3.5 Backup, Recovery, and Security Management
The management tasks discussed in previous sections represent only a
portion of those that must be performed at a typical site. Many other
management tasks are ordinarily the responsibility of your
organization's database administrator (DBA).
However, backup, recovery, and security management are often the
responsibility of the Oracle Application Server administrator, so the
following sections will touch upon these tasks. For details, consult
the Oracle documentation.
3.5.1 Performing Backup and Recovery
Backing up your configuration and application
data in such a way that it can be recovered in the event of a failure
or error is an essential maintenance task for any administrator. When
you back up Oracle Application Server, make sure that your backup
procedures back up both Oracle Application Server itself and the
contents of the Oracle Application Server
infrastructure (if used); that
infrastructure is frequently housed in an Oracle database.A
complete backup of your Oracle
Application Server environment includes the following:Configuration files for the instance, the Oracle software files, and
system files.Contents of the OracleAS Metadata Repository (if used); remember that
the repository is an integral part of the infrastructure.Additional files associated with the Oracle environment, such as log
files, configuration files for the database, and other scripts and
information used by Oracle Application Server components.
Make sure that your backup plan includes backup steps for all this
information.3.5.1.1 Types of backup
As with the Oracle database, two basic types of
backup are available for Oracle
Application Server:Complete, or cold, backup
With this type of backup, you back up all
Oracle HOME directories in the middle tier, including the Oracle HOME
for the Oracle database used for the infrastructure, a complete cold
backup of the OracleAS Metadata Repository, and a complete backup of
all Oracle system files.
Online, or incremental, backup
With this type of backup, you back up only
the configuration files that have changed since the time of the last
backup and perform an online backup of the OracleAS Metadata
Repository.
With Oracle Application Server, as with any software, make sure to
perform periodic complete backups as well as more frequent
incremental backups. If you make a major change to your Oracle
Application Server environment, take that opportunity to perform a
complete backup to avoid losing the effects of this change.Oracle Application Server farms and clusters are managed using
DCM. You can use DCM directly or invoke it
via Application Server Control. The DCM requires a repository, either
in the database or as a set of files. If you use file-based DCM, you
also have to back up (and subsequently recover) the files used as
part of your backup procedure. These files are located on the
repository host for the cluster or farm. If you use a database for
the configuration information, standard backup procedures will also
back up this information.
|
The OracleAS Backup and Recovery Tool is a Perl
script that backs up
configuration files and
the Metadata Repository. This tool is included
on the OracleAS
Application Server Repository Creation Assistant (OracleAS RepCA) CD
set that comes with Oracle Application Server. The OracleAS Backup
and Recovery Tool automates the process of backing up all the
individual entities needed for a complete Oracle Application Server
backup, as described in the previous section.The OracleAS Backup and Recovery Tool has its own set of
configuration files that indicate which directories it uses to hold
the different portions of the backup. You need to install the tool
for each infrastructure and middle-tier server in your environment,
and edit the configuration for each instance of the tool. You can add
files, directories, or groups of files and directories (using
wildcards) to the configuration file.3.5.1.3 Backup
You can use the OracleAS Backup and Recovery Tool to perform either
complete or incremental backups of
configuration files, the OracleAS Metadata Repository, or both. You
can specify the level of an incremental backup, where each level
backs up the files that have changed since the time of the last
backup at the same level.The OracleAS Backup and Recovery Tool doesn't back
up or recover a OracleAS Metadata Repository that was added to an
existing database. You have to handle this database through standard
Oracle backup and recovery procedures in coordination with the BRT.3.5.1.4 Recovery
You can use
Oracle Application Server backups to
recover your installation, whether or not you have experienced a
failure that has corrupted the Metadata Repository.If the repository has been corrupted, you have to recover it to a
point in time just before the corruption occurred. If only
configuration files have been lost, you can simply restore them using
the OracleAS Backup and Recovery Tool. The Oracle Application Server
documentation contains complete instructions for using this tool, as
well as information that can help you determine which type of
recovery operation you need to perform.
3.5.2 Implementing Secure Access and Management
If you
are performing security management, you must have an appropriate
username and password to access the Application Server Control or Grid
Control tools:Application Server Control
Use the ias_admin username and supply your
assigned password to gain access to Application Server Control.
Grid Control
Use your Oracle Enterprise
Manager 10g username and password to gain access
to Grid Control.
|
Management Repository are stored in Oracle databases. Oracle database
administrators or database security
administrators typically uses a DBA
username (e.g., SYS) and connect as SYSDBA to start these database
instances and perform other operations. Doing so provides the
administrator with the necessary
privileges
(the rights to execute certain SQL statements) that have been
assigned to the DBA
roles
(named groups of privileges).Administrators who access Grid Control only for the purpose of
monitoring individual application servers may not be provided these
extended privileges or given login access to the Application Server
Control tool. The details, however, depend on how your organization
decides to maintain security and grant access.Most users of Oracle Application Server simply need
user authentication. For
large implementations, you may want to configure global
authentication across these distributed systems
for users and Grid Control administrators and their roles. Global
authentication allows you to maintain a single authentication list
for multiple distributed servers and to implement OracleAS Single
Sign-On.
|
user security and identity management in more detail. But for now, be
aware that in typical three-tier implementations,
Oracle Application Server runs some of the application logic, serves
as an interface between the clients and database servers, and
provides the Oracle Identity Management infrastructure. The Oracle
Internet Directory provides
directory services running as applications
against an Oracle database. The directory synchronization service,
provisioning integrated service, and delegated administrative service
are part of the Oracle Internet Directory. Security in
middle-tier applications is controlled by
applications'
privileges
and by preserving client identities through all three tiers. You can
use the Application Server Control tool to configure and change
configurations of the Oracle Internet Directory and OracleAS Single
Sign-On.