Oracle
手动打开钱夹
alter system set wallet open identified by oracle1234;
查看钱夹状态
select * from vencryption_wallet;
显示当前数据库的加密算法:
SQL> select * from v$rman_encryption_algorithms;
RMAN> show encryption algorithm;
using target database control file instead of recovery catalog
RMAN configuration parameters are:
CONFIGURE ENCRYPTION ALGORITHM ‘AES128’; # default
RMAN中更改加密算法:
RMAN> configure encryption algorithm ‘AES192’;
口令模式加密
该加密方式通过在生成备份集是设置口令,在使用备份集时设置解密口令来实现对备份集的加密,适合转存备份集时使用。
设置备份口令:
RMAN> set encryption on identified by ‘oracle’ only;
executing command: SET encryption
备份整个数据库
RMAN> backup database;
指定解密密码
RMAN> set decryption identified by ‘oracle’;
executing command: SET decryption
还原整个数据库
restore database;
数据文件备份如下:
RMAN> list backup of database;
删除所有以前的备份
RMAN> delete backup;
Oracle Wallet加密策略
wallet加密备份和恢复
该方式通过本地配置Wallet来实现本地备份集的安全,该加密方式适用于本地的备份安全维护。
Oracle Wallet是一种加密安全策略,过去我们在TDE(Oracle透明加密)部分研究过这个组件。简单的说,Oracle Wallet就是在本机上配置一个加密配置文件,通过SQL命令控制Oracle Wallet的开启关闭状态,如果Wallet关闭或者不存在,那么一些加密的信息(包括TDE和RMAN备份集合)数据就不能正常打开。
使用Oracle Wallet应用在RMAN备份中,可以实现类似的透明策略。而且,备份集合只能在相同的服务器(借助Wallet文件)才能正确打开。
开启tde加密备份
RMAN> configure encryption for database on;
RMAN> set encryption on;
备份整个数据库
RMAN> backup database;
还原整个数据库
restore database;
密码方式+压缩备份
设置备份口令:
RMAN> set encryption on identified by ‘oracle’ only;
executing command: SET encryption
备份整个数据库
RMAN> backup as compressed backupset database;
不支持
ORA-19836: cannot use passphrase encryption for this backup
指定解密密码
RMAN> set decryption identified by ‘oracle’;
executing command: SET decryption
还原整个数据库
restore database;
数据文件备份如下:
RMAN> list backup of database;
删除所有以前的备份
RMAN> delete backup;
配置压缩功能
基本的压缩算法是免费的,在11G R2 中,可以配置下面的压缩算法,前提是你有相关的许可证,因为这个不是免费的。下面分别对配置了三种算法,并最后清除刚才的配置回到默认配种
RMAN> show COMPRESSION ALGORITHM;
b_unique_name 为 CYANG 的数据库的 RMAN 配置参数为:
CONFIGURE COMPRESSION ALGORITHM ‘BASIC’ AS OF RELEASE ‘DEFAULT’ OPTIMIZE FOR LOAD TRUE ; # default
三种压缩算法
RMAN> configure COMPRESSION ALGORITHM ‘HIGH’;
RMAN> configure COMPRESSION ALGORITHM ‘MEDIUM’;
RMAN> configure COMPRESSION ALGORITHM ‘LOW’;
恢复默认值
RMAN> configure COMPRESSION ALGORITHM clear;
CONFIGURE COMPRESSION ALGORITHM ‘LOW’ AS OF RELEASE ‘DEFAULT’ OPTIMIZE FOR LOAD TRUE;
RMAN 配置参数已成功重置为默认值
tde方式+压缩备份
开启tde加密备份
RMAN> configure encryption for database on;
RMAN> set encryption on;
备份整个数据库
RMAN> backup as compressed backupset database;
还原整个数据库
restore database;
压缩备份方式
alter system set wallet open identified by oracle1234;
查看钱夹状态
select * from v$encryption_wallet;
备份整个数据库
RMAN> backup as compressed backupset database;
backup as compressed backupset tablespace UNDOTBS1;
backup as compressed backupset tablespace jms;
还原整个数据库
restore database;
数据文件备份如下:
RMAN> list backup of database;
删除所有以前的备份
RMAN> delete backup;
修改控制文件备份方式为自动备份
RMAN> configure controlfile autobackup on;
backup as compressed backupset database include current controlfile;
控制文件恢复
restore controlfile from autobackup;
RMAN> backup as compressed backupset database; --压缩备份数据库
RMAN> backup database include current controlfile; --备份数据库并备份控制文件
alter database open resetlogs;
混合加密策略其实就是前面两种策略的集合。如果本地备份恢复,就可以使用wallet进行透明操作。如果是异地恢复,可以使用密码策略。
首先设置encryption参数。
RMAN> set encryption off;
RMAN> set encryption on identified by “test”; --注意:此处没有only了。
recover database using backup controlfile until cancel;
SQL>alter database open resetlogs;
