| 标题 | oracle中rman备份集加密的方法 |
| 范文 | 下面我们来看看一个oracle中rman备份集加密的方法,希望这个例子能帮助到各位朋友了. 数据的安全越来越重要,不是说你的生产库安全,你的数据就一定安全了,rman备份也是泄露数据的一个重要地方,如果别人拿到了你的备份集,一样等同入侵了你的生产库。为了rman备份的安全,最简单方式就是使用set encryption方式在rman备份过程中设置密码,需要版本为10.2及其以后企业版版,另外如果需要备份到带库只能使用oracle自己的osb(Oracle Secure Backup),注意rman只有backupset可以加密,copy无法进行加密 数据库版本 SQL> select * from v$version; BANNER -------------------------------------------------------------------------------- Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production PL/SQL Release 11.2.0.4.0 - Production CORE 11.2.0.4.0 Production TNS for Linux: Version 11.2.0.4.0 - Production NLSRTL Version 11.2.0.4.0 - Production SQL> show parameter compatible NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ compatible string 11.2.0.4.0 支持rman加密算法 SQL> select ALGORITHM_NAME 2 from V$RMAN_ENCRYPTION_ALGORITHMS; ALGORITHM_NAME ---------------------------------------------------------------- AES128 AES192 AES256 调整加密算法 RMAN> show ENCRYPTION ALGORITHM; RMAN configuration parameters for database with db_unique_name ORCL are: CONFIGURE ENCRYPTION ALGORITHM 'AES128'; # default RMAN> CONFIGURE ENCRYPTION ALGORITHM 'AES256'; new RMAN configuration parameters: CONFIGURE ENCRYPTION ALGORITHM 'AES256'; new RMAN configuration parameters are successfully stored RMAN> show ENCRYPTION ALGORITHM; using target database control file instead of recovery catalog RMAN configuration parameters for database with db_unique_name ORCL are: CONFIGURE ENCRYPTION ALGORITHM 'AES256'; 创建新测试数据文件 我们这里测试的是对新创建的5号文件进行加密备份和还原 SQL> select name from v$datafile; NAME -------------------------------------------------------------------------------- /u01/app/oracle/oradata/orcl/system01.dbf /u01/app/oracle/oradata/orcl/sysaux01.dbf /u01/app/oracle/oradata/orcl/undotbs01.dbf /u01/app/oracle/oradata/orcl/users01.dbf SQL> create tablespace rman_xifenfei datafile 2 '/u01/app/oracle/oradata/orcl/xifenfei01.dbf' size 100M; Tablespace created. SQL> select file#,name from v$datafile; FILE# NAME ---------- -------------------------------------------------- 1 /u01/app/oracle/oradata/orcl/system01.dbf 2 /u01/app/oracle/oradata/orcl/sysaux01.dbf 3 /u01/app/oracle/oradata/orcl/undotbs01.dbf 4 /u01/app/oracle/oradata/orcl/users01.dbf 5 /u01/app/oracle/oradata/orcl/xifenfei01.dbf SQL> create table chf.t_xifenfei tablespace rman_xifenfei 2 as select * from dba_objects; Table created. SQL> select count(*) from chf.t_xifenfei; COUNT(*) ---------- 86721 rman加密备份 RMAN> set encryption on identified by 'www.111cn.net' only; executing command: SET encryption RMAN> backup datafile 5; Starting backup at 28-JAN-15 allocated channel: ORA_DISK_1 channel ORA_DISK_1: SID=5 device type=DISK channel ORA_DISK_1: starting full datafile backup set channel ORA_DISK_1: specifying datafile(s) in backup set input datafile file number=00005 name=/u01/app/oracle/oradata/orcl/xifenfei01.dbf channel ORA_DISK_1: starting piece 1 at 28-JAN-15 channel ORA_DISK_1: finished piece 1 at 28-JAN-15 piece handle=/u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp tag=TAG20150128T230115 comment=NONE channel ORA_DISK_1: backup set complete, elapsed time: 00:00:01 Finished backup at 28-JAN-15 准备恢复测试 RMAN> sql 'alter database datafile 5 offline'; sql statement: alter database datafile 5 offline [oracle@localhost ~]$ rm /u01/app/oracle/oradata/orcl/xifenfei01.dbf [oracle@localhost ~]$ ls /u01/app/oracle/oradata/orcl/xifenfei01.dbf ls: /u01/app/oracle/oradata/orcl/xifenfei01.dbf: No such file or directory rman恢复测试 [oracle@localhost ~]$ rman target / Recovery Manager: Release 11.2.0.4.0 - Production on Wed Jan 28 23:02:24 2015 Copyright (c) 1982, 2011, Oracle and/or its affiliates. All rights reserved. connected to target database: ORCL (DBID=1378620768) RMAN> list backup of datafile 5; using target database control file instead of recovery catalog List of Backup Sets =================== BS Key Type LV Size Device Type Elapsed Time Completion Time ------- ---- -- ---------- ----------- ------------ --------------- 1 Full 10.94M DISK 00:00:01 28-JAN-15 BP Key: 1 Status: AVAILABLE Compressed: NO Tag: TAG20150128T230115 Piece Name: /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp List of Datafiles in backup set 1 File LV Type Ckp SCN Ckp Time Name ---- -- ---- ---------- --------- ---- 5 Full 54057180 28-JAN-15 /u01/app/oracle/oradata/orcl/xifenfei01.dbf --未输入密码 RMAN> restore datafile 5; Starting restore at 28-JAN-15 allocated channel: ORA_DISK_1 channel ORA_DISK_1: SID=492 device type=DISK channel ORA_DISK_1: starting datafile backup set restore channel ORA_DISK_1: specifying datafile(s) to restore from backup set channel ORA_DISK_1: restoring datafile 00005 to /u01/app/oracle/oradata/orcl/xifenfei01.dbf channel ORA_DISK_1: reading from backup piece /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp RMAN-00571: =========================================================== RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS =============== RMAN-00571: =========================================================== RMAN-03002: failure of restore command at 01/28/2015 23:02:52 ORA-19870: error while restoring backup piece /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp ORA-19913: unable to decrypt backup ORA-28365: wallet is not open --设置错误密码 RMAN> SET DECRYPTION IDENTIFIED BY 'www.orasos.com'; executing command: SET decryption RMAN> restore datafile 5; Starting restore at 28-JAN-15 using channel ORA_DISK_1 channel ORA_DISK_1: starting datafile backup set restore channel ORA_DISK_1: specifying datafile(s) to restore from backup set channel ORA_DISK_1: restoring datafile 00005 to /u01/app/oracle/oradata/orcl/xifenfei01.dbf channel ORA_DISK_1: reading from backup piece /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp RMAN-00571: =========================================================== RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS =============== RMAN-00571: =========================================================== RMAN-03002: failure of restore command at 01/28/2015 23:03:31 ORA-19870: error while restoring backup piece /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp ORA-19913: unable to decrypt backup ORA-28365: wallet is not open --设置正确密码 RMAN> SET DECRYPTION IDENTIFIED BY 'www.111cn.net'; executing command: SET decryption RMAN> restore datafile 5; Starting restore at 28-JAN-15 using channel ORA_DISK_1 channel ORA_DISK_1: starting datafile backup set restore channel ORA_DISK_1: specifying datafile(s) to restore from backup set channel ORA_DISK_1: restoring datafile 00005 to /u01/app/oracle/oradata/orcl/xifenfei01.dbf channel ORA_DISK_1: reading from backup piece /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp channel ORA_DISK_1: piece handle=/u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp tag=TAG20150128T230115 channel ORA_DISK_1: restored backup piece 1 channel ORA_DISK_1: restore complete, elapsed time: 00:00:01 Finished restore at 28-JAN-15 验证数据还原 RMAN> recover datafile 5; Starting recover at 28-JAN-15 using target database control file instead of recovery catalog allocated channel: ORA_DISK_1 channel ORA_DISK_1: SID=7 device type=DISK starting media recovery media recovery complete, elapsed time: 00:00:00 Finished recover at 28-JAN-15 RMAN> sql 'alter database datafile 5 online'; sql statement: alter database datafile 5 online RMAN> exit Recovery Manager complete. [oracle@localhost ~]$ sqlplus / as sysdba SQL*Plus: Release 11.2.0.4.0 Production on Wed Jan 28 23:05:55 2015 Copyright (c) 1982, 2013, Oracle. All rights reserved. Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production With the Partitioning, OLAP, Data Mining and Real Application Testing options SQL> select count(*) from chf.t_xifenfei; COUNT(*) ---------- 86721 至此我们可以看到,最简单的rman加密备份和加密恢复测试完成,在使用set encryption加密后,如果不输入或者错误的输入密码无法使用备份集,从而确保了备份集的安全. |
| 随便看 |
|
在线学习网范文大全提供好词好句、学习总结、工作总结、演讲稿等写作素材及范文模板,是学习及工作的有利工具。