<Insert Picture Here> Oracle Secure Backup 10.3 Secure Your Data, Protect Your Budget

<Insert Picture Here> Oracle Secure Backup 10.3 Secure Your Data, Protect Your Budget

Program Agenda Oracle Secure Backup Overview What s New in Oracle Secure Backup 10.3 Ease of Management Data Protection: Security Advanced Media and Device Management Summary Q & A <Insert Picture Here> 2

Oracle Secure Backup (OSB) Enterprise Tape Backup Management Oracle Enterprise Manager Oracle Secure Backup File System Data Tape Library Oracle Database RMAN Integration Virtual Tape Library (VTL) Protects Entire IT Environment Oracle Database 11g Release 2 back to Oracle9i 25 40% faster tape backup Heterogeneous file systems (UNIX/ Linux / Windows) and NAS devices Built-in Oracle Integration Centralized management in distributed environments Over 75% less expensive than comparable products 3

Oracle Integrated Solution Secure Backup (OSB), Recovery Manager (RMAN), and Enterprise Manager (EM) Performance optimizations: RMAN and OSB cloud or tape backups Unused block compression Eliminate backup of committed undo Shared buffer between RMAN and OSB improves CPU utilization Tape vaulting optimizations: OSB and RMAN integration RMAN restore database preview identifies offsite backup tapes RMAN restore database preview recall initiates OSB recall of tapes for restoration Management Interface: OSB and EM Grid Control Manage file system and Oracle database data protection and administration for the backup domain 4

Centralized Tape Backup Management Client / Server Architecture Administrative Server NAS Central Management Data protection for heterogeneous, distributed servers managed from a central console, Administrative Server Media servers may be direct-attached or SANattached to tape devices OSB communicates directly with the client host to backup mounted file systems and storage Oracle database(s) may be located on any client or media server within the backup domain Tape Library Clients UNIX / Linux / Windows LAN Media Server(s) Storage Virtual Tape Library (VTL) 5

Oracle Secure Backup 10.3 Key New Features Advanced tape management Server-less tape duplication for Virtual Tape Libraries (VTL) Improved tape vaulting automation and management Expanded backup encryption options: Support LTO-4 tape drive encryption Seamless key management between host-based or LTO-4 encryption IPv6 support Improved manageability: Progress status reported during backup / restore Device configuration accuracy checks New monitor user class complementing EM Grid capabilities Advanced Functionality at NO Extra Cost! 6

IT Cost Savings 75%+ Migration to Oracle Secure Backup Imagine how much annual maintenance you ll save!!! Oracle Secure Backup is licensed at $3500 per tape drive. 7

Two Editions Protecting all Oracle Database Editions Feature Integration with RMAN File system backups Networked backups Multiple tape drives or servers Backup encryption Vaulting Tape duplication Free, bundled with Oracle Oracle Secure Backup No Oracle Secure Backup Express No No No No No 8

<Insert Picture Here> Ease of Management 9

Oracle EM Grid 10.2.0.5 OSB Domain Management Oracle Enterprise Manager Grid 10.2.0.5 OSB Administrative Server Monitored by EM with EM alerting and notifications Oracle Secure Backup File System Data Oracle Database RMAN Integration New Integration File system backup / restore Media lifecycle management Media families, vaulting and duplication Browse host files, then select for one-time backup or dataset creation Restore by backup or selected files within the backup 10

File System Protection UNIX / Linux / Windows and NAS Devices File System Data File system backup / restore management EM Grid Control 10.2.0.5, OSB web tool or unified command line (obtool) Recurring backup schedule or Backup Now Full, incremental, and offsite backup levels Backup / restore of Network Attached Storage (NAS) devices using Network Data Management Protocol (NDMP) Standards-complaint tape format: extended TAR or NDMP dump Tree-style catalog browsing for restoration to original or alternate location Automatic recall of tapes located offsite to perform the restore operation Refer to the certification matrix on metalink.oracle.com for list of supported platforms, operating systems and NAS devices 11

Oracle Database Protection RMAN and OSB Integration Oracle Database RMAN Integration Oracle database backup / recovery management Utilize RMAN or Oracle EM (DB Control or Grid Control) restoring to original or alternate location Oracle Secure Backup provides the media management layer for RMAN Exclusive performance optimizations achieving 25 40% faster backup Exclusive vaulting integrations identifying and recalling offsite tape for restore Encrypted backups using either RMAN or OSB encryption capabilities Metadata regarding RMAN backup pieces is maintained within OSB catalog Volumes may be queried for list of backup pieces contained by volume User-defined tape retention methodology for Oracle database backups Leverage RMAN retention parameters (content-managed tapes) RMAN delete obsolete command updates OSB catalog OSB keep time setting (time-managed tapes) 12

Domain Administration More Control at Your Finger Tips New In OSB 10.3 Inventory all or part of a library Extend a tape s expiration date Enable or disable schedules Remove volumes from the catalog (Physically lost tapes) Check progress of job how much data backed up thus far Define name displayed in from line of OSB generated emails 13

Oracle Secure Backup Catalog Automated Backup of the Administrative Server Catalog protection is pre-configured: Unique dataset created containing all catalog directories on the Administrative Server Media family specific to the catalog defined insuring the tapes are readily identifiable Catalog backup scheduled and ready for userinput on frequency of backups New dataset directive: Include Catalog Captures all catalog directories without having to explicitly list them Tape Device 14

Broad Tape Device Support Partners Physical and Virtual Devices Support for over 200 new and legacy devices SCSI, Fibre, SAS and iscsi connectivity Dynamic drive sharing maximizes tape drive utilization in SANs 15

Device Configuration - Accuracy Verify Utility and Policy New In OSB 10.3 Tape Library Storage Elements DTE1 DTE2 DTE3 Attach points Houston, we have a problem Media Server Vfylibs utility should be run after any device updates Serial number checking policy proactively queries for device changes OSB vfylibs command verifies accuracy of configuration Device policy, checkserialnumbers, identifies drive changes alerting possible mis-configuration 16

<Insert Picture Here> Data Protection: Security 17

Security: Data and Backup Domain Policy-Based Management Guarding access to the backup domain User-level access control Direct access to tape devices restricted to Trusted hosts Embedded SSL technology provides secure transport of backup data and messages between two-way authenticated servers Securing backup data on tape Backup encryption protects data on tape while onsite, offsite or lost User selectable encryption algorithms AES128, AES192 or AES256 Backup encryption policies at backup, host or domain level 18

Users-Level Access Control User Class assigns the user to a set of Oracle Secure Backup specific privileges. osbuser1 can only backup and restore data accessible to UNIX name: jdoe UNIX group: sysadmin OSB user may have preauthorized access eliminating the login process Performing Oracle database backups using RMAN requires RMAN user preauthorization within OSB 19

Proven SSL Embedded Technology Delivers Two Important Security Requirements TWO-WAY HOST AUTHENTICATION A unique, identifying X.509 certificate is automatically created during installation The OSB Administrative Server is the Certificate Authority (CA) PROTECTS DATA WHILE IN TRANSIT OSB messages and data are encrypted as part of SSL communication Encrypted backups are not reencrypted for transport Tape Library Client 010101000 1010010101 Media Server 101010 101001 LAN SSL decryption upon arrival 20 NOTE: OSB embedded SSL benefits do not apply to NAS hosts

Host-based and Hardware Encryption Backup Encryption Per User-Policies OSB Host-based Encryption: Encryption performed on the host AES128, AES192 or AES256 algorithms New In OSB 10.3 LTO-4 Tape Drive Encryption: Encryption performed by the LTO-4 tape drive AES256 algorithm Backups from NAS hosts may be encrypted Seamless Encryption Key Management Encryption policies defined at global, host, volume or backup level OSB Key generation: Transparent or passphrase Rekey frequency per user policy Encryption keys stored centrally on Administrative Server 21

Transient Backup Encryption Ideal for backups intended to be restored at alternate site or OSB domain Transient encrypted backups are one-off type backups Configured as part of an immediate backup not backup schedule User-defined passphrase generates encryption key for the backup job which applies to all volumes in the set Prior to restore within alternate OSB domain, tapes must first be imported to update the OSB catalog Passphrase input during restore decrypts backup Oracle Secure Backup Site A Oracle Secure Backup Site B Decrypted 22

<Insert Picture Here> Advanced Media and Device Management 23

Media Management: Retention, Duplication and Vaulting Tapes managed from first write to reuse based on user-defined media families, duplication and rotation policies 24

Tape Management As Easy as 1,2,3,4,5. Define tape pools, storage locations, policies and schedules: 1 3 5 Media Family(s) 2 4 Policies: Vaulting, Duplication Schedules: Vaulting, duplication Storage* Location(s) Association: Map policy(s) to media family 25 *OSB automatically defines active locations(tape devices) for all configured devices.

Rotation and Duplication Policies Automates Rotation of Tapes Between Locations Media Family Rotation Policy Tapes are moved between locations based on rotation policy Defines which locations the tapes will reside and duration at each location Trigger for when tapes eligible to move Optional: Associate a rotation and / or duplication policy to a media family Duplication Policy Defines which media family duplicate will use (same or different from original tapes) # of duplicate copies needed Trigger for when tapes eligible for duplication 26

Vaulting and Duplication Scan Schedules Rotates or Duplicates Eligible Tapes Per Policy Trigger(s) Defined Per Schedule Schedules: Each schedule has associated trigger Scans OSB catalog identifying eligible tapes for rotation or duplication per respective policies Multiple schedules may used with each designing different locations This example includes 3 triggers. 27

Vaulting Scan Schedule Identifies Tapes by Location and Media Family Locations Storage or Active Media Family Vaulting schedules may be defined: Globally Per location By media family (new in OSB 10.3) Based on vaulting schedule triggers, OSB scans the catalog to determine which tapes are eligible for rotation per the user-defined rotation policy. 28

Managing Tape Vaulting Vaulting scan generates a media movement job Vault Now, one-off scan outside of regular schedule New in OSB 10.3 Based on triggers associated with Vaulting Scan Schedules Media Movement job includes all tapes eligible for rotation per policy This job can run automatically or have pending status until run by user Each media movement job has associated pick and distribution report Reporting Pick and distribution reports Location, schedule and exception reports In transit and missing (as marked by user) reports New in OSB 10.3 29

Automated Tape Duplication Tape duplication may occur per policy or on one-off, on-demand basis Migrate option copies the tape then deletes the original Commonly used to reclaim space on VTL for backup jobs Seamlessly restore from original or duplicate tape OSB will automatically choose tape in closest physical proximity Original and duplicate tapes uniquely identified within OSB catalog Duplicate tapes may have the same or different retention and rotation schedule Duplicate X Media Family Original : X Media Family Duplicate Y Media Family 30

Server-less Tape Duplication VTL Physical Tape Library Traditional Tape Duplication Media Server Server-less Tape Duplication VTL Administrative Server New In OSB 10.3 Increased duplication performance Eliminates data movement through media server OSB catalog updated with metadata of duplicate tape VTL must support NDMP tape copy functionality Media Server Physical Tape Library Duplicated backup data Metadata, control messages 31

Policy-Based Media Management In Action 5-Week Tape Retention 2-Year Tape Retention Tapes duplicated to another media family may have different retention and rotation schedule than original tape 32

<Insert Picture Here> Summary: Enterprise Data Protection Multi-faceted Security Advanced Media Management 33

1 Reliable, built-in integration with Oracle 25 40% faster Oracle database backup to tape 2 Data protection for your entire IT environment 3 Why Oracle Secure Backup? Top 5 Reasons Advanced policy-based data protection management 4 75%+ less expensive than comparable products 5 34

35