Documente Academic
Documente Profesional
Documente Cultură
• Access control
• Session multiplexing
CMAN Configuration
(PARAMETER_LIST=
(ASO_AUTHENTICATION_FILTER=ON)
(CONNECTION_STATISTICS=NO)
(EVENT_GROUP=INIT_AND_TERM,MEMORY_OPS,PROCESS_MGMT)
(IDLE_TIMEOUT=30)
(INBOUND_CONNECT_TIMEOUT=30)
(MAX_CMCTL_SESSIONS=6)
(MAX_CONNECTIONS=512)
(MAX_GATEWAY_PROCESSES=10)
(MIN_GATEWAY_PROCESSES=4)
(OUTBOUND_CONNECT_TIMEOUT=30)
(REMOTE_ADMIN=YES)
(SESSION_TIMEOUT=60)
CMAN Parameter List
(LOG_DIRECTORY=/tmp)
(LOG_LEVEL=SUPPORT)
(TRACE_DIRECTORY=/tmp)
(TRACE_FILELEN=1000)
(TRACE_FILENO=2)
(TRACE_LEVEL=SUPPORT)
(TRACE_TIMESTAMP=ON))
CMAN Access Control
CMAN.ORA Access control
• The access control rule list specifies which connections are
accepted, rejected, or dropped
(RULE_LIST=
(RULE= (SRC=host)(DST=host)(SRV=service_name)
(ACT={accept|reject|drop})
(ACTION_LIST=AUT=on|off ((CONN_STATS=yes|no)
(MCT=time)(MIT=time)(MOCT=time)))
RULE_LIST
SRC = Source (client) DST = Destination
SRV = Service OR SID ACT = Action
(accept,reject,drop)
CMAN.ORA Access control II
(RULE_LIST=
(RULE= (SRC=host)(DST=host)(SRV=service_name)
(ACT={accept|reject|drop})
(ACTION_LIST=AUT=on|off ((CONN_STATS=yes|no)
(MCT=time)(MIT=time)(MOCT=time)))
ACTION_LIST
AUT = Oracle Advanced Security authentication on client side
CONN_STATS = log input and output statistics
MCT = maximum connect time MIT = maximum idle timeout
MOCT = maximum outbound connect time
CMON service
Access control must have a rule for CMON, otherwise cman will
not start
(rule_list=
(rule=
(src=client1)(dst=*)(srv=ORCL)(act=drop)
REMOTE_LISTENER=cman_listener_alias
Or
REMOTE_LISTENER=(ADDRESS = (PROTOCOL =
TCP)(HOST = sample.com )(PORT = 1999))
RDBMS Service
CMCTL:cman1> show services
Services Summary...
……
Service “orcl.sample.com" has 1 instance(s).
Instance “orcl", status READY, has 2 handler(s) for this service...
Handler(s):
"D000" established:0 refused:0 current:0 max:16383 state:ready
DISPATCHER <machine: sample, pid: 6906>
(ADDRESS=(PROTOCOL=tcp)(HOST=sample.com)(PORT=5028
3))
"DEDICATED" established:0 refused:0 state:ready
REMOTE SERVER
(address=(protocol=tcp)(host=sample)(port=1525))
The command completed successfully.
Client Setup
No SOURCE_ROUTE as per versions < 9i
Test =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST =
sample.com)(PORT = 1999))
)
(CONNECT_DATA =
(SERVICE_NAME = ORCL)
)
)
SQLplus username/password@test
Migration Tool
cmmigr [cman.ora_location]
xxx_alert.log
xxx_cmadmin_pid.trc
xxx_pid.trc Tracing and Logging
xxx_cmgw_pid.trc
xxx_cmgw_pid.trc
xxx_cmadmin_pid.log
xxx_pid.log
xxx_cmgw_pid.log
xx_cmgw_pid.log
Start a telnet session and connect to your database server. Log in and check the
usage of sockets/ports by issuing the following command:
netstat -na | grep your_client_ip_address | grep ESTABLISHED
where your_client_ip_address is the IP address of your PC.
You should see something similar to the following:
The output line will show the established connections from your client using the
TCP protocol. This indicates the socket used by your telnet session. More than one
line of output indicates that you have more than one connection established to the
server.
.
3.Use Oracle Net Manager to add a service name entry that will specify that
Oracle Connection Manager should be used to connect to the database on your
server.
5.From your telnet session, check how many sockets you are now using.
What is the explanation for the number of sockets used?
6.Exit your SQL*Plus sessions and verify that you just have one socket where a
connection is established.
8.Start your instance and establish two SQL*Plus connections from your client.
9.Specify the user name of system, password manager, and your new service name.