Tuesday, 10 July 2012

RMAN Password Encryption


 You want to encrypt the backups made with RMAN in order to meet your organization’s security guidelines.By default,all RMAN backups are unencrypted but you can encrypt any RMAN backup in the form of a backup set.You can encrypt sets in two ways transparent encryption and password encryption.Here I’m going to show How to configure Password encryption.


Password Encryption :

RMAN perform encrypted backups by using the set encryption command. This method is called password encryption of backups since the DBA must provide a password both for creating an encrypted backup and for restoring an encrypted backup.


RMAN> set encryption on identified by vinay only;

executing command: SET encryption

Here I choosed one tablespace for encryption.

RMAN> configure encryption for tablespace users on;

tablespace USERS will be encrypted in future backup sets
new RMAN configuration parameters are successfully stored


RMAN> backup tablespace users;

Starting backup at 05-JUN-10
using channel ORA_DISK_1
channel ORA_DISK_1: starting full datafile backupset
channel ORA_DISK_1: specifying datafile(s) in backupset
input datafile fno=00004 name=/home/oracle/oracle/product/10.2.0/oradata/mydb/users01.dbf
channel ORA_DISK_1: starting piece 1 at 05-JUN-10
channel ORA_DISK_1: finished piece 1 at 05-JUN-10
piece handle=/home/oracle/oracle/product/10.2.0/db_1/flash_recovery_area/MYDB/backupset/2010_06_05/o1_mf_nnndf_TAG20100605T154958_60nkzpxn_.bkp tag=TAG20100605T154958 comment=NONE
channel ORA_DISK_1: backup set complete, elapsed time: 00:00:01
Finished backup at 05-JUN-10


RMAN> sql ‘alter tablespace users offline’;
sql statement: alter tablespace users offline


RMAN> restore tablespace users;
Starting restore at 05-JUN-10
allocated channel: ORA_DISK_1
channel ORA_DISK_1: sid=148 devtype=DISK

channel ORA_DISK_1: starting datafile backupset restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
restoring datafile 00004 to /home/oracle/oracle/product/10.2.0/oradata/mydb/users01.dbf
channel ORA_DISK_1: reading from backup piece/home/oracle/oracle/product/10.2.0/db_1/flash_recovery_area/MYDB/backupset/201_06_05/o1_mf_nnndf_TAG20100605T154958_60nkzpxn_.bkp
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of restore command at 06/05/2010 15:55:29
ORA-19870: error reading backup piece /home/oracle/oracle/product/10.2.0/db_1/flash_recovery_area/MYDB/backupset/2010_06_05/o1_mf_nnndf_TAG20100605T154958_60nkzpxn_.bkp
ORA-19913: unable to decrypt backup

So we need to set decryption.


RMAN> set decryption identified by vinay;
executing command: SET decryption


RMAN> restore tablespace users;

Starting restore at 05-JUN-10
using channel ORA_DISK_1

channel ORA_DISK_1: starting datafile backupset restore
channel ORA_DISK_1: specifying datafile(s) to restore from backup set
restoring datafile 00004 to /home/oracle/oracle/product/10.2.0/oradata/mydb/users01.dbf
channel ORA_DISK_1: reading from backup piece /home/oracle/oracle/product/10.2.0/db_1/flash_recovery_area/MYDB/backupset/2010_06_05/o1_mf_nnndf_TAG20100605T154958_60nkzpxn_.bkp
channel ORA_DISK_1: restored backup piece 1
piece handle=/home/oracle/oracle/product/10.2.0/db_1/flash_recovery_area/MYDB/backupset/2010_06_05/o1_mf_nnndf_TAG20100605T154958_60nkzpxn_.bkp tag=TAG20100605T154958
channel ORA_DISK_1: restore complete, elapsed time: 00:00:01
Finished restore at 05-JUN-10



RMAN> recover tablespace users;

Starting recover at 05-JUN-10
using channel ORA_DISK_1

starting media recovery
media recovery complete, elapsed time: 00:00:02

Finished recover at 05-JUN-10


RMAN> sql ‘alter tablespace users online’;

sql statement: alter tablespace users online

RMAN>



EXIT:-------------------- ? 

No comments: