In case you are running multiple instances on a EXADATA machine serving different departments, what is the best way to restrict the access based on a subnet?
although i will have different service names there will be no vlans in place.
Since you're running completely separate database instances, I can think of a few ways to do this:
- Separate listeners, using sqlnet.ora TCP.VALIDNODE_CHECKING and TCP.INVITED_NODES to restrict who can connect
- Separate listeners for each database and instance, combined with network-level firewalling (although I wouldn't recommend host-based firewalling on Exadata database servers)
- DB login trigger to disconnect sessions who are using the wrong subnet/service combination
- Implement Oracle Database Firewall, or a comparable third-party product, and create IP- and service-name-based policies
Thank you very much for your reply.
I did more research and i guess Oracle database firewall can be replaced with Connection manager.
For you and others who might cross this thread let me share my findings - hope will be useful.