6. In the RMAN window, observe the progress of the backup; note how the
files are divided between the two channels, each of which generates its own
backup set.
Encrypting Backups
In some environments there is a requirement for data to be encrypted. This can be
particularly important for backups, because they may be stored on removable media
over which the DBA has little or no control. RMAN can encrypt backups, but there are
two provisos:
• To create encrypted backups on disk, the Advanced Security Option must be
enabled. This is a separately licensed option that must be purchased on top
of the Enterprise Edition database license.
• To write encrypted backups directly to tape, the tape library must be accessed
through the Oracle Secure Backup SBT interface, which is a separate product
that must be licensed and configured for the tape library.
Encryption can be transparent or password based. Transparent data encryption,
which is the default, is based on the use of a wallet. This is a file containing the keys
used to encrypt and decrypt data, and is itself protected with a password. However,
the wallet can be configured to open automatically when needed. The wallet must
be available to the RMAN channel processes when creating or restoring backups; it
is therefore most useful when backups will always be created and restored on the
database on the same machine. A password-encrypted backup can be restored anywhere,
so long as the password is known. Each backup uses a different, randomly generated
key. This key is itself encrypted with either the specified password, or the database
master key stored in the wallet.
The available encryption algorithms are AES with keys of length 128 (the default),
Bạn đang xem 6. - OCA OCP ORACLE DATABASE 11G A LL IN ONE EXAM GUIDE P64 POTX