Oracle Database 11g RMAN Backup Encryption
Security is gaining importance. As per the reports in the year 2008, loss of confidential information has increased to 63%. This loss of confidential information is a breach of Service Level Agreement (SLA). Organizations will have to compensate these loses in the form of financial penalties.
A recent information protection law from a state in U.S.A claims that information of residents of this state stored in databases across the globe will have to be encrypted. Upon failure, the database owners will have to pay $5000 penalty. These kind of laws demand a robust database architecture.
Apart from design stage, loss of valuable information happens while the DBA does some administrative tasks including cloning production instances to create development, test instances. During such tasks critical information including credit card details, health records, SSN etc gets exposed. These information need to be in encrypted fashion. To decrypt it password needs to be supplied.
This concept of encryption/decryption can be extended to Oracle RMAN (recovery manager) backup and recovery. The information needs to be encrypted using AES which encrypts data in 128,192,256 bits. It is necessary to set the encryption algorithm and supply password during recovery
RMAN> set encryption algorithm 'aes256' identified by pass;
executing command: SET encryption
using target database control file instead of recovery catalog
RMAN> backup as compressed backupset database format 'C:\app\oracle_backup_encryption.bkp';
Starting backup at 11-MAY-10
using channel ORA_DISK_1
channel ORA_DISK_1: starting compressed full datafile backup set
channel ORA_DISK_1: specifying datafile(s) in backup set
RMAN> set decryption identified by pass;