Oracle® Secure Backup Reference Release 10.1 Part Number B14236-03 |
|
|
View PDF |
Defaults and policies are configuration data that control how Oracle Secure Backup operates within an administrative domain. These policies are grouped into several policy classes. Each policy class contains policies that describe a particular area of operations.
The policy classes are as follows:
These policies control aspects of the behavior of daemons and services. For example, you can specify whether logins should be audited and control how the index daemon updates the catalog.
The daemon policies are as follows:
Use the auditlogins
policy to audit attempts to log in to Oracle Secure Backup.
Values
yes
Enables the policy. All attempts to log in to Oracle Secure Backup are logged by the administrative observiced
to its log file.
no
Disables the policy (default).
Use the obixdmaxupdaters
policy to specify the maximum number of catalog update processes that can operate concurrently.
The Oracle Secure Backup index daemon (obixd
) is a daemon that manages the Oracle Secure Backup catalogs for each client. Oracle Secure Backup starts the index daemon at the conclusion of each backup and at other times throughout the day.
Values
n
Specifies the number of concurrent obixd
daemons to allow. The default is 2.
Use the obixdrechecklevel
policy to control the level of action by the Oracle Secure Backup index daemon to ensure that a host backup catalog is valid before making it the official catalog.
Values
structure
Specifies that the index daemon should verify that the structure of the catalog is sound after any updates to a backup catalog (default). This verification is a safeguard mechanism and is used to by the index daemon to double-check its actions after a catalog update.
content
Specifies that the index daemon should verify that the structure and content of the catalog is sound after any updates to a backup catalog. This is the most time-consuming as well as the most comprehensive method.
none
Specifies that the index daemon should take no extra action to affirm the soundness of the catalog after updates to the backup catalog. This is the fastest but also the least safe method.
Use the obixdupdaternicevalue
policy to set the priority at which the index daemon runs. The higher the value, the more of the CPU the index daemon yields to other competing processes. This policy is not applicable to Windows hosts.
Values
n
Specifies the index daemon priority. The default is 0, which means that the index daemon runs at a priority assigned by the system, which is normal process priority. You can use a positive value (1 to 20) to decrease the priority, thereby making more CPU time available to other processes. To give the daemon a higher priority, enter a negative number.
Use the webautostart
policy to specify whether the Apache Web server automatically starts when you restart observiced
.
Values
yes
Enables the policy.
Note:
The installation process setswebautostart
to yes
, which is not the default value.no
Disables the policy (default).
Use the webpass
policy to specify a password to be passed to the Web server.
If the Web server's SSL certificate requires a password (the "PEM pass phrase"), then entering it in this policy enables observiced
to pass it to the Oracle Secure Backup Web server when it is started. The password is used when decrypting certificate data stored locally on the administrative server and never leaves the machine.
Values
password
Specifies the password. By default no password is set.
Note:
The installation script configures a password for thewebpass
policy. You can change this password, although in normal circumstances you should not need to.Use the windowscontrolcertificateservice
to specify whether Oracle Secure Backup should attempt to put the Windows certificate service in the appropriate mode before backing up or recovering a certificate service database.
Values
yes
Specifies that Oracle Secure Backup should start the certificate service prior to a backup, stop it, and then restart the certificate service for a restore.
no
Disables the policy (default).
These policies control how devices are automatically detected during device discovery as well as when device write warnings are generated.
The device policies are as follows:
Use the discovereddevicestate
policy to determine whether devices discovered by the discoverdev command are immediately available for use by Oracle Secure Backup.
Values
in service
Specifies that discovered devices will be immediately available to Oracle Secure Backup.
not in service
Specifies that discovered devices are not available to Oracle Secure Backup until explicitly placed in service (default).
Use the errorrate
policy to set the error rate. The error rate is the ratio of recovered write errors that occur during a backup job per the total number of blocks written, multiplied by 100. If the error rate for any backup is higher than this setting, then Oracle Secure Backup displays a warning message in the backup transcript.
Values
n
Specifies the error rate to be used with the device. The default is 8
.
none
Disables error rate checking. You can disable error rate checking to avoid warning messages when working with a drive that does not support the SCSI commands necessary to check the error rate.
These policies control how Oracle Secure Backup generates and manages the catalog. For example, you can specify the amount of elapsed time between catalog cleanups.
The index policies are as follows:
Use the asciiindexrepository
policy to specify the directory where ASCII index files are saved prior to being imported into the Oracle Secure Backup catalog by the index daemon.
Values
pathname
Specifies the path name for the index files. The default path name is the admin/history/host/
hostname
subdirectory of the Oracle Secure Backup home.
Use the autoindex
policy to specify Oracle Secure Backup whether backup catalog data should be produced for each backup it performs.
Values
yes
Specifies that catalog data should be produced for each backup (default).
no
Specifies that catalog data should not be produced for each backup.
Use the earliestindexcleanuptime
policy to specify the earliest time of day at which catalogs are to be cleaned up. Cleanup activities should take place during periods of lowest usage of the administrative server.
Values
time
Specifies the time in hour and minutes. Refer to "time" for a description of the time placeholder. The default value is 23:00
.
Use the generatendmpindexdata
policy to specify whether Oracle Secure Backup should produce backup catalog information when backing up NDMP-accessible clients.
Values
yes
Specifies that catalog data should be produced for backups of NDMP clients (default).
no
Specifies that catalog data should not be produced for backups of NDMP clients.
Use the indexcleanupfrequency
policy to specify the amount of elapsed time between catalog cleanups. Typically, you should direct Oracle Secure Backup to clean up catalogs on a regular basis. This technique eliminates stale data from the catalog and reclaims disk space. Catalog cleanup is a CPU-intensive and disk I/O-intensive activity, but Oracle Secure Backup performs all data backup and restore operations without interruption when catalog cleanup is in progress.
Values
duration
Specifies the frequency of catalog cleanup operations. Refer to "duration" for a description of the duration placeholder. The default is 21days
, which means that Oracle Secure Backup cleans the catalog every three weeks.
Use the latestindexcleanuptime
policy to specify the latest time of day at which index catalogs can be cleaned up.
Values
duration
Specifies the latest index cleanup time. Refer to "time" for a description of the duration placeholder. The default value is 07:00
.
Use the maxindexbuffer
policy to specify a maximum file size for the local index buffer file.
Backup performance suffers if index data is written directly to an administrative server that is busy with other tasks. To avoid this problem, Oracle Secure Backup buffers index data in a local file on the client during the backup, which reduces the number of interactions that are required with an administrative server. This policy enables you to control the maximum size to which this buffer file can grow.
Values
buffersize
Specifies the buffer size in blocks of size 1 KB. The default value is 6144
, which is 6 MB. Setting the buffer size to 0 causes Oracle Secure Backup to perform no local buffering.
Use the saveasciiindexfiles
policy to determine whether to save or delete temporary ASCII files used by the index daemon.
When Oracle Secure Backup performs a backup, it typically generates index information that describes each file system object it saves. Specifically, it creates a temporary ASCII file on the administrative server in the admin/history/index/
client
subdirectory of the Oracle Secure Backup home. When the backup completes, the index daemon imports the index information into the index catalog file for the specified client.
Values
yes
Directs Oracle Secure Backup to retain each temporary ASCII index file. This option may be useful if you have written tools to analyze the ASCII index files and generate site-specific reports.
no
Directs Oracle Secure Backup to delete each temporary ASCII index file when the backup completes (default).
These policies control historical logging in the administrative domain. For example, you can specify which events should be recorded in the activity log on the administrative server: all, backups only, restore operations only, and so forth.
The log policies are as follows:
Use the adminlogevents
policy to specify the events to be logged in the activity log on the administrative server. Separate multiple event types with a comma. By default this policy is not set, which means that no activity log is generated.
Values
backup
Logs all backup events.
backup.commandline
Logs command-line backups that specify files to be backed up on the command line.
backup.bdf
Logs command-line backups that specify a backup description file.
backup.scheduler
Logs scheduled backups.
restore
Logs restore operations.
all
Logs everything specified by the preceding options.
Use the adminlogfile
policy to specify the path name for the activity log on the administrative server.
Values
pathname
Specifies the path name of a log file, for example, /var/log/admin_srvr.log
. By default this policy is not set, which means that no log file is generated.
Use the clientlogevents
policy to specify the events to be logged in the activity log on the client host.
Values
See the values for the adminlogevents policy. By default this policy is not set.
Use the jobretaintime
policy to set the length of time to retain job list history.
Values
duration
Retains the job history for the specified duration. The default is 30days
. Refer to "duration" for a description of the duration placeholder.
Use the logretaintime
policy to set the length of time to retain Oracle Secure Backup log files.
Several components of Oracle Secure Backup maintain log files containing diagnostic messages. This option lets you limit the size of these files, which can grow quite large. Oracle Secure Backup periodically deletes all entries older than the specified duration.
Values
duration
Retains the diagnostic logs for the specified duration. The default is 7days
. Refer to "duration" for a description of the duration placeholder.
Use the transcriptretaintime
policy to specify the length of time to retain Oracle Secure Backup job transcripts.
When the Oracle Secure Backup scheduler runs a job, it saves the job output in a transcript file. You can specify how long transcript files are to be retained.
Values
duration
Retains the job transcripts for the specified duration. The default is 7days
. Refer to "duration" for a description of the duration placeholder.
Use the unixclientlogfile
policy to specify the path name for log files on UNIX client hosts. Oracle Secure Backup logs each of the events selected for clientlogevents to this file on every UNIX client.
Values
pathname
Specifies the path name for the log files on UNIX clients. By default this policy is not set, which means that no log file is generated.
Use the windowsclientlogfile
to specify the path name for log files on Windows client hosts. Oracle Secure Backup logs each of the events selected for clientlogevents to this file on each Windows client.
Values
pathname
Specifies the path name for the log files on Windows clients. By default this policy is not set, which means that no log file is generated.
These policies control domain-wide media management. For example, you can specify a retention period for tapes that are members of the null media family.
The media policies are as follows:
Use the barcodesrequired
policy to determine whether tapes are required to have readable barcodes.
By default, Oracle Secure Backup does not discriminate between tapes with readable barcodes and those without. This policy ensures that Oracle Secure Backup can always solicit a tape needed for restore by using both the barcode and the volume ID. Use this feature only if all tape drives are contained in libraries with a working barcode reader.
Values
yes
Requires tapes to have readable barcodes.
no
Does not require tapes to have readable barcodes (default).
Use the blockingfactor
policy to define the size of every tape block written during a backup or restore operation. You can modify this value so long as it does not exceed the limit set by the maxblockingfactor policy.
Values
blocksize
Specifies the block factor in blocks of size 512 bytes. The default value is 128
, which means that Oracle Secure Backup writes 64 KB blocks to tape.
Use the maxblockingfactor
policy to define the maximum size of a tape block read or written during a backup or restore operation. Blocks over this size are not readable.
Values
maxblocksize
Specifies the maximum block factor in blocks of size 512 bytes. The default value is 128
, which represents a maximum block size of 64 KB. The maximum setting is 4096
, which represents a maximum tape block size of 2 MB. This maximum is subject to further constraints by device and operating system limitations outside of the scope of Oracle Secure Backup.
Use the overwriteblanktape
policy to specify whether Oracle Secure Backup should overwrite a blank tape.
Values
yes
Overwrites blank tapes (default).
no
Does not overwrite blank tapes.
Use the overwriteforeigntape
policy to specify whether Oracle Secure Backup should overwrite an automounted tape recorded in an unrecognizable format.
Values
yes
Overwrites tapes in an unrecognized format (default).
no
Does not overwrite tapes in an unrecognized format.
Use the overwriteunreadabletape
policy to specify whether Oracle Secure Backup should overwrite a tape whose first block cannot be read.
Values
yes
Overwrites unreadable tapes.
no
Does not overwrite unreadable tapes (default).
Use the volumeretaintime
policy to specify a retention period for tapes that are members of the null
media family.
Values
duration
Retains the volumes for the specified duration. The default is disabled
, which means that the volumes do not automatically expire. You can overwrite or unlabel the volume at any time. Refer to "duration" for a description of the duration placeholder.
Use the writewindowtime
policy to specify a write-allowed time for tapes that are members of the null
media family.
Values
duration
Retains the volumes for the specified duration. The default is disabled
, which means that the write window never closes. Refer to "duration" for a description of the duration placeholder.
This class contains a single policy, which specifies a WINS server for the administrative domain.
The naming policy is as follows:
Use the winsserver
policy to specify an IP address of a Windows Internet Name Service (WINS) server. The WINS server is used throughout the administrative domain.
Oracle Secure Backup provides the ability for UNIX systems to resolve Windows client host names through a WINS server. Setting this policy enables Oracle Secure Backup to support clients that are assigned IP addresses dynamically by WINS.
Values
wins_ip
Specifies a WINS server with the IP address wins_ip. By default this policy is not set.
These policies specify NDMP Data Management Agent (DMA) defaults. For example, you can specify a password used to authenticate Oracle Secure Backup to each NDMP server.
The NDMP policies are as follows:
Use the authenticationtype
policy to specify the means by which the Oracle Secure Backup NDMP client authenticates itself to an NDMP server.
You can change the authentication type for individual hosts by using the --ndmpauth
option of the mkhost and chhost commands.
Values
authtype
Specifies the authentication type. Refer to "authtype" for a description of the authtype placeholder. The default is negotiated
, which means that Oracle Secure Backup determines (with the NDMP server) the best authentication mode to use. Typically, you should use the default setting.
Use the backupev
policy to specify backup environment variables. Oracle Secure Backup passes each variable to the client host's NDMP data service every time it backs up NDMP-accessed data.
Note:
NDMP environment variables are specific to each data service. For this reason, specify them only if you are knowledgeable about the data service implementation.You can also select client host-specific environment variables, which are sent to the NDMP data service each time data is backed up from or recovered to the client host, by using the --backupev
and --restoreev
options of the mkhost and chhost commands.
Values
name=value
Specifies a backup environment variable name and value, for example, VERBOSE=y
. By default the policy is not set.
Use the backuptype
policy to specify a default backup type. Backup types are specific to NDMP data services; a valid backup type for one data service may be invalid, or undesirable, for another. By default Oracle Secure Backup chooses a backup type appropriate to each data service.
You can change the backup type for individual hosts by using the --ndmpbackuptype
option of the mkhost and chhost commands.
Values
ndmp-backup-type
Specifies a default backup type. Refer to "ndmp-backup-type" for a description of the ndmp-backup-type placeholder.
Use the password
policy to specify a password used to authenticate Oracle Secure Backup to each NDMP server.
You can change the NDMP password for individual hosts by using the --ndmppass
option of the mkhost and chhost commands.
Values
password
Specifies a password for NDMP authentication. By default this policy is not set, that is, the default password is null.
Use the port
policy to specify a TCP port number for use with NDMP.
You can change the TCP port for individual hosts by using the --ndmpport
option of the mkhost and chhost commands.
Values
port_num
Specifies a TCP port number. The default value for port_num is 10000
.
Use the protocolversion
policy to specify an NDMP protocol version.
Typically, you should let Oracle Secure Backup negotiate a protocol version with each NDMP server (default). If necessary for testing or some other purpose, you can change the NDMP protocol version with which Oracle Secure Backup communicates with this server. If an NDMP server is unable to communicate using the protocol version you select, then Oracle Secure Backup reports an error rather than using a mutually supported version.
You can change the NDMP protocol version for individual hosts by using the --ndmppver
option of the mkhost and chhost commands.
Values
protocol_num
Specifies a protocol number. Refer to "protover" for a description of the protover placeholder. The default is 0
, which means "as proposed by server."
Use the restoreev
policy to specify restore environment variables. Oracle Secure Backup passes each variable to the client host's NDMP data service every time it recovers NDMP-accessed data.
You can also select client host-specific environment variables, which are sent to the NDMP data service each time data is backed up from or recovered to the client host, by using the --backupev
and --restoreev
options of the mkhost and chhost commands.
Note:
NDMP environment variables are specific to each data service. For this reason, specify them only if you are knowledgeable with the data service implementation.Values
name=value
Specifies a backup environment variable name and value, for example, VERBOSE=y
. By default the policy is not set.
Use the username
policy to specify the name used to authenticate Oracle Secure Backup to each NDMP server.
You can change the NDMP username for individual hosts by using the --ndmpuser
option of the mkhost and chhost commands.
Values
username
Specifies a username for authentication on NDMP servers. The default is root
.
These policies control various backup and restore operations. For example, you can set the amount of time that an RMAN backup job waits in the Oracle Secure Backup scheduler queue for the required resources to become available.
The operations policies are as follows:
Use the autohistory
policy to specify whether Oracle Secure Backup updates backup history data every time a client host is backed up. This history data is used to form file selection criteria for incremental backups.
Values
yes
Updates backup history data when a client host is backed up (default). This history data is used to form file selection criteria for incremental backups.
no
Does not update backup history data when a client host is backed up.
Use the autolabel
policy to specify whether Oracle Secure Backup creates volume and backup image labels for a new backup image whenever it backs up data.
Values
yes
Enables label generation (default).
no
Disables label generation. You should not disable label generation unless directed by Oracle Support Services.
Use the backupimagerechecklevel
policy to specify whether Oracle Secure Backup performs block-level verification after each backup section is completed.
Oracle Secure Backup can optionally reread each block that it writes to tape during a backup job. It provides a second verification that the backup data is readable. The first check is performed by the tape drive's read-after-write logic immediately after the data is written.
Values
block
Performs block-level verification after each backup section is completed. Oracle Secure Backup backspaces the tape to the beginning of the backup section, reads the contents, and performs one of the following actions:
Leaves the tape positioned at the end of the backup section if it was the last section of the backup
Continues with volume swap handling if it has more data to write
Caution:
Choosingblock
substantially increases the amount of time it takes to back up data.none
Performs no verification (default).
Use the backupoptions
policy to specify additional options to apply to scheduler-dispatched backups. Whenever the scheduler initiates a backup, it supplies the specified command-line options to obtar
. For example, you can turn on diagnostic output mode in obtar
by setting this value to -J
.
These options apply only to backups initiated by the Oracle Secure Backup scheduler, not through the obtool
command-line interface.
Values
obtar-options
Specifies user-supplied obtar
options. See "obtar Options" for details on obtar
options. By default no options are set.
Note:
Whatever you enter is passed directly toobtar
, so be sure to specify valid options. Otherwise, your backup or restore jobs will fail to run.Use the fullbackupcheckpointfrequency
policy to specify checkpoint frequency, that is, how often Oracle Secure Backup takes a checkpoint during a full backup for restartable backups.
Values
n
MB
Takes a checkpoint after every n MB transferred to a volume.
n
GB
Takes a checkpoint after every n GB transferred to a volume. By default, Oracle Secure Backup takes a checkpoint for every 8 GB transferred to a volume.
Use the incrbackupcheckpointfrequency
policy to specify checkpoint frequency, that is, how often Oracle Secure Backup takes a checkpoint during a incremental backup for restartable backups.
Values
n
MB
Takes a checkpoint after every n MB transferred to a volume.
n
GB
Takes a checkpoint after every n GB transferred to a volume. By default, Oracle Secure Backup takes a checkpoint for every 2 GB transferred to a volume.
Choose the period at which Oracle Secure Backup will take a checkpoint during an incremental backup for any backup that is restartable. The value is represented in volume of bytes moved. (In the default case, a checkpoint is taken for each 8 GB transferred to a volume.)
Use the mailport
policy to specify the TCP/IP port number to which Oracle Secure Backup sends email requests from Windows hosts.
Values
port_num
Specifies a TCP/IP port number. The default value is 25
.
Use the mailserver
policy to specify the name of the host to which Oracle Secure Backup sends email requests from Windows hosts.
Values
hostname
Specifies a host name. The default value is localhost
.
Use the maxcheckpointrestarts
policy to specify the maximum number of times Oracle Secure Backup attempts to restart an operation from the same checkpoint. If this limit is reached, then Oracle Secure Backup discards the checkpoint and restarts the backup from the beginning.
Values
n
Specifies the maximum number of restarts. The default value is 5
.
Use the positionqueryfrequency
policy to specify a frequency at which Oracle Secure Backup obtains position information from the drive.
When obtar
generates an index while creating or indexing a backup image, it periodically obtains information from the drive. Oracle Secure Backup uses this information during subsequent restore jobs to rapidly position a tape to the requested files.
Values
n
Specifies the position query frequency in terms of KB transferred. The default value is 1024
(1 MB), which means that information is obtained after each 1 MB (1024*1024) of data is written to tape.
Use the restartablebackups
policy to specify whether the restartable backups feature is enabled. This feature enables Oracle Secure Backup to restart certain types of failed backups from a mid-point rather than from the beginning.
Values
yes
Enables restartable backups (default).
Note:
If you use the restartable backups feature, then ensure that the/tmp
directory on the administrative server is on a partition that maintains at least 1 GB of free space.no
Disables restartable backups.
Use the restoreoptions
policy to specify additional options to apply to scheduler-dispatched restore operations. Whenever the scheduler initiates a restore operation, it supplies the specified command-line options to obtar
. For example, you can turn on diagnostic output mode in obtar
by setting this value to -J
.
Values
obtar-options
Specifies user-supplied obtar
options. See "obtar Options" for details on obtar
options. By default no restore options are set.
Note:
Whatever you enter is passed directly toobtar
, so be sure to specify valid options. Otherwise, your backup or restore jobs will fail to run.Use the rmanresourcewaittime
policy to select the duration to wait for a resource.
When an RMAN job has been started and requires certain resources, the resources may not be available immediately. The rmanresourcewaittime
policy controls the amount of time that the job waits in the Oracle Secure Backup scheduler queue for the required resources to become available. If the resources are unavailable at the end of the wait time, then the job fails with an error message. If the resources become available within the specified time, then the job completes successfully.
Values
duration
Specifies the time to wait for a resource. Refer to "duration" for a description of the duration placeholder. Note that all values are valid except disabled
. The default is forever
.
Use the rmanrestorestartdelay
policy to select the amount of time to wait before starting a restore operation after a restore request has been received. You can use this delay to queue all requests and optimize the retrieval of data from tape.
Values
delay_time
Specifies the time to delay. Valid values are a number followed by seconds
, minutes
, or hours
. The default is 10seconds
.
Use the windowsskipcdfs
policy to determine whether Oracle Secure Backup should back up Windows CD-ROM file systems (CDFS).
Values
yes
Does not back up CDFS file systems (default).
no
Backs up the contents of CDFS file systems.
Use the windowsskiplockedfiles
policy to determine whether Oracle Secure Backup logs an error message when it encounters a locked Windows file. Files are locked when in use by another process.
Values
yes
Skips locked files and does not write a message to the transcript or archive's index file.
no
Logs an error message to the transcript and to the archive's index file (default).
These policies control the behavior of the scheduler. For example, you can specify a frequency at which the scheduler attempts to dispatch backup jobs.
The scheduler policies are as follows:
Use the applybackupsfrequency
policy to specify a frequency at which the Oracle Secure Backup scheduler attempts to dispatch jobs.
Values
duration
Specifies how often the scheduler dispatches jobs. Refer to "duration" for a description of the duration placeholder. Note that the forever
and disabled
values are not legal. The default value is 5minutes
, that is, Oracle Secure Backup attempts to dispatch jobs every five minutes.
Use the defaultstarttime
policy to specify the default start time for each new trigger. See the Oracle Secure Backup Administrator's Guide for a description of triggers.
Values
time
Specifies the default trigger start time. Refer to "time" for a description of the time placeholder. The default value is 00:00
(midnight).
Use the maxdataretries
policy to specify the maximum number of times to retry a failed client backup.
While attempting to back up a client, certain errors can occur that cause the backup to fail. (See the Oracle Secure Backup Administrator's Guide for a description of triggers.) Retryable failures include those caused by the client being unavailable because it is out of service or down, unable to communicate through the network, or has insufficient disk space for temporary backup files.
Values
n
Specifies the maximum number of times to retry. The default value is 6
.
Use the pollfrequency
policy to specify the frequency at which Oracle Secure Backup scans the contents of the scheduler catalog for manual changes.
Values
duration
Specifies the scheduler catalog polling frequency. Refer to "duration" for a description of the duration placeholder. Note that the forever
value is not legal. The default value is 30minutes
.
These policies control aspects of domain security. For example, you can enable SSL encryption for backup data in transit or set the key size for host identity certificates.
The security policies are as follows:
Use the autocertissue
policy to indicate whether observiced
on the administrative server will transmit signed certificates (certificate response messages) over the network as part of the mkhost command processing.
Values
yes
Transmits signed certificates over the network during host creation (default).
no
Does not transmit signed certificates over the network during host creation.
Use the certkeysize
policy to indicate the key size to be used when creating the public/private key pair used in identity certificates in the administrative domain. Certification Authorities typically choose key sizes of 1024
or 2048
.
Values
size
Specifies the size of the key in bytes. Valid values are 512
, 768
, 1024
(default), 2048
, 3072
, or 4096
. Key sizes of 512
or 768
are not regarded as secure; 1024
or 2048
are regarded as secure; and 3072
or 4096
are regarded as very secure.
Use the encryptdataintransit
policy to enable SSL encryption for file system and unencrypted RMAN backup data before it passes over the network. This policy does not enable or disable encryption for data at rest, that is, data stored on disk or tape.
Note that if RMAN backup data is already encrypted by RMAN, then this policy does not encrypt it again.
Values
yes
Enables encryption for bulk data transferred over the network (default).
no
Disables encryption for bulk data transferred over the network.
Use the loginduration
policy to specify the amount of time a login token remains valid in obtool
after it is created.
Oracle Secure Backup creates a login token each time you log in through the obtool
. If a valid token exists when you invoke either tool, then you do not have to log in again.
Values
duration
Specifies the duration of the login token. Refer to "duration" for a description of the duration placeholder. The default value is 15minutes
.