Encrypting RMAN backup
Encrypting RMAN backup
Configuring encryption for Oracle Recovery Manager (RMAN) is always a good step in the right direction. There may be different reasons for encrypting RMAN backup.
Option 1: Use global security wallet to encrypt backup
*configure the encryption wallet.
create a directory called "Wallet" in $ORACLE_BASE/admin/$ORACLE_SID
mkdir /home/oracle/app/oracle/admin/orcl/wallet
SQL> alter system open encryption wallet identified by "oracle1";
rman target /
RMAN> configure encryption for database on;
RMAN> backup database;
Option 2: Configure encryption right from RMAN
Another option is to configure encryption right from RMAN. You can also decide to use both options 1 and 2 together for double protection. Option one will be global because it controls every encryption done on the database including the backup. Option 2 is only restricted to RMAN prompt alone.
*Log in to RMAN and configure Encryption
RMAN target /
RMAN> set encryption on identified by "oracle1" only;
RMAN> backup database;
Note: You don't need a wallet to implement this. You can combine this with the global wallet transparent backup if you like. That will give you dual protection
You need to specify this password during recovery
Removing encryption
RMAN> configure encryption for database off;
Note: You need to set encryption off if at any point you don't need to encrypt your backup again. Some organizations will require you to remove encryption for data or databases that are only for TEST or DEVELOPMENT purpose.
Query encryption setting
Oracle provided a view to track encryption setting configured for recovery manager (RMAN). Issue this command as SYS:
select * from V$RMAN_ENCRYPTION_ALGORITHMS;
This is the view with all the details of rman encryption modes in the database. It is essential for a DBA to understand the encryption mode and their restrictions/limitations.
- For greater security of data;
- Customer requirement (e.g, most companies requires encryption for any database file containing SSN, Credit Card number, date of birth, etc); or
- Complying with laws or regulations.
Option 1: Use global security wallet to encrypt backup
*configure the encryption wallet.
create a directory called "Wallet" in $ORACLE_BASE/admin/$ORACLE_SID
mkdir /home/oracle/app/oracle/admin/orcl/wallet
*Issue this command as SYS:
SQL> alter system set encryption key identified by "oracle1";
*Open the wallet:
SQL> alter system open encryption wallet identified by "oracle1";
*Log in to rman to encrypt backup
rman target /
RMAN> configure encryption for database on;
RMAN> backup database;
Option 2: Configure encryption right from RMAN
Another option is to configure encryption right from RMAN. You can also decide to use both options 1 and 2 together for double protection. Option one will be global because it controls every encryption done on the database including the backup. Option 2 is only restricted to RMAN prompt alone.
*Log in to RMAN and configure Encryption
RMAN target /
RMAN> set encryption on identified by "oracle1" only;
RMAN> backup database;
Note: You don't need a wallet to implement this. You can combine this with the global wallet transparent backup if you like. That will give you dual protection
You need to specify this password during recovery
Note: You need to set encryption off if at any point you don't need to encrypt your backup again. Some organizations will require you to remove encryption for data or databases that are only for TEST or DEVELOPMENT purpose.
Query encryption setting
Oracle provided a view to track encryption setting configured for recovery manager (RMAN). Issue this command as SYS:
select * from V$RMAN_ENCRYPTION_ALGORITHMS;
This is the view with all the details of rman encryption modes in the database. It is essential for a DBA to understand the encryption mode and their restrictions/limitations.
nice
ReplyDelete