Re: Keeping a DB from Phoning Home...

From: Mark Bobak <Mark.Bobak_at_proquest.com>
Date: Thu, 12 Sep 2013 16:10:51 +0000
Message-ID: <CE575FB3.35936%Mark.Bobak_at_ProQuest.com>

Er, that should be "10.0.0.0/8".

On 9/12/13 12:09 PM, "Bobak, Mark" <Mark.Bobak_at_proquest.com> wrote:

>Hi Dave,
>
>I'm not sure how much flexibility you have, but, if the goal is to allow
>communication w/ the app server, but be 100% sure that there is no way for
>the db to talk to anything else, then just put the app servers and the db
>server in the same LAN, and use IP addresses from the private,
>non-routable blocks, such as 10.0.0.0/24 or 192.168.0.0/16. The db and app
>servers will be able to talk to each other, but there's no chance that
>they will be able to get to any other systems, or that any other systems
>would be able to talk to them.
>
>If you're not sure how to do that, you may want to have a chat with your
>network engineering group. It should be pretty trivial to set up.
>
>Hope that helps,
>
>-Mark
>
>On 9/12/13 11:07 AM, "David Mann" <dmann99_at_gmail.com> wrote:
>
>>I am helping a sysadmin archive a regulated system that is slated for
>>retirement. Long story short is we have it up and running on a HP-UX
>>emulator but have the network interfaces turned off. We also have some
>>app
>>servers that will be archived parallel to the server the DB is running
>>on.
>>The goal is to be able to turn on the network interfaces so we can access
>>the DB with the app servers for some validation activities before the
>>final
>>archival... but we don't know the condition of the database, it is a
>>total
>>black box to us. We want to make sure it does not try to access any
>>network
>>resources like DB Links, sockets opened with Java, etc. as we are not
>>sure
>>what other internal systems it was communicating with when it was turned
>>off.
>>
>>The sysadmin currently has the DB running and all network interfaces
>>turned
>>off. I was thinking of starting the DB and using NetStat or whatever the
>>HP-UX equivalent was but with interfaces turned off I don't think we
>>would
>>be able to observe any outgoing port activity.
>>
>>So I get access to SQL*Plus on the console later this week. My plan so
>>far
>>is to check the following things before turning on the network interfaces
>>and starting up the DB:
>>
>>1) Set OPEN_LINKS to 0 to prevent attempts to open DB links.
>>
>>2) Set JOB_QUEUES_PROCESSES to 0 - I don't have evidence that any jobs
>>will
>>cause something to initiate network access but want to cover the bases.
>>
>>3) Check DBA_JAVA_POLICY for any Network/Socket related policies and
>>investigate further if I find any.
>>
>>4) ??? :)
>>
>>After that I'm stumped. If you had a 9i DB that was a black box to you
>>and
>>were trying to ensure it was not going to try to initiate any outgoing
>>activity when you started it up what would you do?
>>
>>-Dave
>>
>>--
>>Dave Mann
>>General Geekery | www.brainio.us
>>Database Geekery | www.ba6.us | _at_ba6dotus | http://www.ba6.us/rss.xml
>>
>>
>>--
>>http://www.freelists.org/webpage/oracle-l
>>
>>
>>
>>
>

--
http://www.freelists.org/webpage/oracle-l

Received on Thu Sep 12 2013 - 18:10:51 CEST

This message: [ Message body ]
Next message: David Mann: "Re: Keeping a DB from Phoning Home..."
Previous message: Hans Forbrich: "Re: Optimizer ignoring hints"
In reply to: Mark Bobak: "Re: Keeping a DB from Phoning Home..."
Next in thread: Mark W. Farnham: "RE: Keeping a DB from Phoning Home..."

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message