<Insert Picture Here>

Oracle Secure Backup 10.3

Secure Your Data, Protect Your Budget
2
<Insert Picture Here>
Program Agenda
Oracle Secure Backup Overview
Whats New in Oracle Secure Backup 10.3
Ease of Management
Data Protection: Security
Advanced Media and Device Management
Summary
Q & A
3
Oracle Secure Backup (OSB)
Enterprise Tape Backup Management
Oracle Enterprise
Manager
Oracle Database Oracle Database
RMAN Integration
Oracle Secure Backup
Tape
Library
Virtual
Tape
Library
(VTL)
Protects Entire IT
Environment
Oracle Database 11g Release 2
back to Oracle9i
25 40% faster tape backup
Heterogeneous file systems (UNIX/
Linux / Windows) and NAS devices
Built-in Oracle Integration
Centralized management in
distributed environments
Over 75% less expensive than
comparable products
File System Data File System Data
4
Oracle Integrated Solution
Secure Backup (OSB), Recovery Manager (RMAN),
and Enterprise Manager (EM)
Performance optimizations: RMAN and OSB cloud or tape backups
Unused block compression
Eliminate backup of committed undo
Shared buffer between RMAN and OSB improves CPU utilization
Tape vaulting optimizations: OSB and RMAN integration
RMAN restore database preview identifies offsite backup tapes
RMAN restore database preview recall initiates OSB recall of
tapes for restoration
Management Interface: OSB and EM Grid Control
Manage file system and Oracle database data protection
and administration for the backup domain
5
Centralized Tape Backup Management
Client / Server Architecture
LAN
Administrative
Server
Clients
Media
Server(s)
Tape Library
Virtual Tape
Library (VTL)
Central Management
Data protection for heterogeneous, distributed
servers managed from a central console,
Administrative Server
Media servers may be direct-attached or SAN-
attached to tape devices
OSB communicates directly with the client host to
backup mounted file systems and storage
Oracle database(s) may be located on any client
or media server within the backup domain
NAS
UNIX / Linux / Windows
Storage
6
Oracle Secure Backup 10.3
Key New Features
Advanced tape management
Server-less tape duplication for Virtual Tape Libraries (VTL)
Improved tape vaulting automation and management
Expanded backup encryption options:
Support LTO-4 tape drive encryption
Seamless key management between host-based or LTO-4
encryption
IPv6 support
Improved manageability:
Progress status reported during backup / restore
Device configuration accuracy checks
New monitor user class complementing EM Grid capabilities
Advanced Functionality at NO Extra Cost!
7
IT Cost Savings 75%+
Migration to Oracle Secure Backup
Imagine how much annual maintenance youll save!!!
Oracle Secure Backup is licensed at $3500 per tape drive.
8
Feature
Oracle Secure
Backup
Oracle Secure
Backup Express
Integration with RMAN
File system backups
Multiple tape drives or servers
No
Networked backups
No
Backup encryption
No
Vaulting
No
Tape duplication
No
Free, bundled with Oracle
No
Two Editions
Protecting all Oracle Database Editions
9
<Insert Picture Here>
Ease of Management
10
Oracle EM Grid 10.2.0.5
OSB Domain Management
Oracle Enterprise Manager
Grid 10.2.0.5
New Integration
File system backup / restore
Media lifecycle management
Media families, vaulting and
duplication
Browse host files, then select
for one-time backup or dataset
creation
Restore by backup or selected
files within the backup
Oracle Database Oracle Database
RMAN Integration
Oracle Secure Backup
File System Data File System Data
OSB Administrative Server
Monitored by EM with
EM alerting and notifications
11
File System Protection
UNIX / Linux / Windows and NAS Devices
File System Data File System Data
File system backup / restore management
EM Grid Control 10.2.0.5, OSB web tool or unified command line (obtool)
Recurring backup schedule or Backup Now
Full, incremental, and offsite backup levels
Backup / restore of Network Attached Storage (NAS) devices using Network
Data Management Protocol (NDMP)
Standards-complaint tape format: extended TAR or NDMP dump
Tree-style catalog browsing for restoration to original or alternate location
Automatic recall of tapes located offsite to perform the restore operation
Refer to the certification matrix on metalink.oracle.com for list of supported
platforms, operating systems and NAS devices
12
Oracle Database Protection
RMAN and OSB Integration
Oracle database backup / recovery management
Utilize RMAN or Oracle EM (DB Control or Grid Control) restoring to original or
alternate location
Oracle Secure Backup provides the media management layer for RMAN
Exclusive performance optimizations achieving 25 40% faster backup
Exclusive vaulting integrations identifying and recalling offsite tape for restore
Encrypted backups using either RMAN or OSB encryption capabilities
Metadata regarding RMAN backup pieces is maintained within OSB catalog
Volumes may be queried for list of backup pieces contained by volume
User-defined tape retention methodology for Oracle database backups
Leverage RMAN retention parameters (content-managed tapes)
RMAN delete obsolete command updates OSB catalog
OSB keep time setting (time-managed tapes)
Oracle Database Oracle Database
RMAN Integration
13
Domain Administration
More Control at Your Finger Tips
Extend a tapes expiration date
Enable or disable schedules
Remove volumes from the catalog
(Physically lost tapes)
Check progress of job how much
data backed up thus far
Define name displayed in from line
of OSB generated emails
Inventory all or part of a library
New In OSB 10.3
14
Oracle Secure Backup Catalog
Automated Backup of the Administrative Server
Catalog protection is pre-configured:
Unique dataset created containing all catalog
directories on the Administrative Server
Media family specific to the catalog defined
insuring the tapes are readily identifiable
Catalog backup scheduled and ready for user-
input on frequency of backups
New dataset directive: Include Catalog
Captures all catalog directories without having
to explicitly list them
Tape Device
15
Broad Tape Device Support
Support for over 200 new and legacy devices
SCSI, Fibre, SAS and iSCSI connectivity
Dynamic drive sharing maximizes tape drive utilization in SANs
Partners
Physical and Virtual Devices
16
Device Configuration - Accuracy
Verify Utility and Policy
OSB vfylibs command verifies accuracy of configuration
Device policy, checkserialnumbers, identifies drive changes alerting
possible mis-configuration
____________
____________
____________
____________
____________
____________
____________
____________
____________
____________
____________
____________
____________
____________
____________
____________
DTE1
DTE2
DTE3
Tape Library
Storage
Elements
Media Server
New In OSB 10.3
Vf yl i bs utility should be
run after any device
updates
Serial number checking
policy proactively queries
for device changes
Attach points
Houston, we have a problem
17
<Insert Picture Here>
Data Protection: Security
18
Security: Data and Backup Domain
Policy-Based Management
Guarding access to the backup domain
User-level access control
Direct access to tape devices restricted to
Trusted hosts
Embedded SSL technology provides secure transport of backup data
and messages between two-way authenticated servers
Securing backup data on tape
Backup encryption protects data on tape while onsite, offsite or lost
User selectable encryption algorithms AES128, AES192 or AES256
Backup encryption policies at backup, host or domain level
19
Users-Level Access Control
osbuser1 can only
backup and restore data
accessible to
UNIX name: jdoe
UNIX group: sysadmin
User Class assigns the user
to a set of Oracle Secure
Backup specific privileges.
OSB user may have preauthorized access eliminating the login process
Performing Oracle database backups using RMAN requires RMAN user
preauthorization within OSB
20
A unique, identifying X.509
certificate is automatically created
during installation
The OSB Administrative
Server is the Certificate
Authority (CA)
TWO-WAY HOST AUTHENTICATION
Proven SSL Embedded Technology
Delivers Two Important Security Requirements
OSB messages and data are
encrypted as part of SSL
communication
Encrypted backups are not re-
encrypted for transport
PROTECTS DATA WHILE IN TRANSIT
LAN
SSL decryption
upon arrival
101010
101001
010101000
1010010101
Client
Media Server
Tape Library
NOTE: OSB embedded SSL benefits do not apply to NAS hosts
21
Host-based and Hardware Encryption
Backup Encryption Per User-Policies
OSB Host-based Encryption:
Encryption performed on the
host
AES128, AES192 or AES256
algorithms
Seamless Encryption Key
Management
LTO-4 Tape Drive Encryption:
Encryption performed by the
LTO-4 tape drive
AES256 algorithm
Backups from NAS hosts
may be encrypted
New In OSB 10.3
Encryption policies defined at global,
host, volume or backup level
OSB Key generation:
Transparent or passphrase
Rekey frequency per user policy
Encryption keys stored centrally on
Administrative Server
22
Transient Backup Encryption
Ideal for backups intended to be restored at alternate site or OSB
domain
Transient encrypted backups are one-off type backups
Configured as part of an immediate backup not backup schedule
User-defined passphrase generates encryption key for the backup job
which applies to all volumes in the set
Prior to restore within alternate OSB domain, tapes must first be
imported to update the OSB catalog
Passphrase input during restore decrypts backup
Site A
Site B
Oracle Secure Backup Oracle Secure Backup
Decrypted
23
<Insert Picture Here>
Advanced Media and
Device Management
24
Media Management:
Retention, Duplication and Vaulting
Tapes managed from first write to reuse based on user-defined
media families, duplication and rotation policies
25
Tape Management
As Easy as 1,2,3,4,5.
Define tape pools, storage locations, policies
and schedules:
Media Family(s)
1 1
Association:
Map policy(s) to media family
4 4
Schedules:
Vaulting, duplication
5 5
Policies:
Vaulting, Duplication
3 3
Storage*
Location(s)
2 2
*OSB automatically defines active locations(tape devices) for all configured devices.
26
Rotation and Duplication Policies
Automates Rotation of Tapes Between Locations
Media Family
Rotation Policy
Tapes are moved between
locations based on rotation policy
Defines which locations the tapes will
reside and duration at each location
Trigger for when tapes eligible to move
Duplication Policy
Defines which media family
duplicate will use (same or different
from original tapes)
#of duplicate copies needed
Trigger for when tapes eligible for
duplication
Optional: Associate a rotation and / or
duplication policy to a media family
27
Vaulting and Duplication Scan Schedules
Rotates or Duplicates Eligible Tapes Per Policy
Schedules:
Each schedule has
associated trigger
Scans OSB catalog
identifying eligible tapes
for rotation or duplication
per respective policies
Multiple schedules may
used with each
designing different
locations
Trigger(s) Defined Per Schedule
This example
includes 3 triggers.
28
Vaulting Scan Schedule
Identifies Tapes by Location and Media Family
Vaulting schedules may be
defined:
Globally
Per location
By media family (new in OSB 10.3)
Media Family
Locations
Storage or Active
Based on vaulting schedule triggers, OSB scans the catalog to determine
which tapes are eligible for rotation per the user-defined rotation policy.
29
Managing Tape Vaulting
Vaulting scan generates a media movement job
Vault Now, one-off scan outside of regular schedule New in OSB 10.3
Based on triggers associated with Vaulting Scan Schedules
Media Movement job includes all tapes eligible for rotation per policy
This job can run automatically or have pending status until run by user
Each media movement job has associated pick and distribution report
Reporting
Pick and distribution reports
Location, schedule and exception reports
In transit and missing (as marked by user) reports New in OSB 10.3
30
Automated Tape Duplication
Tape duplication may occur per policy or on one-off, on-demand basis
Migrate option copies the tape then deletes the original
Commonly used to reclaim space on VTL for backup jobs
Seamlessly restore from original or duplicate tape
OSB will automatically choose tape in closest physical proximity
Original and duplicate tapes uniquely identified within OSB catalog
Duplicate tapes may have the same or different retention and rotation
schedule
Original :
X Media Family
Duplicate
X Media Family
Duplicate
Y Media Family
31
Server-less Tape Duplication
Increased duplication
performance
Eliminates data
movement through
media server
OSB catalog updated
with metadata of
duplicate tape
VTL must support
NDMP tape copy
functionality
Traditional Tape Duplication
Server-less Tape Duplication
Media Server
Administrative
Server
VTL
Physical Tape Library
Duplicated backup
data
Metadata, control
messages
New In OSB 10.3
Media Server
VTL
Physical Tape Library
32
Policy-Based Media Management
In Action
Tapes duplicated to another media family may have different retention
and rotation schedule than original tape
5-Week Tape Retention
2-Year Tape Retention
33
<Insert Picture Here>
Summary:
Enterprise Data Protection
Multi-faceted Security
Advanced Media Management
34
Reliable, built-in integration with Oracle
25 40% faster Oracle database backup to tape
Data protection for your entire IT environment
Advanced policy-based data protection management
75%+ less expensive than comparable products
Why Oracle Secure Backup?
Top 5 Reasons
1 1
2 2
3 3
4 4
5 5
35