach points as described in the 'ReadMe'
and in the 'Installation and Configuration Guide'.
Is BLLNX4 connected to any tape libraries that you'd like to use with
Oracle Secure Backup [no]? no
Is BLLNX4 connected to any tape drives that you'd like to use with
Oracle Secure Backup [no]? no
13. Since I am installing OSB on a Linux server, then I accept the default and type no for both prompts. The following final output is displayed showing the installation summary:
    Installation summary:     Installation  Host                OS          Driver     OS Move    Reboot
        Mode      Name                Name      Installed?  Required?  Required?
    admin         BLLNX4              Linux     no          no         no
Oracle Secure Backup is now ready for your use.

Command-line Access to OSB

All the examples in this chapter use either obtool or RMAN to access OSB and perform tasks such as creating backups and restoring files. This section focuses on connecting to the obtool utility. The first time you run the obtool utility, you will be prompted for the password of the admin user, which is the default OSB user created when you installed OSB. When prompted, use the password you specified when you installed the OSB software:

To launch obtool utility and logon to a specific user, use the -u option, as shown here. You will learn on how to maintain OSB users in the next section.

To verify the OSB user that you are logged in as, issue the id command:

To view a list of obtool help topics, enter the following command:

Here is a small snippet of the output:

To exit the obtool utility, issue either exit or quit commands, as shown here:

OSB Configuration

Once OSB is installed, you can run a simple backup command. However, for an environment where security is one of the top priorities, you may want to change the OSB default settings first. Imagine that tight security is strictly enforced on your production database, and a single OSB user account is used to backup both production and test databases. You are in a vulnerable situation because a DBA on your testing team can restore the backup of your production database to another server and access the data from there. To increase security and better manage your tape backups, I recommend creating new user accounts and assigning specific roles, as well as creating media families and database backup storage selectors. These topics are discussed in the next several subsections.

Configuring Users and Classes

When OSB is installed, the default user account created is named admin, which has all of the privileges relating to OSB. For security reasons, create separate OSB user accounts to access the different environments, such as production, test, and development. Also, assign specific classes (or roles) to these users, such as admin, operator, oracle, user, and reader. Monitor them to limit their rights to modify OSB administrative domain configurations and perform backup and restore operations. Limiting rights ensures that a particular OSB user can back up the test database, but has no rights to, say, restore the production database.

To determine the rights of class admin, issue the lsclass command, as shown here:

Here is some sample output:

To create an OSB user, issue the mkuser command. In the following example, OSB user apress_oracle is created and assigned with oracle rights:

The +cmdline attribute in the --preauth option grants the oracle OS user preauthorized access to obtool utility, while the +rman attribute grants Oracle Database SBT backups via RMAN. If no +rman preauthorization is defined for the server hosting the target database that you want to backup, then the RMAN backup fails with ORA-19511 error, as shown here:

If you want to view all OSB users, issue the lsuser command:

Table 20–1 describes the various OSB commands used to maintain the OSB user accounts.

Table 20–1. OSB Commands to Maintain OSB User

Command	Meaning
mkuser	To create an OSB user.
lsuser	To display information about OSB users.
renuser	To rename an OSB user.
chuser	To modify the attributes of an OSB user.
rmuser	To delete an OSB user.

Configuring Media Families

The media family classifies and defines the characteristics of the tape volume, such as the volume ID, volume expiration, and write window. The volume ID, which is used by OSB to uniquely identify the tape volume, consists of the name of the media family affixed with a six-digit sequence number generated by OSB. For example, if the name of the media family is APRESS_BACKUP, then the first volume ID is APRESS_BACKUP-000001, the second is APRESS_BACKUP-000002, and so on.

There are two types of volume expiration policies: time-managed and content-managed. The tape volumes in a time-managed media family can expire after surpassing the expiration time; in a content-managed media family, they expire when all of the backup pieces on the volume are marked as deleted. For file-system backups, you must use a time-managed media family to let OSB manage the volume expiration. For RMAN backups, you must use content-managed media family to let RMAN manage the expiration of the backup pieces on the tape volume instead of OSB. This avoids inconsistency between the RMAN metadata and contents of the tapes.

To create a time-managed media family, issue the mkmf command. In the following example, media family APRESS_OS has 7 days of write-period and 14 days of retention period. This means the volumes of media family APRESS_OS will expire and are ready for recycling after 21 days since the first backup piece is created on the tape volume:

To create a content-managed media family, issue the mkmf, as shown here. Since the default volume expiration policy is content-managed, you can omit the ----contentmanaged option.

Table 20–2 describes OSB commands used to maintain the media families.

Table 20–2. OSB Commands to Maintain Media Family

Command	Meaning
mkmf	To create a media family.
lsmf	To display information about media families.
renmf	To rename a media family.
chmf	To modify the attributes of a media family.
rmmf	To delete a media family.

To increase security and better manage your tape backups, you may create separate media families for different environments, such as production, test, and development. In this way, the backup of the production database and test database are not sharing the same tape volumes.

Configuring Database Backup Storage Selector

The default media family for RMAN backup is RMAN-DEFAULT. To use a different media family when running RMAN backup, create a database backup storage selector using the mkssel command. In the following example, the database backup storage selector name is BLLNX3-DB11R2.ssel, which assigns the media family APRESS_RMAN for RMAN backups on Oracle database DB11R2 hosted on client server BLLNX3:

Refer to Table 20–3 for descriptions of OSB commands related to maintaining the database backup storage selector.

Table 20–3. OSB Commands to Maintain Database Backup Storage Selector

Command	Meaning
mkssel	To create a database backup storage selector.
lsssel	To display information about database backup storage selectors.
renssel	To rename a database backup storage selector.
chssel	To modify the attributes of a database backup storage selector.
rmssel	To delete a database backup storage selector.

Database Backup

In Chapter 18, you learned how to use RMAN to back up database files to disk. In this section, you will use OSB and RMAN to create backups on tape. There are two ways to configure RMAN for a backup to tape:

• Allocating a channel
• Configuring a channel

The first option is to allocate an RMAN channel for SBT_TAPE inside the run{} block. In the following example, the media family APRESS_RMAN is passed as a parameter to the environment variable OB_MEDIA_FAMILY. The tape volumes will have a volume ID of APRESS_RMAN affixed with a six-digit sequence number generated by OSB.

You can configure multiple channels for SBT_TAPE equivalent to the number of available physical tape devices. However, if you allocate two channels and only have one physical tape device, the other channel will just wait for the tape resource to become available. You can also use the CONFIGURE command to set the RMAN channel for SBT_TAPE, as shown here:

To monitor the backup jobs you have submitted, refer to the “OSB Job Monitoring” section in this chapter. For descriptions of other OSB media management parameters, refer to Table 20–4.

Table 20–4. OSB Media Management Parameters

Parameter	Meaning
OB_MEDIA_FAMILY	To specify the media family that defines the characteristics of the tape volumes.
OB_DEVICE	To specify the tape drives to use during backup.
OB_RESOURCE_WAIT_TIME	To specify the wait time for resources to become available.
OB_ENCRYPTION	To specify the OSB encryption. If this is set, then OSB does not perform further encryption.
OB_RESTORE_DEVICE	To specify the tape drives to use during restore.

Database Restore

For RMAN restore and recover, you have to allocate an RMAN channel for SBT_TAPE. In the following example, the RMAN channel for SBT_TAPE is allocated inside the run{} block:

Another option is to run the CONFIGURE command. Unlike the previous example, you must include the PARMS clause in the CONFIGURE command (if you don't use the PARMS clause, a syntax error is returned):

Suppose you have a scenario where the production server is completely gone due to a catastrophic event, but luckily you have an offsite tape backup of the database. In addition, you are not using an RMAN recovery catalog, and control file autobackup is disabled. You discover that the latest backup of the control file is corrupted, but you are able to restore the control file from a backup taken two days ago. After mounting the database, you realize that the latest RMAN backups taken yesterday are not in the list when you issue the RMAN LIST BACKUP command (because the control file restored was from two days ago and has no knowledge of yesterday's RMAN backup).

In this situation, the control file restored from a backup taken two days ago has no information about the backup pieces created on tape yesterday. To make the RMAN repository (control file in this scenario) aware of backup pieces on tape, do the following:

1. Configure a channel for tape.
2. Make the RMAN repository aware of the backup piece via the CATALOG command.

Next, issue the CATALOG DEVICE TYPE SBT_TAPE BACKUPPIECE command, followed by the name of the backup piece. In this example, one backup piece is cataloged:

If you have multiple backup pieces that you want to catalog, you must issue the CATALOG DEVICE TYPE SBT_TAPE BACKUPPIECE command for each individual backup piece. The key in cataloging the RMAN backup pieces on tape is you must know the exact names of the backup pieces.

What if you don't know the names of the back pieces? One way to figure out their names is to check the RMAN log file generated during the RMAN backup. In the snippet of the RMAN log file shown here, the RMAN backup piece is silr06fk_1_1:

But what if the RMAN log file is not available? You can issue the lspiece command using the obtool utility. In the following example, the output is filtered to display only the backup pieces for the hostname BLLNX3 that hosts the database DB11R2:

The following is the snippet of the output of the LSPIECE command:

This listing shows information such as the creation date and backup piece name. In this example, the missing RMAN backup piece is silr06fk_1_1. After you catalog the missing RMAN backup pieces, you can proceed with the RMAN restore and recovery.

File System Backup

Like any backup job, you need to define the three Ws and one H. What data to backup? When to run the backup? Where to store the backup? How the backup runs? To accomplish these 3 Ws and 1 H using OSB, you need to create a dataset file, as well configure a backup window, a schedule, and a trigger.

Creating Dataset Files

Dataset files define the directories and files on the client hosts that you want to backup. In the following example, this dataset file specifies to include all files under the directory /home/oracle on the client hosts BLLNX1 except for files under the directory /home/oracle/temp and Oracle database-related files:

To create a dataset file named bllnx1_home-oracle.ds, perform the following steps using the obtool utility, as shown here:

1. Issue the mkds command and followed by the name of the dataset file.
   ob> mkds bllnx1_home-oracle.ds
2. The vi editor is invoked, and a dataset template is displayed.
3. Comment out or remove all existing lines, and add the following lines:
   include host BLLNX1
include path /home/oracle {
   exclude oracle database files
   exclude path /home/oracle/temp
}
4. Save the file by typing Esc key, : and wq!
5. The following prompt is displayed. Press the Enter key to confirm the changes.
   Apply your changes, if any [yes]?

You just created a dataset file. For descriptions of other dataset commands, refer to Table 20–5.

Table 20–5. Dataset Commands

Command	Meaning
catds	To display the contents of a dataset file.
cdds	To change the dataset directory.
chkds	To check the syntax in a dataset file.
edds	To modify a dataset file.
lsds	To list the dataset file and dataset directory names.
mkds	To create a dataset file or dataset directory.
pwdds	To show the current directory in the dataset directory tree.
rends	To rename a dataset file or dataset directory.
rmds	To delete a dataset file or dataset directory.

Configuring Backup Windows

The backup window defines the range of time the scheduled backups are allowed to run. The default backup window is daily 00:00 to 24:00. If there is no backup window defined, the scheduled backups are not going to run at all.

For production servers, you may want the backups to run daily only between 1 a.m. and 5 a.m. when there is minimal database traffic. To define a range of time for your backup window, perform the following steps:

1. Remove the existing daily 00:00-24:00 backup window, since it overlaps the backup window you want to create by issuing the rmbw command, as shown here:
   ob> rmbw daily
2. Issue the lsbw command.
   ob> lsbw

   There are no backup windows.

   This result indicates that the daily backup window is already removed.

3. To create the backup window, issue the addbw command. The following example defines the backup window daily from 01:00 to 0500:
   ob> addbw --times '01:00-05:00' ,mon,tue,wed,thu,fri,sat,sun

For other backup window commands, refer to Table 20–6.

Table 20–6. Backup Window Commands

Command	Meaning
addbw	To add a backup window.
chkbw	To check whether there is a backup window defined.
lsbw	To list the backup windows.
rmbw	To remove a backup window.
setbw	To modify a backup window.

Configuring Backup Schedules and Triggers

The backup schedule defines what data to backup, where to store the backup, and how the backup runs, while the triggers define when a backup is scheduled to run. For what data to backup, set the specific datasets. For where to store the backup, set the specific tape drives. If no specific tape drive is selected, then any available tape drive will be used. For how the backup runs, set the job priority and backup encryption options. The lower the value of the job priority number, the greater preference is assigned to the job by the scheduler. The default value of the job priority is 100 and no for the encryption option.

The following example uses the MKSCHED command to create a backup schedule named bllnx1_home-oracle.sched for dataset bllnx1_home-oracle.ds:

After creating the backup schedule, create a trigger to define when to run the scheduled backup. The following example uses the CHSCHED command to define a trigger for schedule bllnx1_home-oracle.sched to run daily at 02:00 (2 a.m.). The -a option means the addtrigger, the –d option means day, the –t option means time, and the –f means media family.

To display the information about the backup schedules, issue the lssched command, like so:

You just scheduled a backup named bllnx1_home-oracle.sched that is going to run daily at 2 a.m. To monitor the jobs, refer to the “OSB Job Monitoring” section in this chapter.

To remove a backup schedule, issue the rmsched command, as shown here:

Performing On-Demand File-System Backups

To run a one-time backup on a specific client host use the backup command. In the following example, the dataset file is bllnx1_home-oracle.ds, which was created earlier:

If you omit the --go option, the backup request is still in the queue. You can issue the lsbackup command to display the backup requests that are queued, as shown here:

To forward the backup request to the OSB scheduler, issue the following backup command with the GO option, as shown here:

To manually back up the OSB catalog of the admin server, issue the following backup command:

To monitor the backup jobs you have submitted, refer to the “OSB Job Monitoring” section of this chapter.

File System Restore

There are three options on how you can restore from a file-system backup:

• catalog-based restore
• raw restore
• obtar command

In a catalog-based restore, you provide the directory and file, which you can browse from the OSB catalog. In both the raw restore and the obtar command, you provide the volume ID and file number. The volume ID is the unique name (that contains the media family) assigned to a tape volume, and the file number is the number of the backup image on the tape volume. Both the catalog-based restore and raw restore are performed using the obtool utility, while the obtar commands are issued at the operating system prompt.

Performing Catalog-Based Restore

For a catalog-based restore, you can browse the OSB catalog to determine and verify the files you want to restore. In the following example, you want to restore the file /home/oracle/scripts/rmanbkup.sh of the client host BLLNX1. To restore the files using the OSB catalog, perform the following steps:

1. Set the host variable to BLLNX1, which is the source host.
   ob> set host BLLNX1
2. Issue the cd command to navigate to the directory.
   ob> cd /home/oracle/scripts
3. Issue the ls command to verify the files in the directory.
   ob> ls -l rmanbkup.sh
-rwxr-xr-x   oracle.oinstall  782      2010/01/13.18:14 rmanbkup.sh        (0)
4. Issue the restore command.
   ob> restore '/home/oracle/scripts/rmanbkup.sh' --go

To monitor the restore job, refer to the OSB Job Monitoring section (covered a bit later in this chapter).

Performing a Raw Restore

To restore a data using the raw restore, you must know the volume ID and file number where to extract the data from. However, you know that the backups are using a particular media family, which can make the search a bit easier.

In the following example, you are going to restore the file /home/oracle/scripts/rmanbkup.sh from a tape volume that has media family APRESS_OS.

1. Issue the lsvol command with --contents option to display the contents of the volumes associated to media family APRESS_OS:
   ob> lsvol --contents --family APRESS_OS --nobarcode
VOID    OOID Seq Volume ID          Family      Created     Attributes
2845    2845   1 APRESS_OS-000001   APRESS_OS   10/21.04:41 open; closes 10/28.04:41
        BSOID  File Sect  Level  Host                  Size Created     Attributes
        31250     1 1         0  BLLNX1            208.6 MB 10/21.04:41
        31258     2 1         0  BLLNX1            208.8 MB 10/21.06:04
        31260     3 1         0  BLLNX1            210.1 MB 10/21.12:23
        31261     4 1         0  BLLNX1            210.1 MB 10/21.12:34
2. According to the output shown above, you want to restore from a backup taken on 10/21.06:04 (i.e. October 21 at 6:04am). The corresponding file number is 2, and the volume ID is APRESS_OS-000001. Issue the following restore command, as shown here. The -R option indicates a raw restore operation and does not use an OSB catalog, while the –F option means the filenumber, and the –v option means the volume ID.
   ob> restore -R -F 2 -v APRESS_OS-000001 /home/oracle/scripts/rmanbkup.sh --go

To monitor the restore job, refer to the “OSB Job Monitoring section” of this chapter.

Performing an obtar Restore

When you run the OSB restores, they are actually translated to obtar commands in the background. The obtar commands are issued at the operating system level. The obtar command is seldom used to perform restore operations, since you need to provide the volume ID and file number, which is not readily available especially if you have no access to the OSB catalog.

In the following example, you are going to restore the file /home/oracle/scripts/rmanbkup.sh from the tape that has volume ID APRESS_OS-000001 at file number 2.

1. Issue the loadvol command to manually load the tape that has volume ID APRESS_OS-000001 to an available tape drive. Here I used tape drive vdrive8.
   ob> loadvol -D vdrive8 --volume APRESS_OS-000001
2. To check the contents of the tape, issue the obtar command with -t option.
   $ obtar -t -f vdrive8
3. To perform the restore operation using the obtar command, issue the following command with the -x option. The -F option means the file number, and the -k option avoids overwriting the existing file.
   $ obtar -F 2 -x -f vdrive8 -k /home/oracle/scripts/rmanbkup.sh
4. Since you restore using the obtar command, which is executed at the operating system level, you can't monitor the restore job using the obtool utility. However, one way to verify whether the file is restored is to issue the ls OS command.
   $ ls -l /home/oracle/scripts/rmanbkup.sh

OSB Job Monitoring

You submitted a backup or restore operation for an Oracle database using RMAN or file-system data using Oracle Enterprise Manager (OEM), OSB Web tool, or obtool utility, and you want to check whether the job is active, pending, or completed. To check the status of an OSB job, issue the lsjob command and catxcr command to show the details about the operation of a job.

Listing Jobs

To display the jobs that are still running, issue lsjob command with the --active or -a option. For other job states, use --complete or -c option for completed jobs, --pending or -p for pending jobs, --inputrequest or -i for jobs currently requesting input, and --all or -A to display all jobs regardless of the job state. For example, to list active jobs:

For RMAN jobs, use the --dbname or -d option to limit the output for a specific Oracle database. If you know the database ID, you can use the --dbid or -I option instead. This example uses the dbname parameter:

In the following output, the State column indicates that the job is still running. Once the job is done without errors, the State column displays “completed successfully.”

For file-system jobs, use the --host or -h option to limit the output for a specific client host, as shown here:

To monitor active jobs, use the lsjob command. If there are several active jobs running, you can filter the output by providing the job ID. However, if the job is already completed, you can use the same command, but you need to remove the -a option and provide the corresponding job ID. I usually run the lsjob command with the following options:

The prior command displays detailed information about the status of the job. Here is some sample output:

In the output shown above, the lsjob command displays all active jobs using the -a option. Aside from showing the information about the job ID, scheduled time, contents and job state, the -l option shows more information, such as the RMAN backup piece, media family, encryption status, priority number, the host where the job runs, and number of times OSB attempted to run the job. The --subjobs or -j shows the subordinate job (subjob), which is apress_oracle/83.1. The --progress or -o option shows the progress of the active job, which is 744.7 MB processed so far. The --requires or -R option show resources required to run each job, which is media family APRESS_RMAN and any device. The --log or -L option shows the log associated for the job, which is the log information shown at the bottom of the output. The --times or -C option shows all relevant times for each job, such as introduction time, earliest exec time, last update time, and expire time.

Showing Job Transcripts

Aside from the lsjob command to help monitor the OSB job, you can issue the catxcr command to gather detailed information about the operation of the job. The --folow or -f option shows the transcript as the file grows, which is useful when monitoring active jobs. The --msgno or -m shows the number for each line in the transcript. The --level or -l option indicates the message level, which is useful to generate additional messages for debugging or troubleshooting. For example:

If you run an RMAN backup and allocated two RMAN channels for SBT_TAPE, then two sub-jobs are created. The lsjob command with the --subjobs option displays details for each sub-job. For example:

The prior output shows two sub-job IDs, namely apress_oracle/88.1 and apress_oracle/88.2, which is one for each of the two RMAN channels. To show the transcript of a particular sub-job, provide the sub-job ID apress_oracle/88.2, as shown here:

Virtual Test Devices

You may relate to the expression “experience is the best teacher.” You have read this chapter, and you want to try the OSB commands and examples yourself. However, you don't have a physical tape device connected to any test servers in your environment. In this situation, where you are going to install and experiment with OSB? Well, you can configure a virtual test device solely for testing purposes.

To configure a virtual test device, perform the following steps. In this example, the hostname of the media server is BLLNX3.

1. Logon as the oracle OS user at your designated media server of the OSB administrative domain.
   $ su - oracle
2. At the OSB media server, create a directory that hosts the virtual storage elements and virtual tape devices. Make sure you have enough disk space on the mount point where you are going to create the directory.
   $ mkdir /osb_vdevices
3. Logon as admin user to the obtool utility, and provide the corresponding password.
   $ obtool -u admin
 Password:
4. Configure the virtual tape library by running the following mkdev command using the -t option to specify the device as a tape library and the -v option to specify as a virtual tape library. The -S option specifies the number of storage elements. The -I option specifies the number of export and import elements. The -o option specifies that the tape device is logically available to OSB. The -B option with the yes value specifies that the barcode reader is present. The -a option attaches the virtual library vlib1 to directory /osb_vdevices/vlib1 of host BLLNX3.
   ob> mkdev -t library -v -S20 -I2 -o -B yes -a BLLNX3:/osb_vdevices/vlib1  vlib1
5. Configure the virtual tape devices by running the following mkdev command using the -t option to specify the device as a tape device and the -v option to specify as a virtual tape device. The -o option specifies that the tape device is logically available to OSB. The -l option specifies the name of the associated tape library. The -d option specifies the data transfer element (DTE). The -a option attaches the virtual tape vdrive1 to directory /osb_vdevices/vdrive1 of host BLLNX3. To configure additional virtual tape devices, run the same mkdev command. However, for the second virtual tape device, change the name vdrive1 and directory /osb_vdevices/vdrive1 to vdrive2 and directory /osb_vdevices/vdrive2, respectively, and so on.
   ob> mkdev -t tape -v -o -l vlib1 -d1 -a BLLNX3:/osb_vdevices/vdrive1  vdrive1
6. Run the insertvol command to manually insert a volume to the tape library. The -L option specifies the library name, which is vlib1. Since there are 20 storage elements defined when the virtual library is created, then issue unlabeled 1-20 to insert 20 new volumes.
   ob> insertvol -L vlib1 unlabeled 1-20
7. Issue the lsvol command to display the volumes in the tape library vlib1.
   ob> lsvol -l -L vlib1

OSB Software Upgrades

You have an older version of the OSB installed and you want to upgrade to the current release. To perform an OSB upgrade, perform steps similar to installing OSB. However, before performing the OSB upgrade, make sure to backup the OSB catalog in the admin server and stop the OSB daemons and services at all hosts in the administrative domain. Also, upgrade the admin server first, then the media servers and client hosts.

For OS-specific commands to start and stop OSB services, refer to Table 20–7. You must have root privilege on Linux/Unix or be a member of the Administrators group for Windows to run these commands.

Table 20–7. OSB Service Shutdown and Startup Commands

Operating System	Shutdown Command	Startup Command
Linux	/etc/init.d/observiced stop	/etc/init.d/observiced start
Solaris	/etc/init.d/OracleBackup stop	/etc/init.d/OracleBackup start
AIX	/etc/rc.d/init.d/OracleBackup stop	/etc/rc.d/init.d/OracleBackup start
HP-UX	/sbin/init.d/OracleBackup stop	/sbin/init.d/OracleBackup start
Windows	net stop observiced	net start observiced

Summary

OSB is a tool you can use to back up and restore operating system files to and from tape. OSB is a full-featured tape management utility. OSB can be integrated with RMAN to facilitate the backup of database files directly to tape. This provides you with extra data protection in the event that the entire server or data center experiences a failure.

OSB is available in two editions: Oracle Secure Backup Express and Oracle Secure Backup. The Express version is available for use without extra licensing costs and is suitable for small shops with one server and one physical tape device. The full-fledged Oracle Secure Backup edition is suitable for distributed servers across multiple platforms (Linux, Unix, Windows).

You can access OSB through graphical tools like Enterprise Manager and OSB Web tool or through command line tools such as obtool. This chapter focused on demonstrating how to use the command line obtool for backup and restore operations.

This chapter concludes the section covering backup and recovery. The next chapter focuses on automating jobs and database troubleshooting.