This discussion is archived
2 Replies Latest reply: Jan 29, 2012 5:07 AM by 473111 RSS

Restrict acces to Exadata instances

473111 Newbie
Currently Being Moderated
Hi,

In case you are running multiple instances on a EXADATA machine serving different departments, what is the best way to restrict the access based on a subnet?

although i will have different service names there will be no vlans in place.

Cheers,
Dani
  • 1. Re: Restrict acces to Exadata instances
    Marc Fielding Journeyer
    Currently Being Moderated
    Hi Dani,

    Since you're running completely separate database instances, I can think of a few ways to do this:

    - Separate listeners, using sqlnet.ora TCP.VALIDNODE_CHECKING and TCP.INVITED_NODES to restrict who can connect
    - Separate listeners for each database and instance, combined with network-level firewalling (although I wouldn't recommend host-based firewalling on Exadata database servers)
    - DB login trigger to disconnect sessions who are using the wrong subnet/service combination
    - Implement Oracle Database Firewall, or a comparable third-party product, and create IP- and service-name-based policies

    Marc
  • 2. Re: Restrict acces to Exadata instances
    473111 Newbie
    Currently Being Moderated
    Hi Mark,

    Thank you very much for your reply.

    I did more research and i guess Oracle database firewall can be replaced with Connection manager.

    For you and others who might cross this thread let me share my findings - hope will be useful.

    https://sites.google.com/site/connectassysdba/oracle-rac-11-2-multiple-listener

    http://arup.blogspot.com/2011/08/setting-up-oracle-connection-manager.html

    http://levipereira.wordpress.com/2011/10/22/how-configure-multiples-public-network-an-grid-infrastructure-11g-r2-11-2-environment/

    Dani

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points