EasyManuals Logo

Oracle Secure Backup User Manual

Default Icon
174 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #123 background imageLoading...
Page #123 background image
Host Authentication and Communication
Managing Security for Backup Networks 6-13
exclude name *.p12
Web Server Authentication
The Apache Web server for the administrative domain runs on the administrative
server as the obhttpd daemon. When you issue commands through the Oracle Secure
Backup Web tool, obhttpd repackages them as obtool commands and passes them to
an instance of obtool running on the administrative server.
The Web server requires a signed X.509 certificate and associated public key/private
key pair to establish an Secure Sockets Layer (SSL) connection with a client Web
browser. The X.509 certificate for the Web server is self-signed by the installob
program when you install Oracle Secure Backup on the administrative server.
Figure 6–5 shows the interaction between Web server and client.
Figure 6–5 Web Server Authentication
The Web server X.509 certificate and keys are not stored in the wallet used for host
authentication in the Oracle Secure Backup administrative domain, but are stored in
files in the /apache/conf subdirectory of the Oracle Secure Backup home. A single
password protects the certificates and keys. This password is stored in encrypted form
in the daemons file located in /admin/config/default. When the Web server
starts, it obtains the password by using a mechanism specified in the Web server
configuration file. This password is never transmitted over the network.
Revoking a Host Identity Certificate
Revoking a host identity certificate is an extreme measure that would only be
performed if the backup administrator determined that the security of a computer in
the Oracle Secure Backup administrative domain had been breached in some way.
You can revoke a host identity certificate with the revhost command in obtool.
If you revoke a host identity certificate, then none of the Oracle Secure Backup service
daemons accept connections from that host. Revocation is not reversible. If you revoke
See Also: Oracle Secure Backup Administrator's Guide for more
information on dataset statements and catalog recovery
See Also: Oracle Secure Backup Reference for revhost syntax and
semantics
SSL
Web
Client
observiced obtoolobhttpd
Administrative
Server
Web Server
Certificate
Web Server
Private Key
Commands

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Oracle Secure Backup and is the answer not in the manual?

Oracle Secure Backup Specifications

General IconGeneral
CompressionYes
Tape Library SupportYes
Web InterfaceYes
Command Line InterfaceYes
SchedulingYes
ReportingYes
Role-Based Access ControlYes
NDMP SupportYes
Virtual Tape Library SupportYes
Operating Systems SupportedLinux, Windows, Solaris, AIX, HP-UX
Backup MethodsFull, Incremental, Differential
Media SupportTape, Disk
Database SupportOracle Database
EncryptionAES 256-bit
Centralized ManagementYes
Cloud IntegrationOracle Cloud