IN THE RMAN WINDOW, OBSERVE THE PROGRESS OF THE BACKUP; NOTE HOW THE FILES ARE DIVIDED BETWEEN THE TWO CHANNELS, EACH OF WHICH GENERATES ITS OWN BACKUP SET

6. In the RMAN window, observe the progress of the backup; note how the

files are divided between the two channels, each of which generates its own

backup set.

Encrypting Backups

In some environments there is a requirement for data to be encrypted. This can be

particularly important for backups, because they may be stored on removable media

over which the DBA has little or no control. RMAN can encrypt backups, but there are

two provisos:

• To create encrypted backups on disk, the Advanced Security Option must be

enabled. This is a separately licensed option that must be purchased on top

of the Enterprise Edition database license.

• To write encrypted backups directly to tape, the tape library must be accessed

through the Oracle Secure Backup SBT interface, which is a separate product

that must be licensed and configured for the tape library.

Encryption can be transparent or password based. Transparent data encryption,

which is the default, is based on the use of a wallet. This is a file containing the keys

used to encrypt and decrypt data, and is itself protected with a password. However,

the wallet can be configured to open automatically when needed. The wallet must

be available to the RMAN channel processes when creating or restoring backups; it

is therefore most useful when backups will always be created and restored on the

database on the same machine. A password-encrypted backup can be restored anywhere,

so long as the password is known. Each backup uses a different, randomly generated

key. This key is itself encrypted with either the specified password, or the database

master key stored in the wallet.

The available encryption algorithms are AES with keys of length 128 (the default),