Which type of security control includes backup and restore operations as well as fault tolerant data storage?

by Dean Halbeisen

This article is Part 1 of a three-part series that describes how Oracle Optimized Solution for Secure Backup and Recovery delivers end-to-end data protection with high availability and security for Oracle's engineered systems and other Oracle Optimized Solutions. This article provides an overview of the solution and its architecture.

Introduction Oracle engineered systems and Oracle Optimized Solutions offer massive scalability and performance for today's larger and more complex workloads and increasingly diverse data environments. Engineered, optimized, and integrated, these systems provide the radical processing speeds, significantly faster deployments, and simplified data center operations needed to achieve unmatched enterprise performance levels. Combining best-of-breed hardware and software components with game-changing technical innovations, Oracle engineered systems and Oracle Optimized Solutions deliver such massive capacity and extreme performance that they require a new way of thinking about backup and recovery. With ownership of both the hardware and software technology, Oracle is in the unique position of being able to plan, design, and execute backup solutions for these powerful and scalable systems. This paper describes Oracle Optimized Solution for Secure Backup and Recovery, with particular focus on Oracle engineered systems, including Oracle Exadata Database Machine (Oracle Exadata), Oracle Database Appliance, Oracle SuperCluster, and Oracle Optimized Solutions. This pretested, high-performance backup solution can be used to accelerate data protection processing and management with breakthrough cost structures using Oracle software powered by Oracle's servers, operating systems, and tape storage. Delivering next-generation data protection with redundancy, high availability, and the security of encryption, Oracle Optimized Solution for Secure Backup and Recovery offers a flexible, secure, multitier architecture for large and small environments. The solution also provides virtually unlimited scalability with centralized management and end-to-end data protection across heterogeneous technologies. The articles in this series are located here: Part 1 Part 2 Part 3

Oracle Optimized Solutions provide tested and proven best practices for how to run software products on Oracle systems. Learn more.

Table of Contents

Solution Overview

Oracle Optimized Solutions are end-to-end hardware and software solutions that have been engineered to deliver tangible and significant incremental revenue and architectural footprint advantages, displacing the competition in multiple industries. The portfolio of solutions encompasses cloud infrastructure, enterprise infrastructure, and business application solutions to enable customers to achieve lower acquisition and operational costs, reduced risk, accelerated business agility, and improved efficiency.

Oracle Optimized Solution for Secure Backup and Recovery is designed as a complete solution for performing network backups of heterogeneous clients. These clients include both Oracle engineered systems and Oracle Optimized Solutions. Leveraging built-in Oracle integration, Oracle Optimized Solution for Secure Backup and Recovery provides pretested, recommended configurations for complete backup and recovery solutions. This solution provides options for traditional disk and tape backups as well as cloud-based backups, and it includes a system from the Oracle ZFS Storage Appliance family of products, Oracle's StorageTek tape libraries, and Oracle's Zero Data Loss Recovery Appliance, as shown in Figure 1. The architecture is designed to simplify solution implementation and facilitate future upgrades needed for data growth.

With complete end-to-end data protection for network backup clients, Oracle Optimized Solution for Secure Backup and Recovery can also complement the Oracle Recovery Manager (Oracle RMAN) and Oracle Active Data Guard data protection solutions using an Oracle ZFS Storage Appliance system for cost-effective, long-term storage on high-performing encrypted tape. Cloud-based database backups are also supported. Oracle Optimized Solution for Secure Backup and Recovery is a comprehensive solution for Oracle Database backups with support for Oracle Database 9i or higher.

Figure 1. Oracle Optimized Solution for Secure Backup and Recovery supports different backup client types.

Oracle Optimized Solution for Secure Backup and Recovery is a unique offering in that it is both low cost and high performance, making it a clear industry leader in terms of price/performance for backup and recovery. Indeed, Oracle Secure Backup software licensing costs can be significantly less than the costs of comparable competitive products, because the tape management software component carries a low-cost, one-time software licensing fee per tape drive used or per disk pool stream used. Using solutions that do not rely on tape backups can save on the costs of licensing tape management software as well. For example, database backups that utilize Oracle RMAN with Oracle ZFS Storage Appliance systems or with Oracle Exadata storage systems are disk-only solutions and do not incur software licensing costs. In addition, the solution enables the use of tape—the lowest-cost storage media, which is ideal for storing older backup copies. Capable of scaling nearly linearly, the solution uses a building-block approach that consists of pretested server and storage configurations.

When this solution is deployed to back up Oracle engineered systems and Oracle Optimized Solutions, it dramatically simplifies backup and recovery processing and management. Typically deployed in replicated configurations, Oracle Optimized Solutions eliminate the need to deploy complex third-party deduplication technologies, because simple tape and disk backups can be performed at one or both sites for complete data protection.

Addressing Data Recovery Needs and Requirements

When preparing data center backup strategies and other data protection strategies, special attention must be paid to the recovery point objectives (RPOs) and recovery time objectives (RTOs) for all data and applications. An RPO defines the maximum acceptable level of data loss following an unplanned event—natural or man-made—that can cause data to be lost. Measured backwards in time, and starting from the instant the event occurs, an RPO is specified in seconds, minutes, hours, or days. It is used to help administrators select optimal disaster recovery technologies and procedures, and it also helps to determine the minimum frequency for performing backups. For example, Wall Street trading firms need an RPO of seconds or less, and they must provide redundant, remote systems to ensure that transactions are not lost. Organizations with more-static data will not have such granular RPOs.

An RTO is the period of time within which IT capabilities must be restored following an unplanned event. IT departments determine RTOs by calculating the amount of revenue lost per unit of time as a result of the event, or by determining the maximum amount of time that their organizations can afford to be without IT functionality.

Figure 2 illustrates various data center backup attributes, various Oracle backup and storage hardware, and which hardware addresses the various attributes. These factors should be kept in mind when evaluating backup solutions for Oracle engineered systems and Oracle Optimized Solutions.

Figure 2. Oracle Optimized Solution for Secure Backup and Recovery addresses a range of retention needs as well as requirements for RTOs and RPOs.

Creating More-Secure Backup and Recovery Environments

Protecting data is an essential business concern for all enterprises. Enterprise-level backup environments typically use a centralized backup and recovery model, which simplifies administration as the size of data continues to grow. However, this centralization also presents a potential security threat: If an intruder gains access to a centralized backup or media server, data for many systems across the enterprise can be compromised. Physical security is, of course, fundamental, and access to servers and media libraries must be protected and audited. Backup servers, clients, networks, storage, and tape libraries should all be configured following recommended security guidelines to provide end-to-end security. Data encryption is also recommended to protect data at rest and while in transit across networks and to/from storage media.

The following steps can help create a more secure backup and recovery environment.

• Simplify the infrastructure. Most backup and recovery environments are based on a complex infrastructure, making implementation and management complicated. This complexity increases the risk of security vulnerabilities. A backup and recovery implementation as a whole is only as secure as its most vulnerable component, and it can be challenging to securely configure the myriad interacting components and products in a heterogeneous system. Oracle Optimized Solutions simplify backup and recovery implementations through the use of consolidation and virtualization technologies. Oracle also offers security guidelines and recommendations, and many Oracle components have security built in by default.
• Reduce implementation flaws. Secure software is important but not sufficient by itself. Most security vulnerabilities arise from flawed implementation and architecture, including improper configuration and access control, lack of patch management, unencrypted communications, and inadequate security policies and processes. Based on current security best practices, Oracle Optimized Solutions provide proven and tested architecture recommendations for increased backup and recovery solution protection.
• Eliminate performance and cost penalties. Many security processes, such as on-the-fly encryption/decryption, can have a significant negative impact on the performance and cost of a backup and recovery solution. Oracle Optimized Solutions leverage Oracle's SPARC-based systems, which offer high-performance security using cryptographic instruction accelerators that are directly integrated into the processor cores. By providing wire-speed security capabilities, Oracle systems eliminate the performance and cost penalties typically associated with real-time, secure computing.

Architecture Overview

Oracle Optimized Solution for Secure Backup and Recovery features a scalable, multitier architecture that includes backup clients, media servers, administrative servers, Oracle disk devices, and encrypted tape devices. Designed to be software-agnostic, Oracle Optimized Solution for Secure Backup and Recovery can work with Oracle RMAN, Oracle Secure Backup, Symantec NetBackup, or other third-party backup software. For illustration purposes, this paper refers to use of Oracle Secure Backup software throughout.

Note that in disk-only environments—such as those using Oracle Exadata storage, Oracle's Exadata Storage Expansion Racks, or Oracle ZFS Storage Appliance systems—no backup software is required. Disk backups can be completed using the operating system and Oracle Database tools—such as Oracle RMAN—alone.

Solution Software Components

The recommended architectures in this solution feature common software components, as shown in Table 1. The following sections describe these software components.

Table 1. Solution Software Components

Oracle Solaris 11

Oracle Solaris 11 is the first operating system engineered for enterprise clouds. With built-in virtualization, Oracle Solaris 11 offers fast, intelligent provisioning capabilities for rapid service setup and maintenance. The operating system provides fully integrated security for users, applications, and devices with fine-grained delegated management and the latest security standards. Scalable data management is achieved with Oracle Solaris ZFS, the innovative default file system in Oracle Solaris 11. Oracle Solaris ZFS brings advanced storage features such as built-in deduplication, encryption, and thin provisioning to enterprise servers, and Oracle Solaris ZFS snapshots help to deliver boot environments that enable fail-safe updates and self-recovery.

Oracle Solaris 11 offers mission-critical infrastructure that simplifies software lifecycle management and cloud-scale data management while providing advanced protection for public, private, and hybrid cloud environments. New features increase performance, reliability, security, efficiency, and virtualization, as well as preserve full compatibility with a vast portfolio of existing third-party products and internally developed customer applications. Oracle Solaris 11 is engineered jointly with Oracle applications and middleware to deliver unique features that increase performance, streamline management, and automate support for Oracle deployments.

Oracle Linux

For those sites using Oracle's x86 servers, Oracle Linux brings the latest Linux innovations to market, delivering extreme performance, advanced scalability, and reliability for enterprise applications and systems. Optimized for the Oracle stack, Oracle Linux is built and tested to run Oracle hardware, databases, and middleware and is recommended for all enterprise applications.

Oracle's StorageTek Automated Cartridge System Library Software

Oracle's StorageTek Automated Cartridge System Library Software (StorageTek ACSLS) provides a strategic, centralized library management solution. Figure 3 shows two environments—one without StorageTek ACSLS and one after deploying StorageTek ACSLS.

Figure 3. StorageTek ACSLS provides centralized management and high availability for Oracle's StorageTek tape libraries.

Without StorageTek ACSLS software, organizations must grapple with distributed management, multiple administrators and libraries, excess environmental consumption, poor resource utilization, and higher total cost of ownership. Deploying StorageTek ACSLS as part of a tape management solution enables centralized management of a single library by a single administrator, with lower environmental consumption, standard policy management, balanced workload and resource utilization, maximum storage efficiency, and lower cost of ownership. In addition, StorageTek ACSLS can help tape environments meet high-availability objectives.

Oracle Key Manager

Oracle Optimized Solution for Secure Backup and Recovery features Oracle Key Manager, which is a highly available encryption key management system for encrypted tape backups. Oracle Key Manager 2.5 makes it easy to implement and scale storage-based encryption—for operational and archive data—without unnecessary cost and complexity. A sample configuration using Oracle's StorageTek T10000D and StorageTek LTO 6 tape drives and Oracle's StorageTek SL8500 and StorageTek SL3000 modular tape systems is shown in Figure 4.

Oracle Key Manager 2.5 is designed with an emphasis on simplicity, security, and scalability to help organizations realize the following advantages:

• High security. A hardened solution, Oracle Key Manager provides FIPS 140-2 Level 3 compliance (through Oracle's Sun Crypto Accelerator 6000 PCIe Card) and secure key protection throughout the key lifecycle, with a dedicated key management and delivery network.
• Interoperability. An open, standards-based architecture supports diverse storage devices—from mainframes to open systems—under a single storage key management system.
• High availability. Active n-node clustering, dynamic load balancing, and automated failover ensure high availability.
• Simplified management. A secure client GUI facilitates administration—whether it is at one site or worldwide—through user-defined, policy-based automatic key management.
• Scalability. A single clustered Oracle Key Manager appliance pair can be used to manage thousands of storage devices and millions of encryption keys, making the solution scale easily and nondisruptively.

Figure 4. An Oracle Key Manager sample configuration. (Note: In the figure above, "T10000D" and "LTO 6" refer to Oracle's StorageTek T10000D and StorageTek LTO 6 tape drives, respectively. "KMA" refers to the key management appliance component or Oracle Key Manager.)

Oracle's StorageTek Tape Analytics Software

Oracle's StorageTek Tape Analytics software is an intelligent monitoring application that proactively captures library, drive, and media health metrics and runs analytical calculations on these data elements. As a result, the software can eliminate library, drive, and media errors and empower tape storage administrators to make proactive decisions about tape environments prior to device failures. Figure 5 illustrates how the StorageTek Tape Analytics software collects data from Oracle's StorageTek libraries, drives, and media.

Figure 5. StorageTek Tape Analytics software simplifies tape monitoring.

Oracle Enterprise Manager Cloud Control

Oracle Enterprise Manager Cloud Control is a centralized cloud management solution, with a single view of the entire IT environment from applications to disk. It features a pluggable framework, providing an easy way to update Oracle Enterprise Manager Cloud Control with support for the latest Oracle product releases. Several plugins, such as one for Oracle Database, are installed by default. Some newer product releases, such as Oracle's Zero Data Loss Recovery Appliance, require an additional plugin to be downloaded and installed.

Oracle Enterprise Manager Cloud Control is used to provide end-to-end data protection management in Oracle Optimized Solution for Secure Backup and Recovery. This software provides a unified view from the time a backup is initiated to the time it is stored on disk or tape or it is replicated to another storage device in a remote data center. All backup locations are tracked, so that any Oracle Recovery Manager (Oracle RMAN) restore and recovery operation can retrieve the most appropriate backups, wherever they reside.

Advanced storage monitoring and reporting helps administrators effectively manage current and future throughput and capacity. The amount of space needed for each database under management is predictively calculated based on its historical backup space usage and recovery window goal. Capacity reports provide summary and detailed information on storage utilization as well as average and maximum throughput, plus detailed information on CPU, memory, and IOPS. In addition, warnings can be generated if the space needed is within a user-configurable threshold of total available space.

Solution Hardware Components

All recommended architectures in the solution feature common hardware components, as shown in Table 2.

Table 2. The Solution's Common Hardware Components

Network Infrastructure

Ethernet switches provide connections and link aggregation between the backup clients, media servers, and administrative servers. Network speeds of both 1 gigabit per second and 10 gigabits per second are supported. Connections from the media servers to the network clients are provided through a private 10 gigabit Ethernet (GbE) network or connections into the solution's InfiniBand fabric.

Built-in Oracle InfiniBand switches are used to provide connectivity within Oracle engineered systems. InfiniBand eliminates the physical complexity of multiple interconnects per system and provides immense bandwidth and high speed connectivity to support high-speed transfers of massive amounts of data. With high throughput, low latency, and a scalable fabric suitable for fabric consolidation of interprocess communication, network, and storage, InfiniBand delivers up to 63 percent higher transactions per second for Oracle Real Application Clusters (Oracle RAC) than GbE networks.

SAN switches provide Fibre Channel connections between the Oracle Secure Backup media servers and the Fibre Channel archive devices.

Oracle's SPARC Servers

The solution features two members of Oracle's SPARC server family—SPARC S7-2 Server and SPARC S7-2L Server (Figure 6). These servers are designed to provide breakthrough performance while maximizing reliability and minimizing power consumption and complexity. SPARC S7-2 Server features a single SPARC S7 processor (8 cores) from Oracle and up to 512 GB of system memory in a 1U rackmount enclosure. SPARC S7-2L Server, an ideal media server for medium to large environments, features a two SPARC S7 processors (16 cores total), up to 1 TB of system memory and up to 60 TB internal storage capacity in a 2U rackmount enclosure.

Both models are ideal for large-scale applications, enterprise-wide consolidation, and database projects that require extreme reliability, availability, and security.

Figure 6. Oracle's SPARC S7-2 Server and SPARC S7-2L Server provide high levels of performance and throughput.

Oracle's x86-Based Servers

The solution also features members of Oracle's x86-based server family: Oracle Server X6-2 and Oracle Server X6-2L servers (Figure 7). Oracle's comprehensive, open standards–based x86 systems provide the best platform to run Oracle software when x86 architectures are required, offering enhanced reliability for data center environments. Only Oracle provides an optimized hardware and software stack that comes complete with choice of OS, virtualization software, and cloud management tools—all at no extra charge. Oracle's optimized hardware and software stack has enabled enormous performance gains in its engineered systems and delivered world-record benchmarks results.

Oracle Server X6-2 features one or two processors from the Intel® Xeon® processor E5-2600 v4 product family of CPUs and up to 768 GB memory in a compact 1U enclosure. Oracle Server X6-2L offers the same processors and memory capacity, and adds expandability with support for up to 26 disk drives in a 2U enclosure.

Figure 7. Oracle's x86-based servers provide high performance and reliability.

Oracle ZFS Storage Appliance Systems

The Oracle ZFS Storage Appliance family of storage devices (Figure 8) provides a flexible, high-performance, and low-cost backup and recovery solution for Oracle engineered systems. Offering unmatched Oracle integration, high performance, efficiency, simplified management, and low TCO, Oracle ZFS Storage Appliance systems are available in customizable small, medium, and large configurations to suit varied backup requirements.

Figure 8. Oracle ZFS Storage Appliance systems provide a flexible, low-cost backup and recovery option for Oracle engineered systems.

Zero Data Loss Recovery Appliance

Oracle's Zero Data Loss Recovery Appliance (see Figure 9) is an engineered system for database backup that eliminates data loss exposure without affecting the performance of production environments. Compute, network, and storage are integrated into a massively scalable appliance with a cloud-scale architecture that provides fully automated database backup and recovery for multiple databases. The recovery appliance enables a centralized backup strategy for large numbers of databases using cloud-scale, fault-tolerant hardware and storage.

Integrated with Oracle RMAN and featuring an incremental-forever backup strategy, the recovery appliance provides minimal-impact backups. The databases send only changes, and all backup and tape processing is offloaded from the production servers to the recovery appliance for improved system performance. Real-time database redo block information is transmitted, eliminating potential data loss and providing instant protection for new transactions. Database recoverability is improved with end-to-end reliability, visibility, and control of a database as a whole, rather than as a disjoint set of files.

The recovery appliance features secure replication to help protect against disasters such as site outages or regional disasters. Flexible replication topologies are supported to match a data center's requirements. For example, replication can be set up in a simple one-way topology, or two recovery appliances can be set up to replicate each other, or a central recovery appliance can be used for replication from multiple satellite recovery appliances. In all topologies, only changed blocks are replicated, minimizing WAN network usage.

Use of secure replication to a recovery appliance can help speed recovery times in the event of an outage. If a local recovery appliance is not available, restore operations can run directly from a remote recovery appliance without first staging the data locally.

Figure 9. Oracle's Zero Data Loss Recovery Appliance eliminates data loss and provides minimal-impact backups.

Oracle's StorageTek Tape Library Products

Oracle's tape storage solutions maximize the bandwidth of Oracle Optimized Solution for Secure Backup and Recovery. Providing fault isolation from production systems' storage, the tape storage solutions enable easy movement of backup media off-site and provide cost-effective retention of multiple backup copies. Tape media can also be the most cost-effective method for the initial movement of large amounts of data. In the event that a large database needs to be moved from site to site, such as to or from a secondary disaster recovery (DR) site, tapes can be shipped across the country quickly and cheaply, and subsequent incremental backups can be applied to make the database current once again.

Oracle Optimized Solution for Secure Backup and Recovery features Oracle's StorageTek SL150, StorageTek SL3000, and StorageTek SL8500 modular library systems (Figure 10). These reliable modular library systems scale to suit a wide range of storage capacity requirements. The solution also features Oracle's StorageTek T10000D and StorageTek LTO 7 tape drives (Figure 11), where applicable. All the recommended architectures include the StorageTek SL3000 tape library, because this library offers the lowest-cost configuration with no single point of failure. The tape libraries and tape drives are described below.

• StorageTek SL150 modular tape library. The StorageTek SL150 tape library scales from 30 to 300 LTO slots with a maximum capacity of more than 1.8 petabytes of uncompressed data (using Oracle's StorageTek LTO 7 drives) in a standard 19-inch rackmounted cabinet. The library also supports up to 20 tape drives with a native throughput rate of more than 20 terabytes per hour. This library's capacity and scalability are designed for small and growing or midsize business environments.
• StorageTek SL3000 modular library system. The StorageTek SL3000 modular library system offers an innovative, ecoefficient approach to midrange storage, providing more choice and control for rapidly changing environments. The StorageTek SL3000 modular library system scales from 200 to 5,925 cartridge slots and from 1 to 56 tape drives in a footprint that provides linear growth in a rack environment. (Although the StorageTek SL3000 modular library system supports 5,925 cartridge slots, Oracle recommends moving to a StorageTek SL8500 modular library system if capacity needs require over 3000 slots.) Its RealTime Growth capability enables physical capacity to be installed in advance and tapped into incrementally with capacity on demand license keys. The StorageTek SL3000 modular library system delivers a native throughput rate of 57 TB per hour for maximum configurations.
• StorageTek SL8500 modular library system. The StorageTek SL8500 modular library system can be shared across supercomputer, mainframe, Oracle Solaris, AS/400, Windows, and Linux environments, and across a variety of other UNIX environments. Its Any Cartridge Any Slot technology enables any combination of supported drives and media. The choices include Oracle's StorageTek T10000 and  LTO and SDLT tape drives. The StorageTek SL8500 modular library system has nearly limitless scalability, and can currently scale to 100,880 slots (788 PB of native storage) and up to 640 tape drives. Many libraries can be consolidated onto a single StorageTek SL8500 modular library system, with modular and scalable capacity to meet rapid growth requirements. The StorageTek SL8500 modular library system delivers a native throughput rate of 657 TB per hour for maximum configurations.

Figure 10. Oracle's StorageTek modular library systems come in different sizes to accommodate data center needs.

Oracle's StorageTek Tape Drives

Oracle Optimized Solution for Secure Backup and Recovery features Oracle's StorageTek T10000D and LTO 7 tape drives, shown in Figure 11.

• StorageTekT10000D tape drive. The StorageTek T10000D tape drive delivers a capacity of 8 TB of uncompressed data and a throughput of 250 MB per second. These drive efficiencies help enable data centers to store more data in the same footprint and shorten backup and recovery windows. StorageTek T10000D tape drives support demanding, high-duty-cycle environments with dual-head, 32-channel technology, reducing the number of tape passes and extending head and media life. These tape drives connect using dual-port Fibre Channel options for compatibility with most storage environments.
• StorageTek LTO 7 tape drive. The StorageTek LTO 7 tape drive is Oracle's latest addition to its portfolio of tape drives. With a capacity of 6 TB per second and a throughput rate of 300 MB per second, the StorageTek LTO 7 tape drive has many of the features of Oracle's StorageTek LTO 6 tape drive and offers support for SAS and FC interfaces. It comes in full- and half-height platforms. IT departments can choose the model that makes the most sense for the operating environment, applications, needed capacity, and required performance. Oracle's scalable tape automation solutions are designed to accommodate whatever drive and interface are selected.

Figure 11. StorageTek tape drives provide high-throughput capabilities.

Reference Architecture Components in Tape Environments

In environments using tape for backups, the primary logical components of Oracle Optimized Solution for Secure Backup and Recovery include software that fulfills the following three roles. The software used can be Oracle Secure Backup or third-party backup software selected by IT staff.

• Back up the software administrative server. Each administrative domain must have exactly one administrative server. The administrative server is configured with complete data for the other hosts in the domain, their roles, and their attached tape devices. This data is maintained in a set of configuration files stored on the server.

  The administrative server runs the scheduler, which starts and monitors each backup job. The scheduler keeps a backup catalog with metadata for all backup and restore operations performed in the administrative domain. Oracle's x86-based servers or SPARC servers are recommended for use as administrative servers in this solution, because they deliver outstanding performance in the smallest possible configuration while providing considerable room for growth. For optimal performance and availability, the administrative and media server roles should not be mixed within the same server.

• Back up the software media server. A media server is a host with at least one tape drive or library attached to it. The media server transfers data to or from a volume loaded on one of the attached tape devices. A single media server can be attached to multiple tape libraries, and multiple media servers can share attachments to multiple tape libraries.

  The media server performs the backup operations under the direction of the administrative server, storing all backup data on its connected storage devices. Oracle's x86-based servers or SPARC servers are recommended as media servers in this solution, because they offer the most I/O bandwidth for their platform type—a feature that dramatically improves media server performance. Both server families also provide a large amount of capacity for most environments. For optimal performance and availability, the administrative and media server roles should not be mixed within the same server.

• Back up the clients. While this solution focuses on backup and recovery for Oracle engineered systems and Oracle Optimized Solutions, it can also be used for network backups of any client platform supported by Oracle Secure Backup.

  Although this solution includes multiple backup administrative and media servers, a single server can be deployed to support both the administrative and media server workloads, if desired. Using two systems provides high availability in a highly scalable solution, but the workloads can be combined on a single server. Additional media servers and archive devices can be added as needed to address scalability requirements.

Oracle Secure Backup

Oracle Secure Backup provides centralized backup management for Oracle Database, heterogeneous file systems, and network-attached storage (NAS) to disk, tape, or both. Integrated with components of the Oracle technology stack and optimized for Oracle Database backup, this scalable end-to-end backup solution eliminates multivendor integration and support issues. With centralized, policy-based backup management and low-cost, single-component licensing, this software reduces cost and complexity for reliable data protection across complex, heterogeneous enterprise environments.

Oracle Secure Backup uses a central administrative server and one or more media servers to provide data protection for heterogeneous, distributed clients. Running on either Oracle's x86-based or SPARC servers, and using Oracle tape archive devices and Oracle ZFS Storage Appliance systems, this software scales to support large enterprise networks. The networks can contain a large number of clients (UNIX, Linux, or Windows), NAS devices, or high-performance engineered systems such as Oracle Exadata, Oracle Database Appliance, and Oracle SuperCluster. Data backup to both tapes and disk (new in Oracle Secure Backup 12.1) is supported. Oracle Secure Backup uses standard tape formats and supports most popular tape drives and tape libraries across SAN, Ethernet networks, Oracle InfiniBand networks, and SCSI environments. Dynamic tape-drive sharing ensures maximum utilization of tape drives.

Built-in integration with Oracle products provides significant performance benefits for these products. Integration with Oracle RMAN helps deliver optimized performance and achieve 25–40 percent faster backups for Oracle Database than comparable media management utilities with up to 10 percent less CPU utilization. In Oracle Exadata environments, optimized backup performance and support for Reliable Datagram Socket over Remote Direct Memory Access (RDS/RDMA) can deliver approximately 50 percent more throughput per InfiniBand port. And tight integration with Oracle ZFS Storage Appliance systems and support for Network Data Management Protocol (NDMP) connectivity eliminates the need for an additional media server to write backups to disk.

Encrypted backups secure data at rest, on tape, or on disk. Backups can be encrypted using host-based backup encryption or performed by Oracle's StorageTek LTO or T10000D tape drives. Proven embedded Secure Sockets Layer (SSL) technology protects data while in transport and provides two-way server authentication for greater protection.

Oracle's x86-based or SPARC servers are used to create the optimal backup and recovery solution that best fits an organization's data center requirements and standards. Both platforms deliver best-in-class network backup performance and best-in-class reliability. SPARC servers from Oracle can deliver up to 20 percent better network performance than the x86 server platforms. However, both types of platforms have similar bandwidth offerings in terms of the number of expansion slots. The recommended components in the solution—including servers, SAN, Ethernet and InfiniBand networks, tape library management, tape encryption management, and tape drives—are configured for redundancy. To facilitate interoperability and deliver more stability, the same platform found in Oracle's high-performing appliance solutions, such as Oracle engineered systems and Oracle Optimized Solutions, should be deployed wherever possible.

Cloud-Based Database Backups

Oracle Optimized Solution for Secure Backup and Recovery supports cloud-based database backups. Cloud-based backups can serve as a complement to or a replacement for local backup and recovery solutions. By using a cloud-based backup, an enterprise gains scalable capacity on demand and eliminates upfront capital investment in storage hardware.

Oracle Optimized Solution for Secure Backup and Recovery can be deployed as part of a private cloud solution, for enterprises requiring a dedicated internal private cloud implementation. Alternatively, the solution can be deployed as part of a hybrid cloud solution, with production databases maintained on premises and cloud storage used for database backups.

Two methods are supported when deploying Oracle Optimized Solution for Secure Backup and Recovery as part of a hybrid cloud:

• Oracle Database Backup Service. Oracle Database Backup Service is a secure, scalable, reliable, and high-performance public cloud storage solution for storing Oracle Database backups. A client-side Oracle Database Cloud Backup Module is used with Oracle RMAN to transparently handle the backup and restore operations.
• Oracle Secure Backup to Amazon Simple Storage Service (Amazon S3). The Oracle Secure Backup Cloud Module, compatible with Oracle Database version 9i Release 2 or later, can be used to back up databases to cloud-based storage services offered by Amazon S3. Oracle Secure Backup Cloud Module is implemented using the Oracle RMAN System Backup to Tape (SBT) interface, which enables external backup libraries to be seamlessly integrated with Oracle RMAN. With this cloud offering, local disk backups are sent directly to Amazon S3 for offsite storage and are fully integrated with Oracle RMAN.

For more information on Oracle Database Backup Service, see cloud.oracle.com/database_backup.

See Also

For additional information, please see the following:

• Oracle Secure Backup software
• Oracle servers
• Oracle Solaris 11
• Oracle Solaris Cluster
• Oracle Linux
• Oracle Enterprise Manager
• Oracle's StorageTek Automated Cartridge System Library Software
• Oracle Key Manager
• Oracle storage systems
• Oracle Optimized Solutions
• Oracle Support Document 1558851.1 (Oracle Optimized Solution for Secure Backup and Recovery)

About the Author

Dean Halbeisen is a solutions manager at Oracle. He has over 20 years of IT experience and is an expert in enterprise computing solutions, most recently applying these practices to next-generation data center solutions, integrated systems, and Oracle engineered systems. In his current role, he is responsible for solution architecture and development around Oracle Optimized Solutions, including communicating about Oracle's systems, solutions, and technology strategies and roadmaps to customers, partners, and internal stakeholders.

What is fault tolerance and disaster recovery?

What is fault tolerance services?

What is meant by fault tolerance in relation to server storage?

What is fault tolerance in cloud terminology?