My Resume
SINGLE POST

Article & News.

A Comprehensive Guide to Taking and Restoring an RMAN Backup with Password-Based Encryption in Oracle 19c

Introduction

Oracle 19c provides robust tools for database security and disaster recovery, and RMAN (Recovery Manager) plays a crucial role in this. One of the most secure ways to take an RMAN backup is to use Password-Based Encryption. This guide will take you step-by-step through creating an encrypted RMAN backup and restoring it securely. This is ideal for organizations that want to ensure their backups are secure and compliant with data protection regulations.

In this blog, we’ll cover:

  1. Setting up password-based encryption in RMAN.
  2. Taking a backup with multiple channels for efficiency.
  3. Restoring and recovering an encrypted RMAN backup.

 

Why Use Password-Based Encryption with RMAN?

Password-Based Encryption provides an extra layer of security by requiring a password to access and restore database backups. This ensures that only authorized individuals can recover sensitive data, even if backup files are compromised.

 

Step 1: Set Password-Based Encryption in RMAN

Before starting the backup process, set up password-based encryption in RMAN by specifying the encryption password.

rman TARGET /

RMAN> SET ENCRYPTION ON IDENTIFIED BY ‘Ss112233!!’ ONLY;

This command activates encryption using the specified password (Ss112233!!). The ONLY keyword specifies that this backup will use password-based encryption without relying on Oracle Wallet.

 

Step 2: Taking an RMAN Backup with Password-Based Encryption

Now that encryption is enabled, take a full RMAN backup. This example demonstrates how to allocate multiple channels for faster backup processing, store backups on disk, and include the full database, archived logs, SPFILE, and control file.

 

RUN
{
ALLOCATE CHANNEL c1 DEVICE TYPE disk;
ALLOCATE CHANNEL c2 DEVICE TYPE disk;
ALLOCATE CHANNEL c3 DEVICE TYPE disk;
ALLOCATE CHANNEL c4 DEVICE TYPE disk;

BACKUP AS COMPRESSED BACKUPSET FULL DATABASE FORMAT ‘/u01/rman_bkp/%d_%T_%s_%p_FULL’;
BACKUP FORMAT ‘/u01/rman_bkp/%d_%T_%s_%p_ARCHIVE’ ARCHIVELOG ALL;
BACKUP SPFILE FORMAT ‘/u01/rman_bkp/%d_%T_%s_%p_SPFILE’;
BACKUP CURRENT CONTROLFILE FORMAT ‘/u01/rman_bkp/%d_%T_%s_%p_CONTROL’;

RELEASE CHANNEL c1;
RELEASE CHANNEL c2;
RELEASE CHANNEL c3;
RELEASE CHANNEL c4;
}

 

  • The BACKUP AS COMPRESSED BACKUPSET command creates compressed backup sets for the full database and archived redo logs, saving disk space.
  • Each FORMAT string specifies a location and naming convention for backups, which includes database name (%d), date (%T), and unique identifiers (%s and %p).

 

Turn Off Encryption (Optional):

If you don’t need encryption for subsequent backups, disable it with:

 

RMAN> SET ENCRYPTION OFF;

 

Step 3: Restoring from an Encrypted RMAN Backup

3.1 Prepare for Restore with a Minimal PFILE

If the SPFILE is unavailable, create a basic PFILE for initialization.

  1. Navigate to the Oracle home directory

cd $ORACLE_HOME/dbs

 

Create a temporary init.ora file:

vi inittestdb.ora

 

Add the following line:

DB_NAME=testdb

 

3.2 Start the Database in NOMOUNT Mode Using the PFILE

Start the database instance in NOMOUNT mode with the temporary PFILE:

SQL> startup nomount pfile=’$ORACLE_HOME/dbs/inittestdb.ora’;

 

Step 4: Restore the SPFILE from Encrypted Backup

With the instance in NOMOUNT mode, restore the SPFILE. If the backup is encrypted, provide the decryption password.

 

RMAN> SET DECRYPTION IDENTIFIED BY ‘Ss112233!!’;
RMAN> RESTORE SPFILE FROM ‘/u01/rman_bkp/TESTDB_20241104_19_1_SPFILE’;

 

After restoring the SPFILE, restart the instance in NOMOUNT mode using the restored SPFILE.

SQL> SHUTDOWN IMMEDIATE;
SQL> STARTUP NOMOUNT;

 

Step 5: Restore the Control Files from Encrypted Backup

 

Set decryption password again to access encrypted backups:

RMAN> SET DECRYPTION IDENTIFIED BY ‘Ss112233!!’;

Restore the control file

RMAN> RESTORE CONTROLFILE FROM ‘/u01/rman_bkp/TESTDB_20241104_20_1_CONTROL’;

 

Mount the database:

RMAN> ALTER DATABASE MOUNT;

 

Step 6: Restore and Recover the Database

Finally, use multiple channels to restore and recover the database, optimizing the operation’s performance.

 

RUN
{
ALLOCATE CHANNEL c1 DEVICE TYPE disk;
ALLOCATE CHANNEL c2 DEVICE TYPE disk;
ALLOCATE CHANNEL c3 DEVICE TYPE disk;
ALLOCATE CHANNEL c4 DEVICE TYPE disk;

RESTORE DATABASE;
RECOVER DATABASE;

ALTER DATABASE OPEN RESETLOGS;

RELEASE CHANNEL c1;
RELEASE CHANNEL c2;
RELEASE CHANNEL c3;
RELEASE CHANNEL c4;
}

 

  • RESTORE DATABASE; restores the datafiles from the backup.
  • RECOVER DATABASE; applies any necessary archived redo logs to bring the database to a consistent state.
  • ALTER DATABASE OPEN RESETLOGS; opens the database, creating a new reset logs incarnation.

 

Share this article :
Facebook
Twitter
LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked *

Facebook Twitter Youtube

Pekanbaru

  • Home
  • About
  • Contact

Contact Me

sajjadiqbal444@gmail.com

+923044012152

Islamabad Pakistan

Sign up for newsletter

© 2024 SAJJAD IQBAL - ALL RIGHTS RESERVED