What is the value of the additional accounts created in


Part -1:

For this week we will continue to use DB101 as our target database.

The goal for this week's lab is begin to understand more fully how BACKUPS run within RMAN. There a number of different ways that backups can be run and scheduled.

With the advent of the Oracle 12c Multitenant architecture there are additional factors that need to be considered. If your database includes a CONTAINER database and PLUGGABLE databases, there are Backing up an enterprises database so that they are available for a possible database restore and recovery is at the core of the duties of the DBA. The DBA must ensure that databases are backed up are regular intervals, and validated so that the DBA knows that with certainty that these backups can be used to restore the database.

In this lab we will look the various types of backups that can be employed in an overview backup strategy.

In today's computing environment applications are frequently required to run in a 24x7 mode. Consequently, the databases that constitute the backend of these applications cannot be taken down to backup the database in a consistent manner. This portion of the lab will walk you through the inconsistent or hot backup.

The RMAN utility allows for the use the many of the commands hat we looked in the previous lab, to backup the database, archived log and other database structures.

Whenever we log into the Oracle database we need to set our environment so that all of the Oracle environmental variables are set, so that we can connect to the correct Oracle database. For the purposes of our labs we will be using using two databases, DB101 (our target database) and RMANCAT (the database containing the RMAN CATALOG schema)

1. Completing a HOT backup of the database.

2. Once you have logged into the server with the Oracle shell account, set the Oracle environmental variables and the ORACLE_SID variable to the target database.

3. There is a a file in the Oracle Home directory, /home/oracle, named profile. The content of this file contains variables such as ORACLE_HOME and PATH. This path needs to be sourced she the shell has the variables set. This is completed at the OS level.

$ . profile

You can check to see if the environment is set up properly by typing the ENV command.

$ env

The ORACLE_SID is set separately since we have two databases running on this server.

$ export ORACLE_SID=db101

4. Now we need to initialize the RMAN utility and connect to the TARGET and CATALOG.

$ rman

Recovery Manager: Release 12.1.0.2.0 - Production on Sat Oct 10 16:39:39 2015

Copyright (c) 1982, 2014, Oracle and/or its affiliates. All rights reserved.

RMAN>

At this point we have only stared up RMAN. We have no connection to the target database or the RMAN catalog. Note here that the name of the ORACLE_SID or the DBID may not match your environment. As long as you have connected properly to your TARGET database you should be able to run the lab objectives properly.

Now connect to your TARGET database.

RMAN> connect target

connected to target database: SPOCK (DBID=3181554993)

In the previous lab, we looked at important ORACLE files. One of these files was the TNSNAMES.ORA files. To connect the CATALOG we will be using an alias set in that file. (10 points)

RMAN> connect catalog rmanowner/R1d3c0l0@rman

5. Now you are connected to RMAN, your target database and the RMAN catalog. We are now ready to complete many of the tasks require to both backup and maintain our environment.

While you are still connected to RMAN backup your database. This first backup will be very straightforward, without any of the options that are available to Oracle.

RMAN> backup database;

This command, without any options will backup the database to its default location the FLASH RECOVERY AREA. Backups can take a significant amount of disk space, which as a DBA you are responsible for maintaining effectively. One of the ones to manage the location of the backup sets is to user the FORMAT option.

Using the FORMAT option backup the database again.

RMAN>backup format '/db_backup/db101/bk_%s_%p_%t' database;

This FORMAT command will direct RMAN to backup to the new location and name the Backupsets so the names are more easily read and understood.

This backup is INCONSISTENT, since it is considered a HOT backup, taken while database is OPEN.

6. As stated earlier, the RMAN utility can be used to backup other database structures, not simply backing up the entire database. The REDO LOG files are a record of transactions that occur in the database. If the database is running in ARCHIVELOG mode, it will save the ARCHIVED LOG FILES to a designated location. If not properly maintained, the ARCHIVED LOG FILES can build up, taking up disk space and if not backed up and removed from DISK, Oracle can stop operating, waiting for enough space to archive the REDO LOGS.

The command to backup the ARCHIVED LOG FILES is similar to the backup command for the database.

In your environment issue the command to backup the ARCHIVED LOG FILES.(10 points)

RMAN>backup format '/db_backup/db101/arch_%s_%p_%t' archivelog all delete input;

Notice the difference between this command and the previous database backup command. The FORMAT command has name the backupset will contain the prefix of "arch" so the Backupsets can be distinguished from the backupsets of the database. What has been added to the command is also "all delete input". This option tells RMAN to backup the the ARCHIVED LOG FILES and then delete them from disk. These files no longer need to reside on disk, but are still important to the RECOVERY process.

7. While, in most case, the database will need to be backed up while still operating, there will be occasions in which the database will be backed up while it is shutdown. This backup is considered CONSISTENT, since all buffered data has been written to disk.

In this next case we will do a COLD backup of the database, one that is taken after the database has been shutdown cleanly.
Many of the commands that are run in the SQLPLUS utility, can also be run in RMAN. These include the SHUTDOWN and STARTUP commands.

In your environment issue the SHUTDOWN command with the IMMEDIATE option.

RMAN> shutdown immediate

Paste your output here:

The database needs to be in the MOUNT state so that RMAN can connect and complete the backup process.

RMAN> startup mount;

Paste your output here:

Now issue the same backup command issued to complete the HOT backup.(10 points)

RMAN> backup database format '/db_backup/db101/bk_%s_%p_%t' database;

Paste your output here:

Now the database needs to be opened so that it is ready to complete transactions.

RMAN> alter database open;

Paste your output here:

8. We have been completing FULL DATABASE BACKUPS. There will be instances in which the database will need to be backup INCREMENTLY. Meaning that FULL database backups are take alternatively with INCREMENT backups. A drawback of INCREMENT backups is that they do not capture any changes that have occurred in the database since the last backup.

By default, RMAN makes full backups. A full backup of a data file includes every allocated block in the file being backed up. A full backup of a data file can be an image copy, in which case every data block is backed up. It can also be stored in a backup set, in which case data file blocks not in use may be skipped.

RMAN can create multilevel incremental backups. Each incremental level is denoted by a value of 0 or 1. A level 0 incremental backup, which is the base for subsequent incremental backups, copies all blocks containing data. The only difference between a level 0 incremental backup and a full backup is that a full backup is never included in an incremental strategy. Thus, an incremental level 0 backup is a full backup that happens to be the parent of incremental backups whose level is greater than 0. Incremental backups are differential by default.
In order to speed up the INCREMENTAL backup process enable block change tracking:

SQL> select * from v$block_change_tracking;

Ifblock change tracking is not enabled, then:

SQL>alter database enable block change tracking using file ;>

Put the file with the rest of your data files and name it something like block_change_tracking.dbf. This feature has little overhead. The block change tracking file is, on average, 1/30,000 the size of the data blocks to be tracked. You can have a very large database before worrying about this file taking up much space.

To do the weekly level-0 backup on Sunday, type the following:

RMAN>backup incremental level 0 database tag=weekly_level_0;

To do the daily level-1 backup, type the following:(20 points)

RMAN>backup incremental level 0 database tag=weekly_level_1;

Do the daily backup every day besides Sunday if you're doing a weekly level 0 on Sunday. If you're doing a monthly level 0 (for example, on the first of the month), run the daily level 1 everyother day of the month. Basically, if you're doing a level 0 on a given day, there's no need to do a level 1.

A level 0 backup must exist for each data file in the BACKUP command as the base backup for an incremental strategy. Level 0 backups must not have status UNAVAILABLE. If no level 0 backup exists, then RMAN makes a level 0 backup automatically.

Sufficient incremental backups taken since level 0 must exist and be available such that the incremental backup to be created is usable.

Finally, as we conclude this lab we are going to do some maintenance in our VM environment. We want to do this so that we fill up our disk with backups. If there is no disk space left over, then RMAN will throw an error and abort the backup process. We will ALWAYS want to use RMAN to complete this process. If you remove backups from disk via UNIX command line, you will need to update your CATALOG Metadata so that we is in the repository records and what is on disk are the same.

So we will need to do 2 things to complete this process. First we will want to set REDUNCDANCY level in the RETENTION POLICY to 2. This will allow two FULL backups on disk.

1. First log into the TARGET and CATALOG in RMAN.
2. Now issue the command SHOW ALL
Now reset the RETENTION POLICY and paste your results.

RMAN> CONFIGURE RETENTION POLICY TO REDUNDANCY 1;

Now issue the DELETE command. You can do this interactively or with the NOPROMPT option. Command these commands and paste your results. (10 points)

RMAN> delete obsolete;

Or

RMAN> delete obsolete noprompt;

Will later look at how this can be run automatically. In most enterprise environments your will use the Oracle Enterprise Manager to schedule these jobs. You can also run these in scripted CRONJOBS in a Unix environment.

Part -2:

This week we will be using the SPOCK database. I want you to be aware of the types of commands you can issue and work that you can do in a CONTAINER database versus a NON-CONTAINER database. This is one of the significant architectural changes Oracle has made from Oracle 11c to 12c.

We you are setting up your environment make sure you set the ORACLE_SID correctly. If you set the environment incorrectly you will see that many of these commands will not work correctly.

Section I SYSBACKUP Privilege

The SYSBACKUP is a new privilege introduced in the Oracle Database 12c release that allows a user to perform any backup or recovery operations. It is recommended that a new user is created is created to complete backup and recovery tasks. At installation there is a sysbackup user created, which should remain locked.

For this section we will create a new Oracle user backup in the CDB. What we are doing here is adhering to a security principle SEPARATION OF DUTIES. you can grant SYSBACKUP privilege to a user allowed only to perform backup or recovery operation using the RMAN command line, but without possibility to see or access the data of the database.

The SYSBACKUP privilege allows for the following:

1. ALTER SYSTEM
2. AUDIT ANY
3. SELECT ANY TRANSACTION
4. SELECT ANY DICTIONARY
5. RESUMABLE
6. CREATE ANY DIRECTORY
7. UNLIMITED TABLESPACE
8. ALTER TABLESPACE
9. ALTER SESSION
10. ALTER DATABASE
11. CREATE ANY TABLE
12. DROP TABLESPACE
13. CREATE ANY CLUSTER
In addition to the SYSBACKUP account there are two additional new accounts in Oracle 12c, the SYSDG and SYSKM accounts.
Let's take a look at these accounts.
Three new user SYSBACKUP, SYSDG and SYSKM are created in support of this, when the database is created, with their account in the "EXPIRED & LOCKED" status. A equivalent administrative privilege with the same name as the user is created as well.

1. SQL>SELECT username ,account_status FROM dba_users where USERNAME like 'SYS%';

New Administrative Privileges

These new accounts have been provisioned for use with the appropriate privileges.

2. SQL>SELECT * FROM V$pwfile_users;

SYSBACKUP will be used to perform all backup and recovery related operations either via RMAN or SQL*PLUS. Here you can find a complete list of SYSBACKUP privilegesyou are assigned when logged in with the SYSBACKUP administrative privilege.

SYSDG is in place to separate the Data Guard related operations from other activities. Here you can find a complete list of SYSDG privilegesyou are assigned when logged in with the SYSDG administrative privilege.

SYSKM will be responsible for all TDE (Transparent Data Encryption) and Data Vault related administrative operations. Here you can find a complete list of SYSKM privilegesyou are assigned when logged in with the SYSKM administrative privilege.

None of these new database roles can be dropped. They have enough privileges that using them user can connect to database even if it is closed. Also all these roles are incorporated into the Oracle database Vault. Actions performed using these privilege can be audited if AUDIT_SYS_OPERATIONS is set to true.

Add New Privileges to Password File

When a user needs to connect to the database using the SYSBACKUP, SYSDG or SYSKM adminstrative privilege the user must me be added to the password file with the appropriate user privilege flag. The option to include these new privileges has been added to the orapwd utility.

3. orapwd file='$ORACLE_HOME/dbs/orapwrmancat' force=y format=legacy sysbackup=y sysdg=y syskm=y delete=n ENTRIES=10 SYSBACKUP=y

Current Schema and Session for SYSBACKUP, SYSDG and SYSKM

When a user is connected using any of these admin privileges, the schema that they are assigned to is the SYS schema and the session name corresponds to the privilege name that they are using.
3. SQL> conn sys as sysdba

4. SQL> select sys_context('userenv', 'current_schema') current_schema, sys_context('userenv', 'session_user') session_user from dual;

5. SQL> conn sysdg as sysdg;

6. SQL> select sys_context('userenv', 'current_schema') current_schema, sys_context('userenv', 'session_user') session_user from dual;

7. SQL> conn sysbackup as sysbackup;

8. SQL> select sys_context('userenv', 'current_schema') current_schema, sys_context('userenv', 'session_user') session_user from dual;

9. SQL> conn syskm as syskm;

10. SQL> select sys_context('userenv', 'current_schema') current_schema, sys_context('userenv', 'session_user')
session_user from dual;
New Database Role OS Group

To further ensure the separation of access to the new SYSBACKUP, SYSDG and SYSKM privileges, Oracle recommends mapping them to the new OSBACKUPDBA, OSDGDBA and OSKMDBA operating system groups respectively.

SYSBACKUP BACKUPDBA
SYSDG DGDBA
SYSKM KMDBA
Summary

With the introduction of the new Database Administration users and the scaled down privileges, implementing segregation of duties is indeed possible.

Further by providing the flexibility to only assign the required DBA privilege and mapping it to the specific OS role groups, accountability on the use of the specific role is made easier.

$ orapwd file='$ORACLE_HOME/dbs/orapwrman' force=y format=legacy sysbackup=y sysdg=y syskm=y delete=n ENTRIES=10 SYSBACKUP=y

Section IIRestore and Recovery

The preservation of data is one of the most important tasks that a database administrator is responsible for day-to-day. In todays computing environments company are very dependent upon their data, and ensuring that it available and its integrity is preserved are integral to an enterprise's vitality. In this section we will be looking at the different of restore scenarios, and how they will drive decisions about recovery.

For clarity throughout the remainder of this lab, let us define our terms. Restore is the process of putting data back into place following a media failure. Media failure can include disk failure, server crash, etc., some type of event that interferes with the normal functioning of the database. Recovery on the other hand is the rolling forward of archived redo logs, which puts data back into place since the last backup. Let's keep in mind that the backup of a database is a "snapshot" in time, which does not include any changes that occur after the backup has been completed. A recovery will put data back into place that has been committed since this backup. The DBA will need to make decisions about the type of recovery that will be employed based the identifier that will be employed. For instance, a DBA can choose to do a point-in-time recovery if they know the exact moment which they recovery needs to roll forward to, one based on the SCN or until sequence. This are all types of INCOMPLETE database recoveries. What we are trying to do in these scenarios is to bring the bring the database back to a state of consistency.

This work will be done in the CONTAINER database.

1. The first restore will be a FULL RESTORE. This restore and recovery will be complete in a situation in which has lost most or all of its data files.

1. If the database is not mounted, then mount but do not open the datafiles. (5 points)
2.

RMAN> shutdown immediate

RMAN> startup mount;

RMAN> restore database;

RMAN> recover database;

3. Most of the structures that Oracle understands are physical, Oracle can restore at the Tablespace level. The tablespace can be said to occupy a space between the physical (datafiles) and the logical (tables)

2. Let's do a restore on the USERS tablespace.

RMAN> restore tablespace users;

RMAN> recover tablespace users;

4. A full restore of the database is relatively straightforward. You are putting all of the backed up datafiles back into place and applying all of the available log files. In real life situations you may need to recover the database to another point than the one completed in the FULL RESTORE. Let's look at the some of the other options.

The most common type of INCOMPLETE RECOVERY is a POINT-IN-TIME RECOVERY. This brings back the database to a specific time, often to a point just before a media failure.

One of the things you need to do when performing incomplete recovery with RMAN is to establish a recovery target. The recovery target is the point at which you wish to terminate the recovery process and can be identified based on a point in time, a specific SCN, or a log sequence number.

3. As shown in this example, which uses the set until time command to establish the recovery target as 3 P.M. on July 1, 2015. You will need to set you command to run the restore at time that is after your last backup but any where from a few minutes to the time that you run the restore to allow the point-in-time to run successfully.

run
{
set until time "to_date('07/01/15 15:00:00','mm/dd/yy hh24:mi:ss')";
restore database;
recover database
alter database open resetlogs;
}

When this command is issued, RMAN looks for the backup set closest to, but not including or after, this period and restores the database from that backup set. If the database is in NOARCHIVELOG mode, then recovery will stop at that point; otherwise, during the execution of the recovercommand, Oracle will apply the archived redo logs (and any incremental backups that need to be applied) up to, but not including, the defined recovery target.

In this example we are using the { } brackets. These brackets allow you gather all the commands together and run sequentially, rather than having to put them in individually. You can use either method.

When you run this command you you will see a number of statements informing you what RMAN is doing or has completed. Please identifying these statements and briefly define what is being communicated by RMAN.

6. In addition to RESTORING the entire non-Container or Container database, in Oracle 12c you can also RESTORE any of the PDBs.

To RESTORE the PDB first connect to the root.

[oracle@Ucol-StudentOra~]$ rman target sys
Now close the PDBs:
4. (If you need a refresher on the PDB that are attached to the CONTAINER, you can run this query: select name, open_mode from V$PDBS;)(10 points)

SQL> ALTER PLUGGABLE DATABASE kirk, picard, archer close;
(Remember this command is specific to my environment. You will need to substitute the names of your PDBs for the ones shown here)
5. Now you can recover the PDBs:(10 points)

RMAN> restore pluggable database kirk, picard, archer;
You can also recover the seed database using this same method.
RMAN> restore pluggable database 'pdb$seed', kirk, picard, archer;

7. In recovering a lost table was a difficult and time consuming process. In Oracle 12c this process is much simplified. In this section we are going to create a table, give it some content and then remove the table. In ‘real world' situations this could be a developer accidently removing a table. Our process here will assume that FLASHBACK TABLE is not available.

It creates an auxiliary database or instance which is used to recover the tables to a specific point in time. This database will contain a few system related data files like SYSTEM, SYSAUX, UNDO and data files belonging to the tablespace containing the tables we are looking to restore.
We will need to do some setup for this scenario.
Create a new user:
RMAN> create user C##DBUSER101 identified by student101 default tablespace users temporary tablespace temp;
Grant the needed permissions for this user:
RMAN>GRANT create session, unlimited tablespace, CREATE ANY TABLE TO C##DBUSER101 CONTAINER=ALL;
Connect as the new user:
RMAN>connecttarget C##DBUSER101/student101

RMAN> connect catalog rmanowner/R1d3c0l0@rman

Create a new table for recovery and insert data into the table:

CREATE TABLE C##DBUSER101.LA7_PATIENT
(LA7_PATIENT_NO number ,
LA7_PATIENT_NAME VARCHAR2(25) NOT NULL,
WARD_NO NUMBER(2),
PHY_ID NUMBER(4));

INSERT INTO C##DBUSER101.LA7_PATIENT VALUES (1, 'JACK',10,1003);
INSERT INTO C##DBUSER101.LA7_PATIENT VALUES(2,'JOHN',10,1004);
INSERT INTO C##DBUSER101.LA7_PATIENT VALUES (3,'MARY',10,1001);
INSERT INTO C##DBUSER101.LA7_PATIENT VALUES (4, 'JOSE',11,1001);
INSERT INTO C##DBUSER101.LA7_PATIENT VALUES(5,'JEFFREY',11,1004);
INSERT INTO C##DBUSER101.LA7_PATIENT VALUES (6,'SHARON',10,1003);
INSERT INTO C##DBUSER101.LA7_PATIENT VALUES (7, 'JENNY',10,1006);
INSERT INTO C##DBUSER101.LA7_PATIENT VALUES(8,'MARIO',10,1004);
INSERT INTO C##DBUSER101.LA7_PATIENT VALUES (9,'MARINA',10,1005);
INSERT INTO C##DBUSER101.LA7_PATIENT VALUES (10, 'G JOSE',11,1006);
INSERT INTO C##DBUSER101.LA7_PATIENT VALUES(11,'STEVE',11,1007);
INSERT INTO C##DBUSER101.LA7_PATIENT VALUES (12,'SHAPIRO',10,1007);
COMMIT;

6. Get the SCN Number.

RMAN> select dbms_flashback.get_system_change_number from dual;

7. Backup the database:(10 points)
RMAN> connect target C##DBUSER101/student101
RMAN> connect catalog rmanowner/R1d3c0l0@rman

RMAN>backup format '/db_backup/spock/bk_%s_%p_%t' database;

Do a select from the table to view its content:

RMAN> select LA7_PATIENT_NO, LA7_PATIENT_NAME, WARD_NO, PHY_ID from C##DBUSER101.LA7_PATIENT;

Now we will simulate the loss of this table:

RMAN> drop table C##DBUSER101.LA7_PATIENT;

8. Now we will restore the table using the RESTORE TABLE command. NOTE: Verifiy that the destination is in place. '/u01/app/oracle/backup' If the backup directory does not exist then you will need to create it using the mkdir command. Also, you may want to check to make sure that you have enough disk space to complete this process, using the df -h command. This command is completing a restore back to a backup that is at least 10 minutes old. You need to make sure that at least 10 minutes has elapsed since your last backup. You can also use the UNTIL TIME backup in a different time interval. (10 points)

Create the AUXILIARY DESTINATION directory.

Mkdir /u01/app/oracle/backup

recover table 'C##DBUSER101'.'LA7_PATIENT'
UNTIL SCN2997630
AUXILIARY DESTINATION '/u00/app/oracle/backup';

The RECOVER TABLE command completes a number of different tasks. To complete Lab 4, please identifying the tasks that are completing by the RECOVER TABLE command. Completing this will require some careful reading of the output to identifying all of the tasks.

Questions

9. What is the value of the additional accounts created in Oracle 12c SYSBACKUP, SYSDG and SYSKM?

10. There are a variety of different types of RECOVERY. Describe a scenario in which it would be appropriate to use FULL RESTORE.

11. In your own words (meaning no copy and paste from Oracle, or other, documentation) describe the purpose of the the SEED database in the 12c architecture.

12. In order to RESTORE a database it needs to be put into mount state. In the Oracle startup process what is Oracle doing in the mount state?

13. Oracle 12c now allows the DBA to RESTORE a TABLESPACE. Explain the importance of this development.

Request for Solution File

Ask an Expert for Answer!!
Basic Computer Science: What is the value of the additional accounts created in
Reference No:- TGS01631498

Expected delivery within 24 Hours