Safe access to just 1 or 2 databases on RAC cluster via VPN?

From: David Mann <dmann99_at_gmail.com>
Date: Fri, 27 May 2016 08:30:05 -0400
Message-ID: <CAGazuyUbaq69z-Q1vFiPJg2qfynkLjbBUoSfUOQ+oof=zpUWVA_at_mail.gmail.com>

I have a customer that is requesting to add IP addresses of all nodes in a cluster to their VPN so they can access a subset of databases on the cluster.

If they were the only organization that had databases on that cluster I wouldn't have an issue - but there are other databases on there that have nothing to do with their workflow.

In the past I would usually work to get them on their own isolated machine or cluster so the VPN endpoints could be added to their b2b VPN and they would only have access to systems which only housed their data. I don't have that option in this case.

I was thinking about setting up a listener for them on another port which was only configured for their subset of databases... And block access to the general scan listener already set up on the cluster. Would this afford any protection to attempts to connect to other databases on the cluster? Or better to approach this from a firewall configuration standpoint?

--

Dave Mann
General Geekery | www.brainio.us
Database Geekery | www.ba6.us | _at_ba6dotus | http://www.ba6.us/rss.xml

--

http://www.freelists.org/webpage/oracle-l Received on Fri May 27 2016 - 14:30:05 CEST

This message: [ Message body ]
Next message: Niall Litchfield: "Re: MGMTDB/LSNR 12c"
Previous message: Abhinav Gupta: "Re: MGMTDB/LSNR 12c"
Next in thread: Andy Wattenhofer: "Re: Safe access to just 1 or 2 databases on RAC cluster via VPN?"
Reply: Andy Wattenhofer: "Re: Safe access to just 1 or 2 databases on RAC cluster via VPN?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message