IBM Support

Oracle server database backup and restore requirements: IBM Spectrum Protect™ Plus V10.1.4

Preventive Service Planning


Abstract

This document details the Oracle Server database backup and restore requirements for IBM Spectrum Protect™ Plus Version 10.1.4.

Content

This document is divided into linked sections for ease of navigation. You may use the links below to jump to the section of the document that you require.
 

General
Configuration
Software
Connectivity
Authentication and Privileges
NFS
Database Discovery
Block Change Tracking
Log Backup
Sample Configuration of an IBM Spectrum Protect Plus Agent User
Ports
 


General

Before registering each Oracle server in IBM Spectrum Protect Plus, ensure it meets the following requirements.
 


Configuration

Database Versions

  • Oracle 11g R2

  • Oracle 12c R1

  • Oracle 12c R2

  • Oracle 18c

Note:  For multitenant databases in Oracle 12c and later, IBM Spectrum Protect Plus supports protection and recovery of the container database, including all pluggable databases (PDBs) under it. Granular recovery of specific PDBs can be performed by using an Instant Disk Restore recovery operation combined with RMAN.
 

Operating Systems

  • AIX 6.1 TL9 and later maintenance and mod levels

  • AIX 7.1 and later maintenance and mod levels

  • Red Hat Enterprise Linux / CentOS 6.5 and later maintenance and mod levels

  • Red Hat Enterprise Linux / CentOS 7.0 and later maintenance and mod levels

  • SUSE Linux Enterprise Server 11.0 SP4 and later maintenance and mod levels

  • SUSE Linux Enterprise Server 12.0 SP1 and later maintenance and mod levels

  • SUSE Linux Enterprise Server 15.0 and later maintenance and mod levels
     

Additional Notes

  • Oracle DataGuard is not supported.

  • Databases must be in ARCHIVELOG mode. IBM Spectrum Protect Plus cannot protect databases running in NOARCHIVELOG mode.

  • Real Application Cluster (RAC) database recoveries are not server pool-aware. IBM Spectrum Protect Plus can recover databases to a RAC, but not to specific server pools.

  • RAC databases must be configured such that the RMAN Snapshot Control File location points to shared storage accessible to all cluster instances.

  • When restoring an Oracle database that was configured for multi-threading at the time of backup, the restored database is non-multithreaded.  The restored database must be  manually re-configured to use multi-threading.


Software

  • The bash and sudo packages must be installed. Sudo must be version 1.7.6p2 or above. Run sudo -V to check the version.

  • Python V2.6 (any level) or V2.7 (any level) must be installed.

  • RHEL and CentOS 6 users only:
    Ensure that the util-linux-ng package is up-to-date by running: yum update util-linux-ng.
    Depending on your version or distribution, the package might be named util-linux.
     


Connectivity

  • The SSH service must be running on port 22 on the server and any firewalls must be configured to allow IBM Spectrum Protect Plus to connect to the server by using SSH. The SFTP subsystem for SSH must also be enabled.

  • The server can be registered by using a DNS name or IP address. DNS names must be resolvable by IBM Spectrum Protect Plus.

  • If DNS is not available, you must add the server to the /etc/hosts file on the IBM Spectrum Protect Plus appliance by using the command line.

  • When registering Oracle RAC nodes, register each node by using its physical IP or name. Do not use a virtual name or Single Client Access Name (SCAN).
     


Authentication and Privileges

  • The Oracle Server must be registered in IBM Spectrum Protect Plus using an operating system user that exists on the Oracle server. Hereafter, the user is referred to as the IBM Spectrum Protect Plus agent user.

  • Ensure that the password is correctly configured and that the user can log in without other prompts, such as prompts to reset the password.

The IBM Spectrum Protect Plus agent user must have the following privileges:

  • Privileges to run commands as root and as an Oracle software owner user (for example, oracle or grid) by using sudo. These privileges are required for tasks such as discovering storage layouts, mounting and unmounting disks, and managing databases and ASM.

    • The sudoers configuration must allow the IBM Spectrum Protect Plus agent user to run commands without a password.

    • The !requiretty setting must be set.

    • The ENV_KEEP setting must allow the ORACLE_HOME and ORACLE_SID environment variables to be retained.

  • Privileges to read the Oracle inventory. These privileges are required for tasks such as discovering and collecting information about Oracle homes and databases.
    To achieve this, the IBM Spectrum Protect Plus agent user must belong to the Oracle inventory group, typically named oinstall.

For information about creating a new user with necessary privileges, see Sample Configuration of an IBM Spectrum Protect Plus Agent User.
 


NFS

The Oracle server must have the native Linux or AIX NFS client installed. IBM Spectrum Protect Plus uses NFS to mount storage volumes for backup and restore operations.
For database restore operations, the Oracle Direct NFS feature is required. IBM Spectrum Protect Plus automatically enables Direct NFS if it is not already enabled.

For Direct NFS to work correctly, the executable <ORACLE_HOME>/bin/oradism under each Oracle home must be owned by root and have setuid privileges. This is typically pre-configured by the Oracle installer, but on certain systems, the binary might not have the required privileges. For more information, see the document with Doc ID 1430654.1 on the Oracle support website.

Run the following commands to set the correct privileges:

  • chown root:oinstall <ORACLE_HOME>/bin/oradism

  • chmod 750 <ORACLE_HOME>/bin/oradism

where oinstall specifies the group that owns the installation.


Database Discovery

IBM Spectrum Protect Plus discovers Oracle installations and databases by looking through the files /etc/oraInst.loc and /etc/oratab, as well as the list of running Oracle processes. If the files are not present in their default location, the "locate" utility must be installed on the system so that IBM Spectrum Protect Plus can search for the files.

IBM Spectrum Protect Plus discovers databases and their storage layouts by connecting to running instances and querying the locations of their datafiles, log files, and so on. In order for IBM Spectrum Protect Plus to correctly discover databases during cataloging and copy operations, databases must be in "MOUNTED," "READ ONLY," or "READ WRITE" mode. IBM Spectrum Protect Plus cannot discover or protect database instances that are shut down.


Block Change Tracking

IBM Spectrum Protect Plus requires Oracle Block Change Tracking to be enabled on protected databases in order to efficiently perform incremental backups. If Block Change Tracking is not already enabled, IBM Spectrum Protect Plus enables it automatically during the backup job.

To customize the placement of the Block Change Tracking file, you must manually enable the Block Change Tracking feature before running an associated backup job. If the feature is enabled automatically by IBM Spectrum Protect Plus, the following rules are used to determine the placement of the Block Change Tracking file:

  • If the db_create_file_dest parameter is set, the Block Change Tracking file is created in the location specified by this parameter.

  • If the db_create_file_dest parameter is not set, the Block Change Tracking file is created in the same directory as the SYSTEM table space.
     


Log Backup

  • The cron daemon must be enabled on the application server.

  • The IBM Spectrum Protect Plus agent user must have the necessary privileges to use the crontab command and create cron jobs. Privileges can be granted through the cron.allow configuration file.
     


Sample Configuration of an IBM Spectrum Protect Plus Agent User

The commands below are examples for creating and configuring an operating system user that IBM Spectrum Protect Plus will use to log in to the Oracle server. The command syntax may vary depending on your operating system type and version.

  • Create the user that will be designated as the IBM Spectrum Protect Plus agent user: useradd -m sppagent

  • Set a password: passwd sppagent

  • If using key-based authentication, place the public key in the /home/sppagent/.ssh/authorized_keys directory, or in the appropriate file depending on your sshd configuration, and ensure that the correct ownership and permissions are set, such as:
    chown -R sppagent:sppagent /home/sppagent/.ssh
    chmod 700 /home/sppagent/.ssh
    chmod 600 /home/sppagent/.ssh/authorized_keys

  • Add the user to the Oracle installation and OSDBA group: usermod -a -G oinstall,dba sppagent

  • If ASM is in use, also add the user to the OSASM group: usermod -a -G asmadmin sppagent

  • Place the following lines at the end of your sudoers configuration file, typically /etc/sudoers. If your existing sudoers file is configured to import a configuration from another directory (for example, /etc/sudoers.d), you can also place the lines in a new file in that directory:
    Defaults:sppagent !requiretty
    Defaults:sppagent env_keep+="ORACLE_HOME"
    Defaults:sppagent env_keep+="ORACLE_SID"
    sppagent ALL=(ALL) NOPASSWD:ALL
     


Ports

The following ports are used by IBM Spectrum Protect Plus agent users. Ports that are indicated with "Accept" in the Firewall Rule column use secure connections (HTTPS or SSL).

Incoming IBM Spectrum Protect Plus agent firewall connections
Port Protocol Firewall Rule Service Description
22 TCP Accept SSH Used for SSH data transfer to and from the internal vSnap server


 

Outgoing IBM Spectrum Protect Plus agent firewall connections
Port Protocol Service Description
111 TCP vSnap RPC Port Bind
Allows clients to discover ports that Open Network Computing (ONC) clients require to communicate with ONC servers
443 TCP HTTPS Allows the Oracle server to communicate with IBM Spectrum Protect Plus for sending alerts in case of log backup failures
2049 TCP vSnap NFS Used for NFS file sharing via vSnap
20048 TCP vSnap NFS Mount Mounts vSnap file systems on clients such as the VADP Proxy, application servers, and virtualization data stores



 

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSNQFQ","label":"IBM Spectrum Protect Plus"},"Component":"Not Applicable","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"}],"Version":"10.1.4","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}}]

Document Information

Modified date:
27 June 2019

UID

ibm10879069