2 Replies Latest reply: Jan 29, 2012 7:07 AM by DanyC RSS

    Restrict acces to Exadata instances


      In case you are running multiple instances on a EXADATA machine serving different departments, what is the best way to restrict the access based on a subnet?

      although i will have different service names there will be no vlans in place.

        • 1. Re: Restrict acces to Exadata instances
          Marc Fielding
          Hi Dani,

          Since you're running completely separate database instances, I can think of a few ways to do this:

          - Separate listeners, using sqlnet.ora TCP.VALIDNODE_CHECKING and TCP.INVITED_NODES to restrict who can connect
          - Separate listeners for each database and instance, combined with network-level firewalling (although I wouldn't recommend host-based firewalling on Exadata database servers)
          - DB login trigger to disconnect sessions who are using the wrong subnet/service combination
          - Implement Oracle Database Firewall, or a comparable third-party product, and create IP- and service-name-based policies

          • 2. Re: Restrict acces to Exadata instances
            Hi Mark,

            Thank you very much for your reply.

            I did more research and i guess Oracle database firewall can be replaced with Connection manager.

            For you and others who might cross this thread let me share my findings - hope will be useful.