vi
6 Managing Security for Backup Networks
Backup Network Security Overview.................................................................................................... 6-1
Planning Security for an Administrative Domain............................................................................. 6-2
Identifying Assets and Principals.................................................................................................... 6-2
Identifying Your Backup Environment Type ................................................................................ 6-3
Single System............................................................................................................................... 6-3
Data Center .................................................................................................................................. 6-4
Corporate Network..................................................................................................................... 6-6
Choosing Secure Hosts for the Administrative and Media Servers........................................... 6-6
Determining the Distribution Method of Host Identity Certificates.......................................... 6-7
Trusted Hosts............................................................................................................................................. 6-8
Host Authentication and Communication .......................................................................................... 6-9
Identity Certificates and Public Key Cryptography ..................................................................... 6-9
Authenticated SSL Connections.................................................................................................... 6-10
Certification Authority................................................................................................................... 6-10
Automated and Manual Certificate Provisioning Mode ................................................... 6-11
Oracle Wallet.................................................................................................................................... 6-11
Oracle Secure Backup Encryption Wallet............................................................................. 6-12
Web Server Authentication............................................................................................................ 6-13
Revoking a Host Identity Certificate............................................................................................ 6-13
Encryption of Data in Transit.............................................................................................................. 6-14
Default Security Configuration.......................................................................................................... 6-15
Configuring Security for the Administrative Domain .................................................................. 6-16
Providing Certificates for Hosts in the Administrative Domain ............................................. 6-16
Configuring the Administrative Server................................................................................ 6-16
Configuring Media Servers and Clients............................................................................... 6-17
Setting the Size for Public and Private Keys ............................................................................... 6-18
Setting the Key Size in obparameters.................................................................................... 6-18
Setting the Key Size in the certkeysize Security Policy ...................................................... 6-19
Setting the Key Size in mkhost............................................................................................... 6-19
Enabling and Disabling SSL for Host Authentication and Communication.......................... 6-20
Managing Certificates with obcm...................................................................................................... 6-21
Exporting Signed Certificates........................................................................................................ 6-21
Importing Signed Certificates ....................................................................................................... 6-21
A Oracle Secure Backup Directories and Files
Oracle Secure Backup Home Directory .............................................................................................. A-1
Administrative Server Directories and Files...................................................................................... A-1
Media Server Directories and Files...................................................................................................... A-4
Client Host Directories and Files ......................................................................................................... A-5
B Oracle Secure Backup obparameters Installation Parameters
customized obparameters ...................................................................................................................... B-1
start daemons at boot.............................................................................................................................. B-2
identity certificate key size.................................................................................................................... B-2
create preauthorized oracle user........................................................................................................... B-2