Written by KH Wissem Introduction When every Oracle database administrator think about backing up an Oracle production database, the first method that comes into their mind to follow the book. Following the book and best practices involves using the Oracle Recovery Manager as a first method of backing up an Oracle database. Migrating or building the Oracle database into the cloud computing open different methods of database management and backups. Some of the methods are: Using Oracle Recovery Manager. Using AWS (Amazon Web Services) Storage Gateway snapshots. Amazon RDS: Frees the DBA up from managing the backups. There is no a full recommended method of backups on AWS. Every method has its pros, cons and the criteria to choose the method depends more on the environment and meeting recovery SLAs. When the requirements involve making the Oracle production environment supportable and having the option to perform the database Point-In-Time Recovery, the Oracle Recovery Manager (RMAN) becomes the first option. There are two strategies to backup an Oracle database: Using RMAN Based Disk strategy. Using Tape backup strategy; in cloud computing, also called Backup to Cloud Storage. Backup to Cloud Storage Benefits Disaster Recovery (DR) good practice involves backing up the Oracle database in site (disks) and offsite (Tape). The “in site” backup is for fast recovery, where the offsite is for a complete loss of the database server (between other reasons). Shipping the tapes to be stored offsite is costly; requires hardware, personal and security. The pricing and operational characteristics of Cloud Storage make it an attractive alternative to shipping tapes offsite. Cloud storage offers pay-as-you-go, provisioning, with low prices. Amazon Web Services (AWS) is the first Cloud vendor that Oracle has partnered with to enable database backup in the Cloud. Simple Storage Service (S3) is the main storage offering of AWS. Amazon Simple Storage Service is storage for the Internet. It is designed to make web-scale computing easier. S3 has a simple web services interface that you can use to store and retrieve any amount of data, at any time, from anywhere on the web. It is highly scalable, reliable, fast, inexpensive data storage. In this article, we will talk about the leader Cloud provider; Amazon Web Services (AWS); we will explain a bit of the basis of the backup to Cloud Storage, the installation of the components to be used to accomplish the backup, and the steps to back up the Oracle databases using RMAN. Requirements The following items must be accomplished to reproduce the practical steps in your environment. You need a valid Oracle OTN account: register for Oracle Technology Network (OTN). The account is required to install the Oracle Secure Backup Cloud module. An Amazon Web Services account: Sign up to the Amazon S3 website (http://aws.amazon.com/s3). After registration, users will be provided a pair of access identifiers called the Access Key ID and the Secret Access Key. Oracle software and database are installed in the target server. The following steps work for a Linux based system. Please note I highlight the commands to be run in blue followed by the output of the commands in black. Prepare the environment: 1. Download and install java: You need to install java. The step below shows the Java 8 installation. $ yum install java $ java -version openjdk version "1.8.0_65" OpenJDK Runtime Environment (build 1.8.0_65-b17) OpenJDK 64-Bit Server VM (build 25.65-b01, mixed mode) 2. Download and prepare the Oracle Secure Backup Cloud Module Download the OSB Cloud Module for Amazon S3 installer (osbws_installer.zip) from OTN web page and copy it over to the database server. You can find the installer in the following link: http://www.oracle.com/technetwork/products/secure-backup/secure-backup-s3-484709.html As the Oracle software owner, copy and unzip the OSB Cloud Module for Amazon S3 installer archive to a directory. $ id uid=501(oracle) gid=501(oinstall) groups=501(oinstall),502(dba),503(oper) $ mkdir -p ~/software/osbws $ cp osbws_installer.zip ~/software/osbws $ cd ~/software/osbws $ unzip osbws_installer.zip Archive: osbws_installer.zip inflating: osbws_install.jar inflating: osbws_readme.txt 3. Create a directory for the secure Oracle wallet The Oracle wallet will be created by the installer and used to store your AWS S3 credentials. $ mkdir -p $ORACLE_HOME/dbs/osbws_wallet Install and configure the Oracle Secure Backup Cloud Module for Amazon S3 Before installing the Oracle Secure Backup module for Amazon S3; some steps have to be done to configure S3 and AWS IAM Users, Groups and Policies. The Amazon Web Service Administrator has to give the IAM user or group all the required privileges to create / delete an S3 bucket. The best practice is to create an S3 group and add all IAM users managing the Oracle backups to that centralized S3 group. The Amazon Web Service Administrator has to provide the oracle DBA with the Amazon Web Service Identifier (AWSID) and the Amazon Web Service key (AWSKey). 1. Install and configure Oracle Secure Backup Cloud Module for Amazon S3. Once the IAM user is created with its proper privileges. You can Install and configure Oracle Secure Backup Cloud Module for Amazon S3. $ cd ~/software/osbws $ java -jar osbws_install.jar You can also review the osbws_readme.txt file for more details. 2. Run OSB Cloud Module for Amazon S3 Installer Script Run the OSB Cloud Module for Amazon S3 installer script created from the previous step. The installer will download the software library and configure the environment for running Oracle database backups to the Amazon S3. You need to provide the AWSID and AWSKey provided by the AWS administrator along with a valid OTN account, OTN password, the wallet directory location, the proxy host and the proxy port. The location indicates the AWS region where the backups will be located. I have masked all my information with “XXXX”; you can replace them by the information from your site. java -jar osbws_install.jar -AWSID XXXXX -AWSKey XXXX -otnUser wissem@XXXX.com -otnPass XXXX -walletDir $ORACLE_HOME/dbs/osbws_wallet -libDir $ORACLE_HOME/lib/ -proxyHost XXXX -proxyPort 443 -Location eu-west-1 -debug Here is the full output: bash-4.1$ java -jar osbws_install.jar -AWSID XXXXX -AWSKey XXXX -otnUser wissem@XXXX.com -otnPass XXXX -walletDir $ORACLE_HOME/dbs/osbws_wallet -libDir $ORACLE_HOME/lib/ -proxyHost XXXX -proxyPort 443 -Location eu-west-1 -debug Oracle Secure Backup Web Service Install Tool, build 2015-11-03 Debug: os.name = Linux Debug: os.arch = amd64 Debug: os.version = 3.8.13-98.el6uek.x86_64 Debug: file.separator = / Debug: Platform = PLATFORM_LINUX64 Debug: AWS Success, owner=aws-root_001, id=XXXX AWS credentials are valid. Creating new registration for this S3 user. Debug: Creating log bucket=oracle-log-aws-root-1, location=eu-west-1 Debug: Caught exception message=no content-type - ignoring Created new log bucket. Debug: AWSAuthConnection.put, request=[sun.net.www.protocol.http.HttpURLConnection:http://oracle-log-aws-root-1.s3.amazonaws.com:80/registration%2F87895743-4356-40b1-8533-1fbb25232c04.xml] Debug: put map size=[2] Debug: put Header key=[Date], value=[Thu, 03 Dec 2015 14:18:13 GMT] Debug: put Header key=[Content-Type], value=[] Registration ID: 87895743-4356-40b1-8533-1fbb25232c04 S3 Logging Bucket: oracle-log-aws-root-1 Validating log bucket location ... Debug: Get location HTTP response: 200 - OK Debug: bucket location = [eu-west-1] Validating license file ... Debug: Get license file HTTP response: 200 - OK Oracle Secure Backup Web Service wallet created in directory /jv01/app/oracle/product/11.2.0/db_1/dbs/osbws_wallet. Oracle Secure Backup Web Service initialization file /jv01/app/oracle/product/11.2.0/db_1/dbs/osbwstest.ora created. Downloading Oracle Secure Backup Web Service Software Library from file osbws_linux64.zip. Debug: Temp zip file = /tmp/osbws_linux64279558196917423420.zip Downloaded 26724150 bytes in 53 seconds. Transfer rate was 504229 bytes/second. Download complete. Debug: Delete RC = true From the output above, the installer has created an S3 bucket called oracle-log-aws-root-1. An Oracle Secure Backup Web Service initialization file called osbwstest.ora is created (where test is the SID of our Oracle database). Sometimes we need to re-register because our first run finished with permission errors or any other error. In this case, you can run the following: java -jar osbws_install.jar -AWSID XXXX -AWSKey XXX -otnUser wissem @XXXX.com -otnPass xxxx -walletDir $ORACLE_HOME/dbs/osbws_wallet -libDir $ORACLE_HOME/lib/ -proxyHost XXXX -proxyPort 443 -Location eu-west-1 -debug -reRegister The debug option allows having more details about the run; this option is useful when you want to supply the Oracle Support with detailed information about the errors generated. 3. Modify Oracle Recovery Manager's Media Management Configuration To prevent the sbt library automatically creating the data-bucket, specify the existing bucket to the library using the following parameter in the sbt library parameter file. If you are not using the proxy server to access the public network from within your company's private network, I suggest to remove the parameters proxyHost and OSB_WS_PROXY from the osbwstest.ora file. At the same time, specify the OSB_WS_BUCKET parameter like below: -bash-4.1$ cat /jv01/app/oracle/product/11.2.0/db_1/dbs/osbwstest.ora OSB_WS_HOST=http://s3.amazonaws.com OSB_WS_LICENSE_ID=XXXX OSB_WS_LOCATION=eu-west-1 OSB_WS_WALLET='location=file:/jv01/app/oracle/product/11.2.0/db_1/dbs/osbws_wallet CREDENTIAL_ALIAS=aws-root_aws' OSB_WS_BUCKET=oracle-log-aws-root-1 -bash-4.1$ RMAN Configuration and settings This section demonstrates the steps to store the configuration information for the Cloud Backup module in the RMAN repository so that it does not need to be specified each time a backup is invoked. 1. Modify Oracle Recovery Manager's Media Management Configuration Let’s modify the Oracle Recovery Manager (RMAN) media management configuration to redirect traditional tape backups to the Cloud (Amazon S3) in the RMAN repository: -bash-4.1$ rman target / Recovery Manager: Release 11.2.0.3.0 - Production on Thu Dec 3 09:41:33 2015 Copyright (c) 1982, 2011, Oracle and/or its affiliates. All rights reserved. connected to target database: TEST (DBID=2195264396) RMAN> configure channel device type sbt parms 'SBT_LIBRARY=/jv01/app/oracle/product/11.2.0/db_1/lib/libosbws.so SBT_PARMS=(OSB_WS_PFILE=/jv01/app/oracle/product/11.2.0/db_1/dbs/osbwstest.ora)'; RMAN> configure default device type to 'sbt_tape'; new RMAN configuration parameters: CONFIGURE DEFAULT DEVICE TYPE TO 'SBT_TAPE'; new RMAN configuration parameters are successfully stored 2. Test the Oracle Recovery Manager's Media Management Configuration This step is completely optional, but verify the installation. Call the diagnostic tool called sbttest. This utility performs a simple test of the media management software by attempting to communicate with the media manager as the Oracle database server would. -bash-4.1$ sbttest osbws_readme.txt -dbname test The sbt function pointers are loaded from libobk.so library. -- sbtinit succeeded -- sbtinit (2nd time) succeeded sbtinit: vendor description string=Oracle Secure Backup sbtinit: Media manager is version 3.15.11.4 sbtinit: Media manager supports SBT API version 2.0 sbtinit: allocated sbt context area of 1088 bytes -- sbtinit2 succeeded -- regular_backup_restore starts ................................ -- sbtbackup succeeded write 100 blocks -- sbtwrite2 succeeded -- sbtclose2 succeeded sbtinfo2: SBTBFINFO_NAME=osbws_readme.txt sbtinfo2: SBTBFINFO_COMMENT=Oracle Secure Backup Web Services Library sbtinfo2: SBTBFINFO_METHOD=stream sbtinfo2: SBTBFINFO_ORDER=random access sbtinfo2: SBTBFINFO_SHARE=multiple users sbtinfo2: SBTBFINFO_LABEL=s3.amazonaws.com/oracle-log-aws-root-1 -- sbtinfo2 succeeded -- sbtrestore succeeded file was created by this program: seed=539916088, blk_size=16384, blk_count=100 read 100 buffers -- sbtread2 succeeded -- sbtclose2 succeeded -- sbtremove2 succeeded -- regular_backup_restore ends ................................ -- sbtcommand succeeded proxy copy is not supported -- sbtend succeeded *** The SBT API test was successful *** -bash-4.1$ From the output above, the SBT API test was successful, so far we are good. 3. RMAN to S3 Backup script example: You can back up your Oracle database according to your environment needs, but here I am sharing a simple to full back up an Oracle database. CONNECT TARGET / run { allocate channel d1_tape_backup DEVICE TYPE 'SBT_TAPE' PARMS 'ENV=(OSB_WS_PFILE=/jv01/app/oracle/product/11.2.0/db_1/dbs/osbwscorsprd.ora),SBT_LIBRARY=/jv01/app/oracle/product/11.2.0/db_1/lib/libosbws.so'; allocate channel d2_tape_backup DEVICE TYPE 'SBT_TAPE' PARMS 'ENV=(OSB_WS_PFILE=/jv01/app/oracle/product/11.2.0/db_1/dbs/osbwscorsprd.ora),SBT_LIBRARY=/jv01/app/oracle/product/11.2.0/db_1/lib/libosbws.so'; backup as compressed backupset database; sql 'alter system archive log current'; backup as compressed backupset archivelog all not backed up; backup current controlfile; release channel d1_tape_backup; release channel d2_tape_backup; } Conclusion In this article we have introduced the AWS Backup to Cloud Storage. We have explained a bit some of the AWS components and the benefits of using the Simple Storage Service (S3). We have installed and configured the Oracle Secure Backup Cloud Module for Amazon S3. Later, we have adjusted the Oracle RMAN settings to back up the database to the Amazon S3. We give an example of how to back up the database suing RMAN to the Amazon S3. In the next article, we will see all the steps to restore an Oracle 12c instance from the Amazon S3 using RMAN.
↧