Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Backup and Restore in a DMZ

Re: Backup and Restore in a DMZ

From: Holger Marzen <holger_at_marzen.de>
Date: 1 Mar 2002 06:54:02 GMT
Message-ID: <a5n8ia$igh$1@bluebell.marzen.de> 







>> No big problem, but the machine is located in a DMZ - I cannot have
>> connections to other db servers or fancy clicky flashy enterprisy tools.




> 

> I do not claim to be the biggest Information Security consultant of

> all times, but IMHO Oracle does not belong in the DMZ. I strongly

> recommend that you reconsider.




That DMZ is not connected to the Internet. These zones are just to
separate one customer from another.


>> Controlfiles and the rest of the operation system is backed up daily. I
>> use rman without a repository and save the whole db (backup database),
>> switch log and archive the logs (db is in log archive mode).




> Construct your backup/recovery strategy so that you eventually end up

> with a bunch of files. Just ftp them files to the place from where you

> can put 'em on tape/backup media. However, I suggest opening FTP

> access right before copying them files and closing it immediately

> after that.




I never transfer files fith ftp because of security reasons. Scp is much
better.


>> As I have read I cannot do a timestamp recovery with that data. Is that
>> true? Can I do a complete recovery including the last database backup
>> and roll forward with all the available logs?




> The control file is where the information about last SCN is stored,

> along with a bunch'a other crap. If you overwrite it with an old one

> you won't be able to do point-in-time recovery with re-applying redo

> logs.




Can I do a backup of the current controlfile? I could save this
together with the archived logs.


>> Another question:
>> Would it be possible to mirror the online logs via NFS on another
>> machine, so I'd even could roll forward the data with the remaining log
>> if the db machine completely blows up and has to be replaced and
>> reinstalled?




> NFS is by far not the most secure network service. There's a lengthy




The NFS-server would be in the same DMZ.



> list of known vulnerabilities. Allowing NFS is asking for some serious

> trouble. Besides, NFS is not a speed demon, so your performance will

> be sluggish. Try OS-level mirroring instead, and move them Oracle

> outt'a DMZ.




I already do OS mirroring. But what if the machine melts down. Unlikely,
but I want to find out the best backup stragey (no data loss at all).
Saving archive logs to tape (or a safe place) is the out-of-the-box
stragegy and the amount of lost data is too high for that
application/customer. That's why I considered using NFS.



But we have an external disk array. I think I should instruct Oracle to
have 2 logs in a set and have one copy on the local RAID and another on
the remote RAID.



-- 
Schluss mit dem Fluglärmterror der US-Luftwaffe im Naturpark
Saar-Hunsrück! 25 Jahre Triebwerksgedröhne, Tiefflüge, Luftkämpfe und
laute Transportflüge von früh bis nachts sind genug. Lernt *endlich*
euch zu benehmen. Zuviel verlangt?


Received on Fri Mar 01 2002 - 00:54:02 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US