티스토리 뷰
반응형
안녕하세요. IBM 커뮤니티에서 인포믹스의 통합 백업 암호화(Integrated Backup Encryption) 기능에 대한 질문이 있어서 소개하려고 합니다.
질문의 요지는 암호화된 백업 파일의 압축이 잘 되는가 하는 것인데, PGP로 암호화된 파일은 압축이 잘 안되었던 모양입니다. 그래서 몇가지 상황을 가정하고 백업 암호화 기능의 작동 방식을 테스트 해보았습니다.
인포믹스의 통합 백업 암호화 기능은 14.10 버전부터 제공됩니다.
매뉴얼에서는 통합 백업 암호화 기능을 사용한다면 원격지의 키서버를 통해 백업 암호화 키를 생성할 것을 권장하고 있으나 여기서는 편의상 로컬 암호화 키를 사용하겠습니다. 로컬 암호화 키를 생성하는 방법은 IBM Knowledge Center의 아래 링크를 참고했습니다.
-- 1. 통합 백업 암호화 기능을 설정하지 않고 ontape 백업 수행
[informix@db2 backups]$ onstat -c | egrep '^BACKUP_FILTER|^RESTORE_FILTER|^BAR_ENC'
BACKUP_FILTER
RESTORE_FILTER
BAR_ENCRYPTION
[informix@db2 backups]$ ontape -s -L 0
10 percent done.
20 percent done.
30 percent done.
40 percent done.
100 percent done.
File created: /work1/informix/ids1410fc3/backups/db2_0_L0
Please label this tape as number 1 in the arc tape sequence.
This tape contains the following logical logs:
247
Program over.
[informix@db2 backups]$ ls -la
total 266788
drwxrwxr-x. 3 informix informix 33 Mar 31 09:54 .
drwxr-xr-x. 28 informix informix 4096 Mar 21 22:30 ..
-rw-rw----. 1 informix informix 273186816 Mar 31 09:54 db2_0_L0
drwxrwxr-x. 2 informix informix 182 Mar 31 09:51 tmp
-- 2. 통합 백업 암호화 기능을 설정하고 ontape 백업 수행
[informix@db2 backups]$ openssl rand -base64 24 > /work1/informix/ids1410fc3/etc/l_key192
[informix@db2 backups]$ onstat -c | egrep '^BACKUP_FILTER|^RESTORE_FILTER|^BAR_ENC'
BACKUP_FILTER
RESTORE_FILTER
BAR_ENCRYPTION keyfile=/work1/informix/ids1410fc3/etc/l_key192,cipher=aes192
[informix@db2 backups]$ ontape -s -L 0
The backup volume will be encrypted.
10 percent done.
20 percent done.
30 percent done.
40 percent done.
100 percent done.
File created: /work1/informix/ids1410fc3/backups/db2_0_L0
Please label this tape as number 1 in the arc tape sequence.
This tape contains the following logical logs:
247
Program over.
[informix@db2 backups]$ ls -la
total 533572
drwxrwxr-x. 3 informix informix 65 Mar 31 09:55 .
drwxr-xr-x. 28 informix informix 4096 Mar 21 22:30 ..
-rw-rw----. 1 informix informix 273186816 Mar 31 09:54 db2_0_20200331_095432_L0
-rw-rw----. 1 informix informix 273186816 Mar 31 09:55 db2_0_L0
drwxrwxr-x. 2 informix informix 182 Mar 31 09:51 tmp
-- 3. 백업 파일 내용 확인
[informix@db2 backups]$ strings db2_0_20200331_095432_L0 | head -30
Archive Backup TapeIBM Informix Dynamic Server Version 14.10.FC3DETue Mar 31 09:54:32 2020informix/dev/pts/0
/work1/informix/ids1410fc3/backups/
rootdbs plog llog datadbs1 datadbs2 datadbs3 data8dbs1 data8dbs2 data8dbs3 sbspace1
IBM Informix Dynamic Server Copyright 2001, 2019 IBM Corporation
14.10.xC2
F"01-2020
ROOTNAME rootdbs
ROOTPATH /work1/informix/ids1410fc3/storage/rootdbs
ROOTOFFSET 0
ROOTSIZE 157696
MIRROR 0
MIRRORPATH /work1/informix/ids1410fc3/tmp/demo_on.root_mirror
MIRROROFFSET 0
DBSERVERNAME ol_informix1410
SERVERNUM 0
MSGPATH /work1/informix/ids1410fc3/ol_informix1410.log
TAPEDEV /work1/informix/ids1410fc3/backups
TAPESIZE 0
TAPEBLK 32
LTAPEDEV /dev/null
LTAPESIZE 0
LTAPEBLK 32
PHYSFILE 65430
PHYSBUFF 512
LOGFILES 20
LOGSIZE 6144
LOGBUFF 256
DYNAMIC_LOGS 2
LTXHWM 70
LTXEHWM 80
[informix@db2 backups]$ strings db2_0_L0 | head -30
Archive Backup TapeIBM Informix Dynamic Server Version 14.10.FC3DETue Mar 31 09:55:07 2020informix/dev/pts/0
/work1/informix/ids1410fc3/backups/
aes192
DQZQ
QX9p
a5b(
H%*g
wecI
)rO0"
z\$b
#_t;
azXX
aW`g
$9s~f
{Rus
T<.u
(;*&
[!wS
{'dT
g9c%
k#|~
G)9)1
>X2B
CnSq
]SJ~
kmt9
ol!n
>JMsy
b!9~`
[C4R
-- 4. 통합 백업 암호화 기능 및 BACKUP_FILTER, RESTORE_FILTER를 설정하고 ontape 백업 수행
[informix@db2 backups]$ vi $INFORMIXDIR/etc/$ONCONFIG
[informix@db2 backups]$ onstat -c | egrep '^BACKUP_FILTER|^RESTORE_FILTER|^BAR_ENC'
BACKUP_FILTER /bin/gzip
RESTORE_FILTER /bin/gunzip
BAR_ENCRYPTION keyfile=/work1/informix/ids1410fc3/etc/l_key192,cipher=aes192
[informix@db2 backups]$ ontape -s -L 0
The backup volume will be encrypted.
Using the backup and restore filter /bin/gzip.
10 percent done.
20 percent done.
30 percent done.
40 percent done.
100 percent done.
File created: /work1/informix/ids1410fc3/backups/db2_0_L0
Please label this tape as number 1 in the arc tape sequence.
This tape contains the following logical logs:
247
Program over.
[informix@db2 backups]$ ls -la
total 548100
drwxrwxr-x. 3 informix informix 97 Mar 31 09:56 .
drwxr-xr-x. 28 informix informix 4096 Mar 21 22:30 ..
-rw-rw----. 1 informix informix 273186816 Mar 31 09:54 db2_0_20200331_095432_L0
-rw-rw----. 1 informix informix 273186816 Mar 31 09:55 db2_0_20200331_095507_L0
-rw-rw----. 1 informix informix 14876672 Mar 31 09:56 db2_0_L0
drwxrwxr-x. 2 informix informix 182 Mar 31 09:51 tmp
-- 5. 통합 백업 암호화 기능 및 BACKUP_FILTER, RESTORE_FILTER를 설정하고 ontape 리스토어 수행
[informix@db2 backups]$ onmode -ky
[informix@db2 backups]$ onstat -c | egrep '^BACKUP_FILTER|^RESTORE_FILTER|^BAR_ENC'
BACKUP_FILTER /bin/gzip
RESTORE_FILTER /bin/gunzip
BAR_ENCRYPTION keyfile=/work1/informix/ids1410fc3/etc/l_key192,cipher=aes192
[informix@db2 backups]$ ontape -r
Restore will use level 0 archive file /work1/informix/ids1410fc3/backups/db2_0_L0. Press Return to continue ...
The volume to restore is encrypted.
Using the backup and restore filter /bin/gunzip.
Archive Tape Information
Tape type: Archive Backup Tape
Online version: IBM Informix Dynamic Server Version 14.10.FC3DE
Archive date: Tue Mar 31 09:56:06 2020
User id: informix
Terminal id: /dev/pts/0
Archive level: 0
Tape device: /work1/informix/ids1410fc3/backups/
Tape blocksize (in k): 32
Tape size (in k): system defined for directory
Tape number in series: 1
Backup filter: /bin/gzip
Spaces to restore:1 [rootdbs ]
2 [plog ]
3 [llog ]
4 [datadbs1 ]
5 [datadbs2 ]
6 [datadbs3 ]
7 [data8dbs1 ]
8 [data8dbs2 ]
9 [data8dbs3 ]
10 [sbspace1 ]
Archive Information
IBM Informix Dynamic Server Copyright 2001, 2019 IBM Corporation
Initialization Time 01/08/2020 22:26:54
System Page Size 2048
Version 31
Index Page Logging OFF
Archive CheckPoint Time 03/31/2020 09:56:05
Dbspaces
number flags fchunk nchunks flags owner name
1 10000001 1 2 N AE informix rootdbs
2 11000001 2 1 N P AE informix plog
3 10000001 3 1 N AE informix llog
4 10000001 4 1 N AE informix datadbs1
5 10000001 5 1 N AE informix datadbs2
6 10000001 6 1 N AE informix datadbs3
7 10000001 7 1 N AE informix data8dbs1
8 10000001 8 1 N AE informix data8dbs2
9 10000001 9 1 N AE informix data8dbs3
10 10002001 10 1 N T AE informix tmpdbspace
11 10008001 11 1 N S AE informix sbspace1
12 1000a001 12 1 N U AE informix tmpsbspace
Chunks
chk/dbs offset size free bpages flags pathname
1 1 0 78848 9236 PO--- /work1/informix/ids1410fc3/storage/rootdbs
2 2 0 32768 0 PO--E /work1/informix/ids1410fc3/storage/ol_informix1410_2_plog_p_1
3 3 0 70244 4791 PO--E /work1/informix/ids1410fc3/storage/ol_informix1410_2_llog_p_1
4 4 0 32768 21236 PO--E /work1/informix/ids1410fc3/storage/ol_informix1410_2_datadbs1_p_1
5 5 0 32768 32715 PO--E /work1/informix/ids1410fc3/storage/ol_informix1410_2_datadbs2_p_1
6 6 0 32768 32715 PO--E /work1/informix/ids1410fc3/storage/ol_informix1410_2_datadbs3_p_1
7 7 0 32768 32556 PO--E /work1/informix/ids1410fc3/storage/ol_informix1410_2_data8dbs1_p_1
8 8 0 32768 32556 PO--E /work1/informix/ids1410fc3/storage/ol_informix1410_2_data8dbs2_p_1
9 9 0 32768 32556 PO--E /work1/informix/ids1410fc3/storage/ol_informix1410_2_data8dbs3_p_1
10 10 0 429812 429376 PO--E /work1/informix/ids1410fc3/storage/ol_informix1410_2_tmpdbspace_p_1
11 11 0 32768 8466 POS-- /work1/informix/ids1410fc3/storage/ol_informix1410_2_sbspace1_p_1
12 12 0 32768 8466 POS-- /work1/informix/ids1410fc3/storage/ol_informix1410_2_tmpsbspace_p_1
13 1 0 60314 72 PO--E /work1/informix/ids1410fc3/storage/ol_informix1410_rootdbs_p_1
Continue restore? (y/n)y
Do you want to back up the logs? (y/n)n
The volume to restore is encrypted.
Using the backup and restore filter /bin/gunzip.
Warning: Parameter's user-configured value was adjusted. (DS_MAX_SCANS)
Warning: Parameter's user-configured value was adjusted. (ONLIDX_MAXMEM)
Restore a level 1 archive (y/n) n
Do you want to restore log tapes? (y/n)n
/work1/informix/ids1410fc3/bin/onmode -sy
Program over.
[informix@db2 backups]$ onstat -m
IBM Informix Dynamic Server Version 14.10.FC3DE -- Quiescent -- Up 00:00:26 -- 566920 Kbytes
Message Log File: /work1/informix/ids1410fc3/ol_informix1410.log
10:11:58 Physical Recovery Complete: 0 Pages Examined, 0 Pages Restored.
10:11:58 Clearing encrypted primary chunk 10 before initialization...
10:11:58 Clearing encrypted primary chunk 12 before initialization...
10:11:58 Logical Recovery Started.
10:11:58 72 recovery worker threads will be started.
10:12:00 Logical Recovery has reached the transaction cleanup phase.
10:12:00 Logical Recovery Complete.
0 Committed, 0 Rolled Back, 0 Open, 0 Bad Locks
10:12:01 Bringing system to Quiescent Mode with no Logical Restore.
10:12:02 Quiescent Mode
10:12:02 Checkpoint Completed: duration was 0 seconds.
10:12:02 Tue Mar 31 - loguniq 247, logpos 0x1ee018, timestamp: 0xeb6d094 Interval: 264
10:12:02 Maximum server connections 0
10:12:02 Checkpoint Statistics - Avg. Txn Block Time 0.000, # Txns blocked 0, Plog used 0, Llog used 1
10:12:04 Defragmenter cleaner thread now running
10:12:04 Defragmenter cleaner thread cleaned:0 partitions테스트 결과로 보면 암호화된 백업본이라도 압축이 잘 되는 것을 확인할 수 있습니다.
참고 사이트 :
반응형
댓글
링크
최근에 올라온 글
최근에 달린 댓글
- Total
- Today
- Yesterday