下面我们来看看一个oracle中rman备份集加密的方法,希望这个例子能帮助到各位朋友了.数据的安全越来越重要,不是说你的生产库安全,你的数据就一定安全了,rman备份也是泄露数据的一个重要地方,如果别人拿到了你的备份集,一样等同入侵了你的生产库。

为了rman备份的安全,最简单方式就是使用set encryption方式在rman备份过程中设置密码,需要版本为10.2及其以后企业版版,另外如果需要备份到带库只能使用oracle自己的osb(Oracle Secure Backup),注意rman只有backupset可以加密,copy无法进行加密数据库版本SQLselect* from v$version;BANNER--------------------------------------------------------------------------------Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit ProductionPL/SQL Release 11.2.0.4.0 - ProductionCORE 11.2.0.4.0 ProductionTNS for Linux: Version 11.2.0.4.0 - ProductionNLSRTL Version 11.2.0.4.0 - ProductionSQL show parameter compatibleNAME TYPE VALUE------------------------------------ ----------- ------------------------------compatible string 11.2.0.4.0支持rman加密算法SQL select ALGORITHM_NAME 2 from V$RMAN_ENCRYPTION_ALGORITHMS;ALGORITHM_NAME----------------------------------------------------------------AES128AES192AES256调整加密算法RMAN show ENCRYPTION ALGORITHM;RMAN configuration parameters for database with db_unique_name ORCL are:CONFIGURE ENCRYPTION ALGORITHM 'AES128'; # defaultRMAN CONFIGURE ENCRYPTION ALGORITHM 'AES256';new RMAN configuration parameters:CONFIGURE ENCRYPTION ALGORITHM 'AES256';new RMAN configuration parameters are successfully storedRMAN show ENCRYPTION ALGORITHM;using target database control file instead of recovery catalogRMAN configuration parameters for database with db_unique_name ORCL are:CONFIGURE ENCRYPTION ALGORITHM 'AES256';创建新测试数据文件我们这里测试的是对新创建的5号文件进行加密备份和还原SQL select name from v$datafile;NAME--------------------------------------------------------------------------------/u01/app/oracle/oradata/orcl/system01.dbf/u01/app/oracle/oradata/orcl/sysaux01.dbf/u01/app/oracle/oradata/orcl/undotbs01.dbf/u01/app/oracle/oradata/orcl/users01.dbfSQL create tablespace rman_xifenfei datafile 2 '/u01/app/oracle/oradata/orcl/xifenfei01.dbf' size 100M;Tablespace created.SQL select file#,name from v$datafile; FILE# NAME---------- -------------------------------------------------- 1 /u01/app/oracle/oradata/orcl/system01.dbf 2 /u01/app/oracle/oradata/orcl/sysaux01.dbf 3 /u01/app/oracle/oradata/orcl/undotbs01.dbf 4 /u01/app/oracle/oradata/orcl/users01.dbf 5 /u01/app/oracle/oradata/orcl/xifenfei01.dbfSQL create table chf.t_xifenfei tablespace rman_xifenfei 2 as select * from dba_objects;Table created.SQL select count(*) from chf.t_xifenfei; COUNT(*)---------- 86721rman加密备份RMAN set encryption on identified by 'www.111cn.net' only;executing command: SET encryptionRMAN backup datafile 5;Starting backup at 28-JAN-15allocated channel: ORA_DISK_1channel ORA_DISK_1: SID=5 device type=DISKchannel ORA_DISK_1: starting full datafile backup setchannel ORA_DISK_1: specifying datafile(s) in backup setinput datafile file number=00005 name=/u01/app/oracle/oradata/orcl/xifenfei01.dbfchannel ORA_DISK_1: starting piece 1 at 28-JAN-15channel ORA_DISK_1: finished piece 1 at 28-JAN-15piece handle=/u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp tag=TAG20150128T230115 comment=NONEchannel ORA_DISK_1: backup set complete, elapsed time: 00:00:01Finished backup at 28-JAN-15准备恢复测试RMAN sql 'alter database datafile 5 offline';sql statement: alter database datafile 5 offline[oracle@localhost ~]$ rm /u01/app/oracle/oradata/orcl/xifenfei01.dbf[oracle@localhost ~]$ ls /u01/app/oracle/oradata/orcl/xifenfei01.dbfls: /u01/app/oracle/oradata/orcl/xifenfei01.dbf: No such file or directoryrman恢复测试[oracle@localhost ~]$ rman target /Recovery Manager: Release 11.2.0.4.0 - Production on Wed Jan 28 23:02:24 2015Copyright (c) 1982, 2011, Oracle and/or its affiliates. All rights reserved.connected to target database: ORCL (DBID=1378620768)RMAN list backup of datafile 5;using target database control file instead of recovery catalogList of Backup Sets===================BS Key Type LV Size Device Type Elapsed Time Completion Time------- ---- -- ---------- ----------- ------------ ---------------1 Full 10.94M DISK 00:00:01 28-JAN-15 BP Key: 1 Status: AVAILABLE Compressed: NO Tag: TAG20150128T230115 Piece Name: /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp List of Datafiles in backup set 1 File LV Type Ckp SCN Ckp Time Name ---- -- ---- ---------- --------- ---- 5 Full 54057180 28-JAN-15 /u01/app/oracle/oradata/orcl/xifenfei01.dbf--未输入密码RMAN restore datafile 5;Starting restore at 28-JAN-15allocated channel: ORA_DISK_1channel ORA_DISK_1: SID=492 device type=DISKchannel ORA_DISK_1: starting datafile backup set restorechannel ORA_DISK_1: specifying datafile(s) to restore from backup setchannel ORA_DISK_1: restoring datafile 00005 to /u01/app/oracle/oradata/orcl/xifenfei01.dbfchannel ORA_DISK_1: reading from backup piece /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkpRMAN-00571: ===========================================================RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============RMAN-00571: ===========================================================RMAN-03002: failure of restore command at 01/28/2015 23:02:52ORA-19870: error while restoring backup piece /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkpORA-19913: unable to decrypt backupORA-28365: wallet is not open--设置错误密码RMAN SET DECRYPTION IDENTIFIED BY 'www.orasos.com';executing command: SET decryptionRMAN restore datafile 5;Starting restore at 28-JAN-15using channel ORA_DISK_1channel ORA_DISK_1: starting datafile backup set restorechannel ORA_DISK_1: specifying datafile(s) to restore from backup setchannel ORA_DISK_1: restoring datafile 00005 to /u01/app/oracle/oradata/orcl/xifenfei01.dbfchannel ORA_DISK_1: reading from backup piece /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkpRMAN-00571: ===========================================================RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============RMAN-00571: ===========================================================RMAN-03002: failure of restore command at 01/28/2015 23:03:31ORA-19870: error while restoring backup piece /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkpORA-19913: unable to decrypt backupORA-28365: wallet is not open--设置正确密码RMAN SET DECRYPTION IDENTIFIED BY 'www.111cn.net';executing command: SET decryptionRMAN restore datafile 5;Starting restore at 28-JAN-15using channel ORA_DISK_1channel ORA_DISK_1: starting datafile backup set restorechannel ORA_DISK_1: specifying datafile(s) to restore from backup setchannel ORA_DISK_1: restoring datafile 00005 to /u01/app/oracle/oradata/orcl/xifenfei01.dbfchannel ORA_DISK_1: reading from backup piece /u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkpchannel ORA_DISK_1: piece handle=/u01/2015_01_28/o1_mf_nnndf_TAG20150128T230115_bdkyfvlw_.bkp tag=TAG20150128T230115channel ORA_DISK_1: restored backup piece 1channel ORA_DISK_1: restore complete, elapsed time: 00:00:01Finished restore at 28-JAN-15验证数据还原RMAN recover datafile 5;Starting recover at 28-JAN-15using target database control file instead of recovery catalogallocated channel: ORA_DISK_1channel ORA_DISK_1: SID=7 device type=DISKstarting media recoverymedia recovery complete, elapsed time: 00:00:00Finished recover at 28-JAN-15RMAN sql 'alter database datafile 5 online';sql statement: alter database datafile 5 onlineRMAN exitRecovery Manager complete.[oracle@localhost ~]$ sqlplus / as sysdbaSQL*Plus: Release 11.2.0.4.0 Production on Wed Jan 28 23:05:55 2015Copyright (c) 1982, 2013, Oracle. All rights reserved.Connected to:Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit ProductionWith the Partitioning, OLAP, Data Mining and Real Application Testing optionsSQL select count(*) from chf.t_xifenfei; COUNT(*)---------- 86721至此我们可以看到,最简单的rman加密备份和加密恢复测试完成,在使用set encryption加密后,如果不输入或者错误的输入密码无法使用备份集,从而确保了备份集的安全.