How to allow read-only access to Oracle RMAN backups

Ops Center Protector Oracle Application Guide
Version
7.8.x
Audience
anonymous
Part Number
MK-99PRT003-10
It is assumed that the following tasks have been performed
  • The Protector Master software has been installed and licenses on a dedicated node.
  • The Protector Client software has been installed on all servers of the Oracle setup and the clients have been authorized on the Master.

This workflow describes the steps to follow when setting up Protectors RMAN SBT integration from scratch, so a database administrator can use Oracle RMAN to backup a database to an Ops Center Protector managed UBI datastore and allowing other nodes to only restore the data. A typical use case is a production system which has full access to create and restore backups, while a test system can only read and may not change the data.

As the goal is to achieve different levels of access for different Oracle Database nodes, you need to create separate policies. One for each level of access.

Note: In case multiple nodes or node groups require the same level of access to the same databases, the same policy can be used.

This example workflow uses a Gen2 Repository, however the workflow is identical for other datastore nodes like Amazon S3 or Hitachi Content Platform (HCP).

Figure. Oracle RMAN backup
Table. Oracle RMAN full access policy
Classification Type Parameter Value
Oracle RMAN Allow Databases Refer to Oracle RMAN Database Selection Wizard for details on how to allow databases access
Deny Databases Refer to Oracle RMAN Database Selection Wizard for details on how to deny databases access
Operation Type Parameter Value Assigned Nodes
Access Access Level Read / Write Repository, Amazon S3, Hitachi Content Platform(HCP)
Table. Oracle RMAN read only policy
Classification Type Parameter Value
Oracle RMAN Allow Databases Refer to Oracle RMAN Database Selection Wizard for details on how to allow databases access
Deny Databases Refer to Oracle RMAN Database Selection Wizard for details on how to deny databases access
Operation Type Parameter Value Assigned Nodes
Access Access Level Read / Write Repository, Amazon S3, Hitachi Content Platform(HCP)
  1. Locate the source and target OS Host nodes in the Nodes Inventory and check that they are authorized and online. These nodes represent the Protector Clients installed on the Oracle server.
  2. Create a new Oracle Database node using the Oracle Application Node Wizard and check that the node it is authorized and online. The Oracle Database node type is grouped under Application in the Node Type Wizard. This node will be used in the dataflow to represent the Oracle Database setup to be protected.
  3. Repate the step above and ensure there is an application Oracle Database Application Node representing the Oracle setup which we will only allow restores to.
  4. Create a new destination node, for example a Repository, using the Repository Storage Node Wizard (see Hitachi Ops Center User's Guide) and check that it is authorized and online.
    The destination nodes, like the Repository node are grouped under Storage in the Node Type Wizard (see Hitachi Ops Center User's Guide). You can direct data from multiple nodes to a single repository so there is no need to create a new repository if a suitable one already exists.
    If a new Repository node is being created please the default Generation 2 type.

  5. If a new Repository node is being created please the default Generation 2 type. Define the two policies as shown in the table above using the Policy Wizard (see Hitachi Ops Center User's Guide), Oracle RMAN Classification Wizard and the Access Operation Wizard (see Hitachi Ops Center User's Guide).
  6. Draw a data flow as shown in the figure above, that shows the Oracle Database source node and the Oracle Database restore only node connected to the Repository destination node via a Batch mover, using the Data Flow Wizard.
  7. Assign the Oracle-RMAN-full-access policy to the Oracle Database source node and to the repository node on the data flow.
  8. Assign the Oracle-RMAN-readonly policy to the Oracle Database source node and to the repository node on the data flow.
  9. Compile and activate the data flow, checking carefully that there are no errors.
  10. Connect to the source Oracle Server command line (e.g. via SSH) and use the schedulershow command line utility to retrieve the RMAN channel definition for use on this server
  11. In RMAN, on the source Oracle server, create a channel using the definition provided by schedulershow and use it to backup Oracle data. Please refer to the documentation provided by Oracle on how to backup and restore using an SBT channel.
  12. Connect to the target Oracle server command line (e.g. via SSH) and use the schedulershow command line utility to retrieve the RMAN channel definition for use on this server
  13. In RMAN, on the target Oracle server, create a channel using the definition provided by schedulershow and use it to re Oracle data. Please refer to the documentation provided by Oracle on how to backup and restore using an SBT channel.