IBM Support

Oracle Database backup and restore requirements: IBM Spectrum Protect Plus 10.1.14

Preventive Service Planning


Abstract

This document details the Oracle Database backup and restore requirements for IBM Spectrum Protect Plus 10.1.14.

Content

This document is divided into linked sections. Use the following links to go to the section of the document that you require.



 

General

Beginning with IBM Spectrum Protect Plus 10.1.1, support was added for backing up and restoring Oracle Database data.
To read about new and changed features in different versions of IBM Spectrum Protect Plus 10.1, see What's new for IBM Spectrum Protect Plus.

Before you register an Oracle Server with IBM Spectrum Protect Plus, ensure that the system environment meets the following requirements.

IBM Spectrum Protect Plus support for third-party operating systems, applications, services, and hardware depend on the respective vendor. If a third-party product or version moves into extended support, self-service support, or end-of-life, IBM Spectrum Protect Plus supports the product or version at the same level as the vendor. See also IBM Support General Guidelines and Limitations - IBM support for software on unsupported operating systems



 

Configuration

Application versions

Table 1. Coverage matrix for application levels supported by IBM Spectrum Protect Plus
IBM Spectrum Protect Plus Oracle 11g R2*(1) Oracle 12c R1*(1) Oracle 12c R2*(1) Oracle 18c*(1) Oracle 19c*(1) Oracle 21c*(1)
10.1.1 -- -- --
10.1.2 -- -- --
10.1.3 -- --
10.1.4 -- --
10.1.5 --
10.1.6 --
10.1.7 --
10.1.8 --
10.1.9 --
10.1.10 --
10.1.11
10.1.12
10.1.13(2)
10.1.14

* The base release and later maintenance and modification levels are supported.
(1) Oracle Database supported edition: Enterprise Edition.
(2) Beginning with IBM Spectrum Protect Plus 10.1.13, transport encryption feature is supported on Oracle 19c and later.

Tip:  For multitenant databases in Oracle 12c and later, IBM Spectrum Protect Plus supports protection and recovery of the container database, including all pluggable databases (PDBs) within the container database. You can recover specific PDBs by using the Oracle Recovery Manager (RMAN) with an Instant Disk Restore recovery operation.


 

Operating systems

Table 2. Coverage matrix for supported operating systems on IBM PowerPC
IBM Spectrum Protect Plus IBM AIX 6.1 TL9* IBM AIX 7.1* IBM AIX 7.2* IBM AIX 7.3*
10.1.1 -- --
10.1.2 -- --
10.1.3 -- --
10.1.4 -- --
10.1.5 -- --
10.1.6 -- --
10.1.7 --
10.1.8 --
10.1.9 --
10.1.10 --
10.1.11 --
10.1.12 --
10.1.13 --
10.1.14

* The base release and later maintenance and modification levels are supported.
Note: Transport encryption feature is not supported on the AIX® systems. For more information, see the restrictions section.


 

Table 3. Coverage matrix for supported Linux® x86_64 operating systems
IBM Spectrum Protect Plus RHEL 6.5* RHEL 7.0* RHEL 8.0* CentOS 6.5* CentOS 7.0* CentOS 8.0*(1) SLES 11.0 SP4* SLES 12.0 SP1* SLES 15.0*
10.1.1 -- -- --
10.1.2 -- -- --
10.1.3 -- -- --
10.1.4 -- --
10.1.5 -- --
10.1.6
10.1.7
10.1.8
10.1.9
10.1.10
10.1.11
10.1.12
10.1.13
10.1.14

* The base release and later maintenance and modification levels are supported.
(1) CentOS Linux 8 reached end of life (EOL) on 31 December 2021, see  CentOS Linux EOL. IBM Spectrum Protect Plus is not supported on the next CentOS version (CentOS Stream 8).


 

Restrictions

  • Oracle Data Guard is not supported.
  • Databases must be in ARCHIVELOG mode. IBM Spectrum Protect Plus cannot protect databases running in NOARCHIVELOG mode.
  • Oracle Database must be running to be protected by IBM Spectrum Protect Plus.
  • Only multi-node Oracle Real Application Clusters (RAC not configured as RAC One Node) database is supported.
  • Real Application Cluster (RAC) database recovery operations are not server pool-aware. IBM Spectrum Protect Plus can recover databases to a RAC, but not to specific server pools.
  • RAC databases must be configured so that the RMAN Snapshot Control File location points to shared storage that is accessible to all cluster instances.
  • When you restore an Oracle Database that was configured for multithreading at the time of backup, the restored database is not multithreaded. The restored database must be manually reconfigured to use multithreading.
  • Point-in-time recovery is not supported when one or more data files are added to the database in the period between the chosen point in time and the time when the preceding backup job ran.
  • Transport encryption feature is not supported on the following databases and operating systems:
    • Oracle 11g R2, Oracle 12c R1, Oracle 12c R2, Oracle 18c
    • AIX, CentOS 6.5, RHEL 6.5, CentOS 7, RHEL 7, CentOS 8, SLES 11, and SLES 12.


 

Network File System (NFS)

If transport encryption is not enabled, the Oracle Server must have the Linux or AIX NFS client installed. IBM Spectrum Protect Plus uses NFS to mount storage volumes for backup and restore operations.
For database restore operations, the Oracle Direct NFS feature is required. If it is not already enabled, IBM Spectrum Protect Plus automatically enables Direct NFS.

For Direct NFS to work correctly, the executable file, oracle_home/bin/oradism, in each Oracle home directory must be owned by the root user and have setuid privileges. Typically, the binary file is preconfigured by the Oracle installer, but on certain systems, this binary file might not have the required privileges. To set the correct privileges, you must run appropriate commands. In the following examples, OINSTALL specifies the group that owns the installation, and ORACLE_HOME specifies the Oracle home directory.

    chown root:oinstall oracle_home/bin/oradism
    chmod 750 oracle_home/bin/oradism


 

Database discovery

IBM Spectrum Protect Plus discovers Oracle installations and databases by searching the /etc/oraInst.loc and /etc/oratab files and the list of running Oracle processes. If the files are not in their default location, the locate utility must be installed on the system so that IBM Spectrum Protect Plus can search for the files.

IBM Spectrum Protect Plus discovers databases and their storage layouts by connecting to running instances and querying the locations of their data files, log files, and other files. In order for IBM Spectrum Protect Plus to correctly discover databases during cataloging and copy operations, databases must be in MOUNTED, READ ONLY, or READ/WRITE mode. IBM Spectrum Protect Plus cannot discover or protect database instances that are shut down.

If a database is set to automatically start, but the database is not running at the time of discovery, then the discovery process is partially complete. In this situation, databases that no longer exist might appear in the IBM Spectrum Protect Plus user interface. To resolve the issue, either start the database or set the autostart column to N for that database in the/etc/oratab file.


 

Block change tracking

IBM Spectrum Protect Plus requires Oracle block change tracking to be enabled on protected databases to efficiently run incremental backups. If block change tracking is not already enabled, IBM Spectrum Protect Plus enables it automatically during the backup job.

To customize the placement of the block change tracking file, you must manually enable the block change tracking feature before you run an associated backup job. If the feature is enabled automatically by IBM Spectrum Protect Plus, the following rules are used to determine the placement of the block change tracking file:

  • If the db_create_file_dest parameter is set, the block change tracking file is created in the location that is specified by this parameter.
  • If the db_create_file_dest parameter is not set, the block change tracking file is created in the same directory as the SYSTEM table space.
     



 

Software

  • The bash and sudo packages must be installed. Sudo must be at version 1.7.6p2 or later. Run sudo -V to check the version.
    Tip: The required bash and sudo packages are included in the supported Linux x86_64 operating system installation packages.
  • Install the most recent Oracle Server fixes and updates in your environment.
  • Ensure that a supported version of Linux x86_64 or AIX is installed with the most recent fixes and updates.
  • The International Components for Unicode (libicu).rpm package must be installed for the corresponding version of your operating system.
  • Ensure that the user limit value ulimit -f is set to unlimited, for the IBM Spectrum Protect Plus agent user and the Oracle instance user. Alternatively, set the value to a sufficiently high value to allow copying of the largest database files in your backup and restore jobs. If you change the ulimit setting, restart the Oracle instance to finalize the configuration.
  • In a Linux environment, depending on your version or distribution, ensure that the Linux utility package util-linux-ng or util-linux is current.
  • RHEL and CentOS 6 users: To ensure that the util-linux-ng or util-linux package is current, run the following command: 
        yum update package_name
    Where package_name is the name of the Linux utility package.
  • Linux users: Before you enable transport encryption, ensure that the cifs-utils package is installed on the applications host.
  • Ensure the files $ORACLE_HOME/ContentsXML/inventory.xml and $ORACLE_HOME/inventory/ContentsXML/comps.xml are present in the Oracle Home directory on each Oracle database that needs to be protected, and that those files are valid XML.



 

Connectivity

Ensure that your system environment meets the following connectivity requirements:

  • The secure file transfer protocol (SFTP) subsystem for Secure Shell (SSH) is enabled and functional.
  • The Secure Shell (SSH) service is running on port 22 on the Oracle Server.
    Note: During registration, either ChallengeResponseAuthentication option must be set to no or LoginGraceTime parameter must greater than 0. If one of those conditions is not met, the public key retrieval hangs.
  • The SSH host key must be one of the following algorithms: ssh-dsa, ssh-rsa, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, or ecdsa-sha2-nistp521.
  • Firewalls are configured to allow IBM Spectrum Protect Plus to connect to the Oracle server by using SSH.
  • Firewalls must be configured to enable the Oracle Server to communicate with IBM Spectrum Protect Plus server by using HTTPS through port 443.
  • When transport encryption is not enabled, IBM Spectrum Protect Plus uses the Network File System (NFS) protocol to mount storage volumes for backup and restore operations. Ensure that the Linux NFS client is installed on the Oracle Server.
  • When transport encryption is enabled, the Server Message Block (SMB) or the Common Internet file system (CIFS) protocol to mount storage volumes for backup and restore operations. On Linux, ensure that the Linux SMB client is installed.
  • All servers, proxies, applications, and hypervisors that are added to the IBM Spectrum Protect Plus environment must be registered by using a Domain Name System (DNS) name or Internet Protocol (IP) address.
  • If DNS names are used, they must be resolvable over the network by the IBM Spectrum Protect Plus server and from the vSnap server. All IBM Spectrum Protect Plus components must also be resolvable by their DNS names.
  • If DNS is not available, you must add the server to the /etc/hosts file on the IBM Spectrum Protect Plus server by using the command line.
  • The IP address or hostname must be used to register Oracle RAC nodes. Ensure that the Oracle RAC nodes must be from primary network device to allow the IBM Spectrum Protect Plus appliance to know which nodes are part of the cluster.
    Note: Do not use a virtual name or Single Client Access Name (SCAN) to register Oracle RAC nodes
  • The Oracle Server must have a consistent fully qualified domain name (FQDN) or the user must set the overrideHostname flag to the wanted FQDN in the unixagent section of the /etc/guestapps.conf file.



 

Authentication and privileges

Authentication

  • The Oracle Server must be registered with IBM Spectrum Protect Plus by using an operating system user that exists on the Oracle Server. The user is then referred to as the IBM Spectrum Protect Plus agent user.
  • Ensure that the root user password is correctly configured and that the user can log in without other prompts, such as prompts to reset the password.


 

Privileges

To use an Oracle Server, an IBM Spectrum Protect Plus agent user must have the following permissions:

  • Privileges to run commands as the root user and as an Oracle software owner user (for example, oracle or grid) by using sudo. These privileges are required for tasks such as discovering storage layouts, mounting and unmounting disks, and managing databases and Automatic Storage Management (ASM).
    • The sudoers configuration must allow the IBM Spectrum Protect Plus agent user to run commands without a password.
    • The !requiretty setting must be specified.
    • The ENV_KEEP setting must allow the ORACLE_HOME and ORACLE_SID environment variables to be retained.
  • Privileges to read the Oracle inventory. These privileges are required for tasks such as discovering and collecting information about Oracle home directories and databases.
    To achieve these privileges, the IBM Spectrum Protect Plus agent user must belong to the Oracle inventory group, typically named oinstall.

Use the following sample configuration to create a dedicated IBM Spectrum Protect Plus agent user with the required privileges.
Note: The following commands are examples for creating and configuring an operating system user that IBM Spectrum Protect Plus uses to log in to the Oracle Server. The command syntax might vary depending on your operating system type and version.

  • Create the user that is designated as the IBM Spectrum Protect Plus agent user: 
        useradd -m sppagent
    Where sppagent specifies the IBM Spectrum Protect Plus agent user.
  • Set a password: 
        passwd sppagent_password
    Where sppagent_password specifies the agent password.
  • If you are using key-based authentication, place the public key in the /home/sppagent/.ssh/authorized_keys directory, or in the appropriate file, depending on your sshd configuration, and ensure that the correct ownership and permissions are set. The commands are structured as shown in the following example: 
        chown -R sppagent:sppagent /home/sppagent/.ssh  
chmod 700 /home/sppagent/.ssh  
chmod 600 /home/sppagent/.ssh/authorized_keys
  • Add the user to the Oracle installation and to the operating system (OSDBA) group: 
        usermod -a -G oinstall,dba sppagent
  • If you plan to use ASM, also add the user to the OSASM group: 
        usermod -a -G asmadmin sppagent
  • Place the following lines at the end of the sudoers configuration file, typically /etc/sudoers. If the existing sudoers file is configured to import a configuration from another directory (for example, /etc/sudoers.d), you can also add the following lines to new file in that directory: 
        Defaults:sppagent !requiretty  
Defaults:sppagent env_keep+="ORACLE_HOME"  
Defaults:sppagent env_keep+="ORACLE_SID"  
sppagent ALL=(ALL) NOPASSWD:ALL



 

Prerequisites and operations

Prerequisites

Ensure that the Software, Connectivity, and Authentication and privileges requirements are met.

With transport encryption, you can securely transfer data between application host and vSnap during backup and restore. The transport encryption option is not enabled by default. To enable the transport encryption option, see Configuring advanced storage options.


 

Operations

Before you start a backup or restore operation, take the following actions:

  • Register the providers that you want to back up. For more information, see Adding an Oracle application server.
  • Configure a service level agreement (SLA) policy.
  • Assign appropriate roles and resource groups to users who are running backup and restore operations. Grant users access to resources and roles by using the Accounts pane.

Review the following information about creating backup and restore jobs:

  • You can use backup jobs to back up Oracle environments with snapshots. Review the information in Backing up Oracle data.
  • You can use restore jobs to restore an Oracle environment from snapshots. IBM Spectrum Protect Plus creates a vSnap clone from the version that is selected during the job definition creation and creates an NFS share. The IBM Spectrum Protect Plus agent then mounts the share on the Oracle Server where the restore job is to be run. For Oracle Real Application Clusters (RAC), the restore job is run on all nodes in the cluster. Review the information in Restoring Oracle data.

For an overview about protecting Oracle databases with IBM Spectrum Protect Plus, see Protecting Oracle.


 

Log backup

  • The cron daemon process must be enabled on the application server.
  • The IBM Spectrum Protect Plus agent user must have the necessary privileges to use the crontab command and create cron jobs. Privileges can be granted in the cron.allow configuration file.



 

Ports

The following ports are used by IBM Spectrum Protect Plus agent users.

Table 4. Communication ports when the target is an IBM Spectrum Protect Plus agent
Port Protocol Initiator Target Description
22 Transmission Control Protocol (TCP) IBM Spectrum Protect Plus server Oracle Server Provides access to troubleshoot and maintain remote proxy host servers running guest application components by using the SSH protocol.


 

Table 5. Communication ports when the initiator is an IBM Spectrum Protect Plus agent user
Port Protocol Initiator Target Description
111 TCP and User Datagram Protocol (UDP) Oracle Server vSnap server Used for NFS data transfer to and from file systems mounted from vSnap servers during backup and restore operations when transport encryption is not enabled.
443 TCP Oracle Server IBM Spectrum Protect Plus server Port that allows the agent to communicate with IBM Spectrum Protect Plus for sending alerts if log backup fail.
445 TCP Oracle Server vSnap server Used for SMB or CIFS data transfer to and from file systems mounted from vSnap servers during backup and restore operations when transport encryption is enabled. 
2049 TCP and UDP Oracle Server vSnap server Used for NFS data transfer to and from file systems mounted from vSnap servers during backup and restore operations when transport encryption is not enabled.
20048 TCP and UDP Oracle Server vSnap server Used for NFS data transfer to and from file systems mounted from vSnap servers during backup and restore operations when transport encryption is not enabled.

Ports update: Port 445: Beginning with IBM Spectrum Protect Plus 10.1.13 and later this port with target vSnap server is used when transport encryption is enabled.



 

Hardware

Table 6. Minimum hardware requirements
System Disk space
Compatible hardware that is supported by the operating system and Oracle Server A minimum of 100 MB under /tmp and 100 MB under /opt is required for product installation.



 

[{"Type":"MASTER","Line of Business":{"code":"LOB26","label":"Storage"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSNQFQ","label":"IBM Spectrum Protect Plus"},"ARM Category":[{"code":"a8m3p000000h9Z4AAI","label":"HW\/SW Requirements"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"10.1.14"}]

Document Information

Modified date:
16 March 2023

UID

ibm16952277

Page Feedback