As database professionals we are the custodians of our organisations data and in the event of any data related issue are usually one of the first on the scene.
Over the last few years we have seen an increasing number of ransomware attacks, this has been headline news across the globe impacting all industries, with no targets it seems off-limits.
With this in mind we need to be constantly reviewing, and reducing our exposure to malware and other external and internal threats, by adopting a multi-level approach to data protection, think Defence-in-Depth.
During database server security reviews we need to consider how we can make the malware or unauthorised intruders’ job as hard as possible, as well as maintaining latest operating system and application patches, we should explore hardening our servers, by for example:
- Not installing unnecessary applications
- Only run required services
- Using non-default ports
- Not advertising operating system and version
- Locking down access with correct file permissions and ownership
- Implementing a SIEM (Security Information and Event Management) solution such as Splunk
Additionally, when we consider our database servers we need to include backups.
Wherever possible, database backups should be stored off the primary storage array to ensure the storage platform is not a single point of failure or risk.
A popular approach is to present a shared filesystem to all database servers delivered from an NFS server.
Hide Backup Locations
Hiding our backup locations and only mounting the NFS file systems when accessed with Automouner (autofs).
Automounter can be used with Oracle RMAN to mount NFS file systems when required and automatically unmount the filesystem when they are no longer being accessed.
Snapshot RMAN Backups
Storage snapshots can be used to provide a simple way of protecting our Oracle Recovery Manager (RMAN) backups from accidental or malicious deletion.
Oracle RMAN jobs and backup processes will continue to read, write and delete files in the backup location, but having a Read-Only snapshot stops the any malware, or DBA accidentally or maliciously deleting important backup files.
To protect against loss of hall, data centre or site, we should also consider snapshot replication to ensure our backups are also available in a different location.
The above provides good protection from many host based issues, but what if our storage administrators credentials are compromised and storage snapshots are deleted directly on the array ?
Protecting RMAN backups
To automate the taking of snapshot and optional replicate to a secondary array I have developed a Python script which I can call from my RMAN backup scripts.
$ python3 pureTakeFBsnapshot.py -h Usage: pureTakeFBsnapshot.py [options] This application has been developed using Pure Storage v1.12 RESTful Web Service interfaces. Developed and tested using Python 3.9.5 Please contact firstname.lastname@example.org for assistance. Options: --version show program's version number and exit -h, --help show this help message and exit -d, --debug Debug [default: False] -f FS, --filesystem=FS FlashBlade File System -r FLASHBLADEREP, --replicant=FLASHBLADEREP FlashBlade Replicant array -s FLASHBLADE, --server=FLASHBLADE FlashBlade array -t API_TOKEN, --token=API_TOKEN Pure API Token -S SUFFIX, --suffix=SUFFIX File system snapshot suffix -v, --verbose Verbose [default: False]
In the example below you can see I have taken a snapshot, provided a suffix and initiated replication to another array.
Now we have a Read-Only snapshot of the RMAN backup we are protected against accidental, ransomware encryption or malicious destruction of the database backups. Pure Storage SafeMode snapshots can provide additional protection against a rogue storage administrator or compromised storage platform.
Cataloging Backups in the Recovery Catalog
An Oracle RMAN feature which you may not be familiar is catalog start with, this provide the ability to manually catalog backups in the recovery catalog, we can use this to include the the snapshot location using catalog start with <mount point/.snapshot/file filesystem.suffix>
RMAN> catalog start with '/mnt/orabkup/DEMO/.snapshot/z-oracle_orabkup.08-JUN-2021-093552' noprompt;
Now we have the RMAN backup snapshot location registered we use
RESTORE... VALIDATE to confirm that backups required to restore the database are present, readable, and not corrupted:
RMAN> restore database validate;
RESTORE command can now use the NFS snapshot backup location to restore, validate, or preview RMAN backups.
In this blog I have shared a few ideas on how we can use our storage platform to give greater protection to our critical database backups
I have demonstrated how Oracle Recovery Manager (RMAN) can work with NFS Read-Only snapshot directories for database recoveries, providing protection against accidental, ransomware encryption or malicious destruction of the backups and snapshots.
Finally, remember SCHRODINGER’S BACKUP and keep testing your backups.
[twitter-follow screen_name=’RonEkins’ show_count=’yes’]