Latest Posts

Connect your Enterprise Manager 13cR2 with the Oracle Database Backup Service

In EM13cR1, it was the first time when the Oracle Database Backup Service was integrated . In Release 2 the configuration menu was extended, a storage container can be defined now e.g. for a better organization and overview of the backups. This blog post shows you how to configure the Oracle Database Backup Service in Enterprise Manager 13cR2 and how to prepare a database for a cloud backup. All you need is the Oracle Database Backup Service, a trial works too.

Configure Service Settingsbackup_service_step_00

 

 

 

 

 

Enter your domain and login information. Optional: Set a backup container. A backup container is an organiziation unit like a subdirectory on a server.

backup_service_step_01

Configure the Database

Select the database which you want to backup to the Oracle cloud from the database target page. Configure Oracle Cloud Backup Service.

backup_service_step_02

The first time when you run the configuration, you need to enter your host credentials for the host where the database is running which you want to configure. Use the username which has installed the database software, or you can use a named credential. Be sure that the server where the backup has to be configured has access to the internet.

After submit, a deployment procedure configures the Oracle Database Backup Service on the server. The Oracle Database Backup Service module will be installed on server.

backup_service_step_03

backup_service_step_04

The deployment procedure copies the tape library for the Oracle Database Backup Service into the $ORACLE_HOME/lib and creates a wallet in $ORACLE_HOME/dbs/opc with the cloud certficates. Bot components are required to use the service.

The EM13c view after the successful deployment. To verify the configuration, press the Test Oracle Cloud Backup Button.

backup_service_step_05

All backups into the Oracle Cloud have to be encrypted, the test run too.

backup_service_step_06

Backup test succeeded.

backup_service_step_07

Execute  RMAN Backup

Now you are able to backup an Oracle database with RMAN into the Oracle Cloud. Schedule a backup.

backup_service_step_08

Schedule a customized backup

backup_service_step_09

On the backup settings page, scroll down to set the encryption mode. You can choose between the wallet and the password method. For more information how to configure a wallet for a backup, take a look at my blog post here: Encrypt RMAN Backups for the Oracle Cloud with a Keystore.

As reminder, database backups with target Oracle Cloud have to be encrypted locally. Otherwise the backup job fails. Activate the checkbox for the password method and set/confirm the password. Next.

backup_service_step_10

Select the Oracle Cloud as destination. Below you can see the used RMAN parameter. Oracle uses the file libopc.so like a tape driver. Next.

backup_service_step_11

Schedule the execution. Next.

backup_service_step_12

Now you can submit the job or use the syntax in the RMAN script box.

backup_service_step_13

The Backup Management Page shows the Oracle Cloud as Media

backup_service_step_14

Summary

The Oracle Database Backup Service is fully integrated in the Oracle Enterprise Manager 13c and it works fine. The EM deploys you  the Oracle backup module on the target servers, once deployed, the configuration can be used for every other database which runs on the same target host as configured.

For more information about the Oracle Database Backup Service, take a look in the documentation here: https://docs.oracle.com/cloud/latest/dbbackup_gs/

Enterprise Manager 13c – Let’s use the Hybrid Agent for Amazon EC2 and Azure Instances

I like the concept behind the Oracle Enterprise Manager Hybrid Cloud Architecture to connect my on-premise OMS with targets in the Oracle cloud. The Agent communicates via SSH tunnel to target servers, no other ports than SSH 22 are open against the world wide web. An I was interested to find out, if the installation of such an agent works for other cloud providers than Oracle too.

Create a Oracle Linux Instance in Amazon AWS

I have created a small Oracle Linux instance in Amazon AWS and inserted the public IP into the /etc/hosts file of the Oracle Management Server. Why I have used an Oracle Linux? According the documentation, at the moment only Oracle Linux x86-64 is supported to use this hybrid feature.

On the Amazon instance I installed the 12c prerequisite package (yum install oracle-rdbms-server-12cR1-preinstall)  to be sure that libraries etc. are available and the user oracle is created. And finally I added the public key in the authorized_keys file of the user oracle so that connects via SSH without a password are possible.

hybrid_01

Hint: Test your passwordless SSH connection with a tool like Putty or MobaXterm.

Login Credential

For the login via SSH tunnel, in Enterprise Manager 13c a named credential has to be created with the SSH keys which were used by the Amazon instance. This credential us used later in the agent deployment process. For further information how to create such a credential, please take a look into the Hybrid Coud documentation https://docs.oracle.com/cd/E24628_01/doc.121/e24473/hybrid-cloud.htm#BABJACHI.

hybrid_02

 

 

 

 

 

 

 

 

 

 

Hybrid Agent Deployment – First Run

After setting the DNS information and SSH configuration, it’s time to start a Hybrid Agent deployment. EM13c – Setup – Add Target – Install Agent on Host. The most important thing is that the checkbox for the Hybrid Cloud Agent is enabled at the bottom of the browser window.

hybrid_03

 

 

 

 

 

 

 

 

 

Host Name does not map to an Oracle Public Cloud Virtual Host – Investigation

The deployment has started. But in the prerequisites phase the remote validation fails with this message: The provided host name does not map to an Oracle Public Cloud virtual host. You can deploy Hybrid Cloud Agents only on Oracle Public Cloud virtual hosts.

hybrid_04

 

 

It looks like the prerequisites check is verifying the hostname. In the deployment logfile from the Oracle Management Server, I found these lines:

Oracle is doing a simple hostname -d command to verify if the host is running in the Oracle Cloud. I have verified the hostname -d command on Oracle Cloud instance, and the output there is different:

But my Amazon instance has this output here:

Lets fake the Amazon instance hostname and try the deployment again. I added this line into the Amazon instance /etc/hosts with the new domainname.

Now the hostname -d command shows me the new name according the Oracle cloud instances.

Hybrid Agent Deployment – Second Run

EM13c – Retry, using same inputs. And the error is gone, the agent is installed successfully. After running the scripts

  • /u00/app/oracle/product/agent13c/agent_13.1.0.0.0/root.sh
  • /home/oracle/oraInventory/orainstRoot.sh

as user root, the Amazon instance is added as new host.

hybrid_05

Summary

With a simple change for the hostname -d command, you can install the Oracle Hybrid Agent on targets outside the Oracle cloud. BTW, this works for local instances too. All other ports than SSH 22 are closed. And that’s an important thing when you work with cloud products.

Encrypt RMAN Backups for the Oracle Cloud with a Keystore

The Oracle RMAN backup encryption is necessary if you want to backup your database into the Oracle cloud. In Oracle 12c, you have three methods available to encrypt an Oracle RMAN backup:

  • with a passphrase
  • with a master encryption key
  • hybrid with a passphrase and an encryption key

In this blog post, I show you how to configure your database environment with a master encryption key and a keystore. I use this solution to to backup and recovery to and into the Oracle cloud. And in the cloud, I don’t like to type in passwords manually for every action or write passwords in backup and restore scripts.

Configure SQLNET.ora in $TNS_ADMIN to use a Keystore

Create Keystore as SYSDBA

Open Keystore

The status is set to OPEN_NO_MASTER_KEY.

Set Master Key

Now the master key has to defined. When you have already defined a wallet earlier and deleted the keys,  you have to set the undocumented parameter to set the master key again. Otherwise you get an ORA-28374: typed master key not found in wallet error. See Master Note For Transparent Data Encryption ( TDE ) (Doc ID 1228046.1) for further information.

Now the status is set to OPEN.

Activate Auto Login

Restart Database

Verify if the keystore is available and WALLET_TYPE is AUTOLOGIN.

Configure RMAN for Encryption

RMAN Backup Test

A simple RMAN controlfile backup into the Oracle cloud.

Error message if you want to backup into the Oracle cloud and the encryption is not configured correctly:

Backup Verification in V$BACKUP_PIECE – Column ENCRYPTED

Links

http://www.oracle.com/technetwork/database/security/twp-transparent-data-encryption-bes-130696.pdf

http://www.oracle.com/technetwork/database/security/index-095354.html