程序師世界是廣大編程愛好者互助、分享、學習的平台,程序師世界有你更精彩!
首頁
編程語言
C語言|JAVA編程
Python編程
網頁編程
ASP編程|PHP編程
JSP編程
數據庫知識
MYSQL數據庫|SqlServer數據庫
Oracle數據庫|DB2數據庫
 程式師世界 >> 數據庫知識 >> Oracle數據庫 >> 關於Oracle數據庫 >> oracle中rman備份集加密的方法

oracle中rman備份集加密的方法

編輯:關於Oracle數據庫

     下面我們來看看一個oracle中rman備份集加密的方法,希望這個例子能幫助到各位朋友了.

     

    數據的安全越來越重要,不是說你的生產庫安全,你的數據就一定安全了,rman備份也是洩露數據的一個重要地方,如果別人拿到了你的備份集,一樣等同入侵了你的生產庫。為了rman備份的安全,最簡單方式就是使用set encryption方式在rman備份過程中設置密碼,需要版本為10.2及其以後企業版版,另外如果需要備份到帶庫只能使用oracle自己的osb(Oracle Secure Backup),注意rman只有backupset可以加密,copy無法進行加密
    數據庫版本


    SQL> select * from v$version;

    BANNER
    --------------------------------------------------------------------------------
    Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
    PL/SQL Release 11.2.0.4.0 - Production
    CORE    11.2.0.4.0      Production
    TNS for Linux: Version 11.2.0.4.0 - Production
    NLSRTL Version 11.2.0.4.0 - Production

    SQL> show parameter compatible

    NAME                                 TYPE        VALUE
    ------------------------------------ ----------- ------------------------------
    compatible                           string      11.2.0.4.0


    支持rman加密算法


    SQL> select ALGORITHM_NAME
      2  from V$RMAN_ENCRYPTION_ALGORITHMS;

    ALGORITHM_NAME
    ----------------------------------------------------------------
    AES128
    AES192
    AES256


    調整加密算法


    RMAN> show  ENCRYPTION ALGORITHM;

    RMAN configuration parameters for database with db_unique_name ORCL are:
    CONFIGURE ENCRYPTION ALGORITHM 'AES128'; # default

    RMAN> CONFIGURE ENCRYPTION ALGORITHM 'AES256';

    new RMAN configuration parameters:
    CONFIGURE ENCRYPTION ALGORITHM 'AES256';
    new RMAN configuration parameters are successfully stored

    RMAN> show ENCRYPTION ALGORITHM;

    using target database control file instead of recovery catalog
    RMAN configuration parameters for database with db_unique_name ORCL are:
    CONFIGURE ENCRYPTION ALGORITHM 'AES256';


    創建新測試數據文件


    我們這裡測試的是對新創建的5號文件進行加密備份和還原
    SQL> select name from v$datafile;

    NAME
    --------------------------------------------------------------------------------
    /u01/app/oracle/oradata/orcl/system01.dbf
    /u01/app/oracle/oradata/orcl/sysaux01.dbf
    /u01/app/oracle/oradata/orcl/undotbs01.dbf
    /u01/app/oracle/oradata/orcl/users01.dbf

    SQL> create tablespace rman_xifenfei datafile 
      2 '/u01/app/oracle/oradata/orcl/xifenfei01.dbf' size 100M;

    Tablespace created.

    SQL> select file#,name from v$datafile;

         FILE# NAME
    ---------- --------------------------------------------------
             1 /u01/app/oracle/oradata/orcl/system01.dbf
             2 /u01/app/oracle/oradata/orcl/sysaux01.dbf
             3 /u01/app/oracle/oradata/orcl/undotbs01.dbf
             4 /u01/app/oracle/oradata/orcl/users01.dbf
             5 /u01/app/oracle/oradata/orcl/xifenfei01.dbf

    SQL> create table chf.t_xifenfei tablespace rman_xifenfei 
      2  as select * from dba_objects;

    Table created.

    SQL> select count(*) from chf.t_xifenfei;

      COUNT(*)
    ----------
         86721


    rman加密備份


    RMAN> set encryption on identified by 'www.111cn.net' only;

    executing command: SET encryption

    RMAN> backup datafile 5;

    Starting backup at 28-JAN-15
    allocated channel: ORA_DISK_1
    channel ORA_DISK_1: SID=5 device type=DISK
    channel ORA_DISK_1: starting full datafile backup set
    channel ORA_DISK_1: specifying datafile(s) in backup set
    input datafile file number=00005 name=/u01/app/oracle/oradata/orcl/xifenfei01.dbf
    channel ORA_DISK_1: starting piece 1 at 28-JAN-15
    channel ORA_DISK_1: finished piece 1 at 28-JAN-15
    piece handle=/u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp tag=TAG20150128T230115 comment=NONE
    channel ORA_DISK_1: backup set complete, elapsed time: 00:00:01
    Finished backup at 28-JAN-15


    准備恢復測試


    RMAN> sql 'alter database datafile 5 offline';

    sql statement: alter database datafile 5 offline

    [oracle@localhost ~]$ rm /u01/app/oracle/oradata/orcl/xifenfei01.dbf
    [oracle@localhost ~]$ ls /u01/app/oracle/oradata/orcl/xifenfei01.dbf
    ls: /u01/app/oracle/oradata/orcl/xifenfei01.dbf: No such file or directory


    rman恢復測試


    [oracle@localhost ~]$ rman target /

    Recovery Manager: Release 11.2.0.4.0 - Production on Wed Jan 28 23:02:24 2015

    Copyright (c) 1982, 2011, Oracle and/or its affiliates.  All rights reserved.

    connected to target database: ORCL (DBID=1378620768)

    RMAN> list backup of datafile 5;

    using target database control file instead of recovery catalog

    List of Backup Sets
    ===================


    BS Key  Type LV Size       Device Type Elapsed Time Completion Time
    ------- ---- -- ---------- ----------- ------------ ---------------
    1       Full    10.94M     DISK        00:00:01     28-JAN-15      
            BP Key: 1   Status: AVAILABLE  Compressed: NO  Tag: TAG20150128T230115
            Piece Name: /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp
      List of Datafiles in backup set 1
      File LV Type Ckp SCN    Ckp Time  Name
      ---- -- ---- ---------- --------- ----
      5       Full 54057180   28-JAN-15 /u01/app/oracle/oradata/orcl/xifenfei01.dbf

    --未輸入密碼


    RMAN> restore datafile 5;

    Starting restore at 28-JAN-15
    allocated channel: ORA_DISK_1
    channel ORA_DISK_1: SID=492 device type=DISK

    channel ORA_DISK_1: starting datafile backup set restore
    channel ORA_DISK_1: specifying datafile(s) to restore from backup set
    channel ORA_DISK_1: restoring datafile 00005 to /u01/app/oracle/oradata/orcl/xifenfei01.dbf
    channel ORA_DISK_1: reading from backup piece /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp
    RMAN-00571: ===========================================================
    RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
    RMAN-00571: ===========================================================
    RMAN-03002: failure of restore command at 01/28/2015 23:02:52
    ORA-19870: error while restoring backup piece /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp
    ORA-19913: unable to decrypt backup
    ORA-28365: wallet is not open

    --設置錯誤密碼


    RMAN> SET DECRYPTION IDENTIFIED BY 'www.orasos.com';

    executing command: SET decryption

    RMAN> restore datafile 5;

    Starting restore at 28-JAN-15
    using channel ORA_DISK_1

    channel ORA_DISK_1: starting datafile backup set restore
    channel ORA_DISK_1: specifying datafile(s) to restore from backup set
    channel ORA_DISK_1: restoring datafile 00005 to /u01/app/oracle/oradata/orcl/xifenfei01.dbf
    channel ORA_DISK_1: reading from backup piece /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp
    RMAN-00571: ===========================================================
    RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
    RMAN-00571: ===========================================================
    RMAN-03002: failure of restore command at 01/28/2015 23:03:31
    ORA-19870: error while restoring backup piece /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp
    ORA-19913: unable to decrypt backup
    ORA-28365: wallet is not open

    --設置正確密碼

    RMAN> SET DECRYPTION IDENTIFIED BY 'www.111cn.net';

    executing command: SET decryption

    RMAN> restore datafile 5;

    Starting restore at 28-JAN-15
    using channel ORA_DISK_1

    channel ORA_DISK_1: starting datafile backup set restore
    channel ORA_DISK_1: specifying datafile(s) to restore from backup set
    channel ORA_DISK_1: restoring datafile 00005 to /u01/app/oracle/oradata/orcl/xifenfei01.dbf
    channel ORA_DISK_1: reading from backup piece /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp
    channel ORA_DISK_1: piece handle=/u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp tag=TAG20150128T230115
    channel ORA_DISK_1: restored backup piece 1
    channel ORA_DISK_1: restore complete, elapsed time: 00:00:01
    Finished restore at 28-JAN-15
    驗證數據還原
    RMAN> recover datafile 5;

    Starting recover at 28-JAN-15
    using target database control file instead of recovery catalog
    allocated channel: ORA_DISK_1
    channel ORA_DISK_1: SID=7 device type=DISK

    starting media recovery
    media recovery complete, elapsed time: 00:00:00

    Finished recover at 28-JAN-15

    RMAN> sql 'alter database datafile 5 online';

    sql statement: alter database datafile 5 online

    RMAN> exit

    Recovery Manager complete.
    [oracle@localhost ~]$ sqlplus / as sysdba

    SQL*Plus: Release 11.2.0.4.0 Production on Wed Jan 28 23:05:55 2015

    Copyright (c) 1982, 2013, Oracle.  All rights reserved.


    Connected to:
    Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
    With the Partitioning, OLAP, Data Mining and Real Application Testing options

    SQL> select count(*) from chf.t_xifenfei;

      COUNT(*)
    ----------
         86721

    至此我們可以看到,最簡單的rman加密備份和加密恢復測試完成,在使用set encryption加密後,如果不輸入或者錯誤的輸入密碼無法使用備份集,從而確保了備份集的安全.

    1. 上一頁:
    2. 下一頁:
    Copyright © 程式師世界 All Rights Reserved