本文详细介绍了如何在Oracle数据库环境中使用RMAN进行数据备份加密,并通过设置密码确保备份安全。包括创建测试数据文件、调整加密算法、加密备份、备份验证、恢复测试以及设置正确的密码以实现安全恢复。
数据的安全越来越重要,不是说你的生产库安全,你的数据就一定安全了,rman备份也是泄露数据的一个重要地方,如果别人拿到了你的备份集,一样等同入侵了你的生产库。为了rman备份的安全,最简单方式就是使用set encryption方式在rman备份过程中设置密码,需要版本为10.2及其以后企业版版,另外如果需要备份到带库只能使用oracle自己的osb(Oracle Secure Backup),注意rman只有backupset可以加密,copy无法进行加密
数据库版本
SQL>
select
* from
v$version;BANNER--------------------------------------------------------------------------------Oracle
Database
11g Enterprise Edition Release 11.2.0.4.0 - 64bit ProductionPL/SQL
Release 11.2.0.4.0 - ProductionCORE
11.2.0.4.0 ProductionTNS
for
Linux: Version 11.2.0.4.0 - ProductionNLSRTL
Version 11.2.0.4.0 - ProductionSQL>
show parameter compatibleNAME
TYPE VALUE------------------------------------
----------- ------------------------------compatible
string 11.2.0.4.0 |
支持rman加密算法
SQL>
select
ALGORITHM_NAME 2
from
V$RMAN_ENCRYPTION_ALGORITHMS;ALGORITHM_NAME----------------------------------------------------------------AES128AES192AES256 |
调整加密算法
RMAN>
show ENCRYPTION ALGORITHM;RMAN
configuration parameters for
database
with
db_unique_name ORCL are:CONFIGURE
ENCRYPTION ALGORITHM 'AES128';
# defaultRMAN>
CONFIGURE ENCRYPTION ALGORITHM 'AES256';new
RMAN configuration parameters:CONFIGURE
ENCRYPTION ALGORITHM 'AES256';new
RMAN configuration parameters are successfully storedRMAN>
show ENCRYPTION ALGORITHM;using
target database
control file instead
of
recovery catalogRMAN
configuration parameters for
database
with
db_unique_name ORCL are:CONFIGURE
ENCRYPTION ALGORITHM 'AES256'; |
创建新测试数据文件
我们这里测试的是对新创建的5号文件进行加密备份和还原
SQL>
select
name
from
v$datafile;NAME--------------------------------------------------------------------------------/u01/app/oracle/oradata/orcl/system01.dbf/u01/app/oracle/oradata/orcl/sysaux01.dbf/u01/app/oracle/oradata/orcl/undotbs01.dbf/u01/app/oracle/oradata/orcl/users01.dbfSQL>
create
tablespace rman_xifenfei datafile 2
'/u01/app/oracle/oradata/orcl/xifenfei01.dbf'
size
100M;Tablespace
created.SQL>
select
file#,name
from
v$datafile; FILE#
NAME----------
-------------------------------------------------- 1
/u01/app/oracle/oradata/orcl/system01.dbf 2
/u01/app/oracle/oradata/orcl/sysaux01.dbf 3
/u01/app/oracle/oradata/orcl/undotbs01.dbf 4
/u01/app/oracle/oradata/orcl/users01.dbf 5
/u01/app/oracle/oradata/orcl/xifenfei01.dbfSQL>
create
table
chf.t_xifenfei tablespace rman_xifenfei 2
as
select
* from
dba_objects;Table
created.SQL>
select
count(*)
from
chf.t_xifenfei; COUNT(*)---------- 86721 |
rman加密备份
RMAN>
set
encryption on identified by 'www.xifenfei.com'
only;executing
command:
SET encryptionRMAN>
backup datafile 5;Starting
backup at 28-JAN-15allocated
channel: ORA_DISK_1channel
ORA_DISK_1: SID=5 device type=DISKchannel
ORA_DISK_1: starting full datafile backup setchannel
ORA_DISK_1: specifying datafile(s) in
backup setinput
datafile file
number=00005 name=/u01/app/oracle/oradata/orcl/xifenfei01.dbfchannel
ORA_DISK_1: starting piece 1 at 28-JAN-15channel
ORA_DISK_1: finished piece 1 at 28-JAN-15piece
handle=/u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp
tag=TAG20150128T230115 comment=NONEchannel
ORA_DISK_1: backup set
complete, elapsed time:
00:00:01Finished
backup at 28-JAN-15 |
准备恢复测试
RMAN>
sql 'alter
database datafile 5 offline';sql
statement: alter database datafile 5 offline[oracle@localhost
~]$ rm
/u01/app/oracle/oradata/orcl/xifenfei01.dbf[oracle@localhost
~]$ ls
/u01/app/oracle/oradata/orcl/xifenfei01.dbfls:
/u01/app/oracle/oradata/orcl/xifenfei01.dbf:
No such file
or directory |
rman恢复测试
[oracle@localhost
~]$ rman target /Recovery
Manager: Release 11.2.0.4.0 - Production on Wed Jan 28 23:02:24 2015Copyright
(c) 1982, 2011, Oracle and/or
its affiliates. All rights reserved.connected
to target database: ORCL (DBID=1378620768)RMAN>
list backup of datafile 5;using
target database control file
instead of recovery catalogList
of Backup Sets===================BS
Key Type LV Size Device Type Elapsed Time Completion Time-------
---- -- ---------- ----------- ------------ ---------------1
Full 10.94M DISK 00:00:01 28-JAN-15 BP
Key: 1 Status: AVAILABLE Compressed: NO Tag: TAG20150128T230115 Piece
Name: /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp List
of Datafiles in
backup set
1 File
LV Type Ckp SCN Ckp Time Name ----
-- ---- ---------- --------- ---- 5
Full 54057180 28-JAN-15 /u01/app/oracle/oradata/orcl/xifenfei01.dbf--未输入密码RMAN>
restore datafile 5;Starting
restore at 28-JAN-15allocated
channel: ORA_DISK_1channel
ORA_DISK_1: SID=492 device type=DISKchannel
ORA_DISK_1: starting datafile backup set
restorechannel
ORA_DISK_1: specifying datafile(s) to restore from backup setchannel
ORA_DISK_1: restoring datafile 00005 to /u01/app/oracle/oradata/orcl/xifenfei01.dbfchannel
ORA_DISK_1: reading from backup piece /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkpRMAN-00571:
===========================================================RMAN-00569:
=============== ERROR MESSAGE STACK FOLLOWS ===============RMAN-00571:
===========================================================RMAN-03002:
failure of restore command
at 01/28/2015
23:02:52ORA-19870:
error while
restoring backup piece /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkpORA-19913:
unable to decrypt backupORA-28365:
wallet is not open--设置错误密码RMAN>
SET DECRYPTION IDENTIFIED BY 'www.orasos.com';executing
command:
SET decryptionRMAN>
restore datafile 5;Starting
restore at 28-JAN-15using
channel ORA_DISK_1channel
ORA_DISK_1: starting datafile backup set
restorechannel
ORA_DISK_1: specifying datafile(s) to restore from backup setchannel
ORA_DISK_1: restoring datafile 00005 to /u01/app/oracle/oradata/orcl/xifenfei01.dbfchannel
ORA_DISK_1: reading from backup piece /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkpRMAN-00571:
===========================================================RMAN-00569:
=============== ERROR MESSAGE STACK FOLLOWS ===============RMAN-00571:
===========================================================RMAN-03002:
failure of restore command
at 01/28/2015
23:03:31ORA-19870:
error while
restoring backup piece /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkpORA-19913:
unable to decrypt backupORA-28365:
wallet is not open--设置正确密码RMAN>
SET DECRYPTION IDENTIFIED BY 'www.xifenfei.com';executing
command:
SET decryptionRMAN>
restore datafile 5;Starting
restore at 28-JAN-15using
channel ORA_DISK_1channel
ORA_DISK_1: starting datafile backup set
restorechannel
ORA_DISK_1: specifying datafile(s) to restore from backup setchannel
ORA_DISK_1: restoring datafile 00005 to /u01/app/oracle/oradata/orcl/xifenfei01.dbfchannel
ORA_DISK_1: reading from backup piece /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkpchannel
ORA_DISK_1: piece handle=/u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp
tag=TAG20150128T230115channel
ORA_DISK_1: restored backup piece 1channel
ORA_DISK_1: restore complete, elapsed time:
00:00:01Finished
restore at 28-JAN-15 |
验证数据还原
RMAN>
recover datafile 5;Starting
recover at 28-JAN-15using
target database control file
instead of recovery catalogallocated
channel: ORA_DISK_1channel
ORA_DISK_1: SID=7 device type=DISKstarting
media recoverymedia
recovery complete, elapsed time:
00:00:00Finished
recover at 28-JAN-15RMAN>
sql 'alter
database datafile 5 online';sql
statement: alter database datafile 5 onlineRMAN>
exitRecovery
Manager complete.[oracle@localhost
~]$ sqlplus / as sysdbaSQL*Plus:
Release 11.2.0.4.0 Production on Wed Jan 28 23:05:55 2015Copyright
(c) 1982, 2013, Oracle. All rights reserved.Connected
to:Oracle
Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit ProductionWith
the Partitioning, OLAP, Data Mining and Real Application Testing optionsSQL>
select
count(*) from chf.t_xifenfei; COUNT(*)---------- 86721 |
至此我们可以看到,最简单的rman加密备份和加密恢复测试完成,在使用set encryption加密后,如果不输入或者错误的输入密码无法使用备份集,从而确保了备份集的安全.
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
