Default Security Configuration
Managing Security for Backup Networks 6-15
■ Unencrypted RMAN backup of a database on client_host.
Oracle Secure Backup does not encrypt the data before transferring it over the
network to media_server. After Oracle Secure Backup writes the data to tape, the
data resides on tape in unencrypted form.
■ Unencrypted RMAN backup of a database on client_host with
encryptdataintransit set to yes.
Oracle Secure Backup encrypts the data before transferring it over the network to
media_server. The encrypted data is decrypted at media_server. After Oracle
Secure Backup writes the data to tape, the data resides on tape in unencrypted
form.
■ Encrypted Oracle Secure Backup backup of the file system on client_host.
Oracle Secure Backup transfers the encrypted backup data over the network to
media_server. Oracle Secure Backup does not apply additional encryption to the
data as it passes over the network. After Oracle Secure Backup writes the data to
tape, the file-system data resides on tape in encrypted form.
■ Unencrypted Oracle Secure Backup of the file system on client_host.
Oracle Secure Backup does not encrypt the data before transferring it over the
network to media_server. After Oracle Secure Backup writes the data to tape, the
data resides on tape in unencrypted form.
■ Unencrypted Oracle Secure Backup of the file system on client_host with
encryptdataintransit set to yes.
Oracle Secure Backup encrypts the data before transferring it over the network to
media_server. The encrypted data is decrypted at media_server. After Oracle
Secure Backup writes the data to tape, the data resides on tape in unencrypted
form.
Default Security Configuration
When you install Oracle Secure Backup on the administrative server, the installation
program configures the administrative server as the Certification Authority (CA)
automatically. By default, security for an administrative domain is configured as
follows:
■ Secure Sockets Layer (SSL) is used for host authentication and message integrity.
■ The CA signs and issues the identity certificate for each domain host in
automated certificate provisioning mode.
■ The size of the public key and private key for every host in the domain is 1024
bits.
■ Host communications within the domain are encrypted by SSL.
When you add hosts to the administrative domain, Oracle Secure Backup creates the
wallet, keys, and certificates for each host when you create the hosts in obtool or the
Oracle Secure Backup Web tool. No additional intervention or configuration is
required.
You can also change the default configuration in any of the following ways:
See Also: Oracle Database Backup and Recovery Advanced User's Guide
to learn about encryption of RMAN backups
To Next Page
Loading...
Need help?
General