Skip Headers
Oracle® Database Backup and Recovery Reference
11g Release 2 (11.2)

Part Number E10643-01
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
View PDF

Backup On the Cloud

The OSB Cloud Module is part of the OSB product family and now provides the flexibility to back up data to tape as well as to the Amazon S3 Cloud. With this cloud offering, local disk backups are sent directly to Amazon S3 for offsite storage and are fully integrated with RMAN's features and functionality. In addition, OSB Cloud Module backups work with tools like Oracle Enterprise Manager and your customized RMAN scripts.

You can use the Oracle Secure Backup Cloud Module to backup databases starting with Oracle Database 9i Release 2 or higher.

Getting Started

In order to use OSB Cloud Module on Amazon S3, you must set up both an Oracle Technical Network (OTN) and an Amazon Web Services (AWS) account. You also need the S3 Backup installer and a compatible version of Java software.

Here are the steps to set up, install, verify and run the OSB Cloud Module:

Hardware and Software Prerequisites

The prerequisites for the OSB Cloud Module:

Hardware/Software Version
Java JDK 1.5 or later on the computer where you plan to run the S3 Backup Installer
Supported Platforms
  • Linux x86
  • Linux x86-64

  • Microsoft Windows (32-bit)

Oracle Database You can backup databases starting with Oracle Database 9i Release 2 or later
S3 Backup Installer File osbws_install.jar

The installer downloads the library that is appropriate for the platform it is running on. It also creates the library configuration file and the Oracle Wallet where the AWS credentials are stored.

If you are using Oracle provided Amazon Machine Images (AMIs) to run the Oracle Database on Amazon's Elastic Compute Cloud (EC2), the installer is already downloaded and can be found in the /home/oracle/scripts directory. Otherwise, you can download the file from the Cloud Computing Center link found on the Oracle Technical Network (OTN) website.

Oracle Wallet Directory The Oracle Wallet Directory stores your AWS identifiers and must exist before you can run the S3 Backup installer. If you have not set up a wallet directory then you must create one.

Here are the suggested platform-specific locations for the wallet directory:

  • Linux: $ORACLE_HOME/dbs/osbws_wallet

  • Windows: $ORACLE_HOME\database\osbws_wallet

System Time The authentication method used by S3 relies on the client's system time being similar to S3's time. In this case, the client is the computer where you are running the OSB Web Services library. S3 time is Coordinated Universal Time (UTC), so you must ensure that the system time on your client is within a few minutes of UTC.

Registering for An Oracle Technology Network (OTN) Account

You need an OTN account in order to download and run the S3 Backup installer for the OSB Cloud Module. If you do not have an OTN account, you may register for one at: http://otn.oracle.com. You can download the installer from the OTN Cloud Computing Center home page.

Signing Up For Amazon S3 - AWS Account

Before you can use the OSB Cloud Backup Module and access Amazon S3, you must create an AWS account.

You can open one at: http://aws.amazon.com, via the link: "Create an AWS Account".

The account requires that you provide a means of payment for Amazon to charge for your AWS S3 usage.

Getting Your AWS Identifiers

You will need the two AWS Identifiers that are assigned when you create your AWS account:

  • Access Key ID

  • Secret Access Key

You obtain these two credentials by:

  • Going to the AWS web site at: http://aws.amazon.com

  • Pointing to "Your Web Services Account" to display a list of options

  • Clicking on "AWS Access Identifiers" link and logging in to your AWS account.

Note: It is a good idea to secure these credentials since they authorize charges for all Amazon Web Services and enable access to RMAN backups stored on Amazon S3.

Installing the OSB Cloud Module Library

If this is the first time you are running the S3 Backup installer, Oracle recommends that you run it initially without any parameters in order to get a listing and explanation of the mandatory and optional parameters. Analyzing and reviewing this information prior to executing the S3 Backup installer helps to ensure a successful installation.

To run the S3 Backup installer without parameters, type:

% java -jar osbws_install.jar 

The explanation for the various parameters in the out put of the first run follows:

-AWSID:       AWS Access Key ID
   -AWSKey:      AWS Secret Access Key

The credentials for Amazon Web Services. Mandatory.

-otnUser:     OTN Username
   -otnPass:     OTN Password

The credentials for OTN, which the installer uses to identify the customer. Mandatory.

-walletDir:   Directory to store wallet

The location for the Oracle Wallet used to store S3 credentials and proxy information (if specified, see below). Mandatory.

Note: The Oracle wallet directory must exist prior to running the S3 Backup installer. Consult Hardware and Software Prerequisites for more information.

-configFile:   File name of config file

The location where the configuration file will reside. If omitted, the installer will create the configuration file and place it in a default system-dependent location. Optional.

Default Linux location: $ORACLE_HOME/dbs/osbsws<ORACLE_SID>.ora

Default Windows location: $ORACLE_HOME\database\osbsws<ORACLE_SID>.ora

-libDir:      Directory to store library

The location where the library will be placed. If this parameter is omitted, the installer does not download the library. Optional.

Suggested Linux location: $ORACLE_HOME/lib/

Suggested Windows location: $$ORACLE_HOME\bin\

-libPlatform:   The desired platform for the library

The install tool will determine the platform automatically by examining the system where it is running. This parameter allows specifying it explicitly. Optional.

In this version the supported values for the parameter are: linux32, linux64, windows32.

-proxyHost:   HTTP proxy server
   -proxyPort:   HTTP proxy server port
   -proxyID:     HTTP proxy server username
   -proxyPass:   HTTP proxy server password

The name and port of the HTTP proxy server, if required. If the proxy server is specified, the username and password, if required. Optional.

Steps 1 through 4 help you identify all the mandatory parameters and needed set up information for the installer. Make sure to check and collect the relevant information for any optional parameters that you want to include. For example, you may need to know the proxy server name, port and credentials of your installation.

At this point, you are ready to execute the installer.

Running the S3 Backup Installer

Oracle recommends running the Java installer in a secure mode. This means that you should avoid running it directly from the command line. A preferred method is to embed the run command, parameters and values in a file that can be executed as either a shell script or a Windows batch file.

Follow these steps:

  • Create a file

  • Set file permissions to grant owner of the file exclusive access

    Note:

    Setting the file permissions to restrict access is critical since the file contains both AWS and OTN credentials.
  • Edit the file to contain a single line with the installer's run command and the mandatory parameters. You can compose a one-line invocation by populating the parameters with the information you obtained in the previous section.

  • Execute the file as a shell script or Windows batch file

Note: To make the following example easier to read, /orclhome is set to /orclhome. In your installation, the value of $ORACLE_HOME will be something like: /usr/oracle/product/9.2.0 (Linux).

Example C-1 Running the S3 Backup Installer

The following shows a sample run of the S3 Backup installer under Linux.

The first thing to do is to verify that the correct version of Java is present on the computer and that $ORACLE_HOME is defined.

Enter the following commands and review the output:

% java -version
java version "1.5.0_11"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_11-b03)
Java HotSpot(TM) Client VM (build 1.5.0_11-b03, mixed mode)
% echo $ORACLE_HOME
/orclhome

Create a file that contains the installer's invocation line and make sure that the file permissions restrict access except to the file owner.

% touch osbws.sh
% chmod 700 osbws.sh

Edit the file and add a line to invoke the installer.

java -jar osbws_install.jar -AWSID access key ID -AWSKey secret key -otnUser jane.doe@smallcompany.com  -otnPass password for OTN -walletDir $ORACLE_HOME/dbs/osbws_wallet  -libDir $ORACLE_HOME/lib/ -proxyHost www-proxy.smallcompany.com

Execute the file.

% ./osbws.sh

Here is the start of the S3 Backup installer output:

OTN userid is valid.
AWS credentials are valid.
Creating new registration for this S3 user.
Created new log bucket.
Registration ID: 0f0a8aac-dad0-6254-7d70-be4ac4f112c4
S3 Logging Bucket: oracle-log-jane-doe-1
Create credential oracle.security.client.connect_string1
OSB web-services wallet created in directory /orclhome/dbs/osbws_wallet.OSB web-services initialization file /orclhome/dbs/osbwst1.ora created.
Downloading OSB Web Services Software Library.
Downloaded 13165919 bytes in 204 seconds. Transfer rate was 64538 bytes/second.
Download complete.
Extracted file /orclhome/lib/libosbws11.so

When the installer completes, you should have these three files on your system:

  1. The OSB Web Services Library

  2. The Configuration file

  3. The OSB Web Services Wallet

Note: The installer requires both the OTN and AWS credentials to create the wallet and perform other installation operations. Only your AWS credentials are retained when the installer has finished and they are stored in the Oracle Wallet. The AWS credentials are used solely to authenticate the library's interactions with S3 and are not used or sent anywhere else.

Storing Configuration in RMAN Repository - optional

To avoid having to provide the configuration information each time a backup is invoked, it is a good idea to store the OSB Cloud Module configuration information in the RMAN repository.

This example is for a pre-11g Release 2 database:

RMAN> configure channel device type sbt parms  
"SBT_LIBRARY=/orclhome/lib/libosbwsll.so
ENV=(OSB_WS_PFILE=/orclhome/dbs/osbwst1.ora)';
using target database control file instead of recovery catalog
new RMAN configuration parameters:
"SBT_LIBRARY=/orclhome/lib/libosbwsll.so 
ENV=(OSB_WS_PFILE=/orclhome/dbs/osbwst1.ora)';
new RMAN configuration parameters are successfully stored

When this example completes, the system is configured for OSB Cloud Module backups and you can use your usual RMAN backup and restore commands.

Note: For 11g Release 2 databases and later, you must use the SBT_PARMS parameter to specify environment variables.

Using the OSB Web Services Library and First Backup

You are now ready to connect to your target database and configure an RMAN channel. You need to specify both the library and the configuration file in the command.

This example configures an RMAN channel for an Oracle 11g Release 2 database:

RMAN> run {
            allocate channel dev1 type
            sbt parms='SBT_LIBRARY=/orclhome/lib/libosbws11.so,
            SBT_PARMS=(OSB_WS_PFILE=/orclhome/dbs/osbwst1.ora)';
          }

At this point, you can issue your usual RMAN backup and restore commands.

Note: For Oracle 11g Release 2 databases and later, you must use the SBT_PARMS parameter for specifying environment variables. For pre-Oracle 11g Release 2 databases, you can still use the ENV parameter of the PARMS option to specify environment variables.

See Also:

Database Backup in the Cloud technical white paper and the Backup Up Database Demonstration on the OTN: Cloud Computing Center website

Securing OSB Cloud Module Backups

To ensure that your data is properly secured, Oracle recommends that you make RMAN backup encryption a standard part of your backup processes. This recommendation is even more important to implement when you are storing critical backup data off-premises. Encrypting RMAN backups on Amazon S3 can also assist you in meeting key audit and regulatory compliance requirements for your organization's data.

See Also:

Encryption of Backup Sets for a discussion of RMAN encryption options.

Troubleshooting the OSB Cloud Module

This section lists potential issues that may affect the installation or the operation of the OSB Cloud Module:

Symptoms Error Messages Resolution
The S3 Backup installation cannot create the license file on Amazon S3. Time-out waiting for license file to be created. The first time you run the S3 Backup installer for a set of AWS identifiers, the installer creates a license file on Amazon S3. If there are problems preventing its creation the Time-out error message is displayed in the installation output.

Please contact Oracle support in order to resolve the issue.