Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> OEM GC and port security

OEM GC and port security

From: Herring Dave - dherri <Dave.Herring_at_acxiom.com>
Date: Mon, 11 Dec 2006 11:05:19 -0600
Message-ID: <7ED53A68952D3B4C9540B4EFA5C76E36028F922F@CWYMSX04.Corp.Acxiom.net> 





Folks,

 



I'm trying to setup OEM GC 10g (R2) on a 32-bit server running RHEL 4.
What I'm struggling with is configuring security as it relates to the
various ports GC uses.  According to .../oms10g/install/portlist.ini,
the following ports will be used:

 



Oracle HTTP Server port =  7779



Oracle HTTP Server Listen port = 7780



Oracle HTTP Server SSL port = 8250



Oracle HTTP Server Listen (SSL) port = 4444



Oracle Notification Server Request port = 6003



Oracle Notification Server Local port = 6101



Oracle Notification Server Remote port = 6200



ASG port = 7890



Oracle HTTP Server Diagnostic port = 7200



Application Server Control RMI port = 1850



Log Loader port = 44000



Java Object Cache port = 7000



DCM Discovery port = 7100



Oracle Management Agent Port = 1157



Application Server Control port = 1156



Web Cache HTTP Listen port = 7779



Web Cache HTTP Listen (SSL) port = 8250



Web Cache Administration port = 9400



Web Cache Invalidation port = 9401



Web Cache Statistics port = 9402



Enterprise Manager Central Console Port = 4889



Enterprise Manager Central Console Secure Port = 1159

 



By default all ports are closed on our servers and I have to open a
security request per port, listing IPs that will access the port and the
direction of communication, as in IP xxx can initiate a conversation
with port y and/or port y can initiate a conversation with IP xxx.

 



The above list of ports is helpful, but I'd appreciate if someone could
help out with defining the rules for each of the given ports.  

 



For example:



(1)  port 1157.  If the repository is running on SERVERA and there are

2+ databases on SERVERA, does port 1157 need to be opened to communicate
both directions with SERVERA?  Seems odd, but then again this detailed
level of security is new to me.



(2)  If I'm to discover other servers (and Oracle services on them), do

agents on SERVERA and these other servers need to be opened to
communicate in both directions to/from SERVERA?



(3)  Is any access necessary to/from my PCs IP or IP subnet?  I could

always run FireFox on the server itself to get a web interface going for
the console if I had to.

 



Thanks in advance for any help on this.

 



Dave






Dave Herring, DBA



Acxiom Corporation



3333 Finley



Downers Grove, IL 60515



wk: 630.944.4762



<mailto:dherri_at_acxiom.com <mailto:dherri_at_acxiom.com> >




 



"When I come home from work and see those little noses pressed against
the windowpane, then I know I am a success" - Paul Faulkner

 





The information contained in this communication is confidential, is
intended only for the use of the recipient named above, and may be legally
privileged.



If the reader of this message is not the intended recipient, you are
hereby notified that any dissemination, distribution or copying of this
communication is strictly prohibited.



If you have received this communication in error, please resend this
communication to the sender and delete the original message or any copy
of it from your computer system.



Thank You.




--
http://www.freelists.org/webpage/oracle-l


Received on Mon Dec 11 2006 - 11:05:19 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US