Re: Safe access to just 1 or 2 databases on RAC cluster via VPN?
Date: Fri, 27 May 2016 10:37:22 -0400
Message-ID: <CAM6TEvJq7kyjuCuHWWc0fWU8+Dtsp1fg9pE7-FkihfdkndFbvw_at_mail.gmail.com>
If Grid Infrastructure 12.x, you can add additional network, vips, listener, and then set the local_listener and remote_listener parameters, and then you could restrict access to IP over VPN? It might not be worth the trouble but that is another possibility.
On Fri, May 27, 2016 at 9:27 AM, Andy Wattenhofer <watt0012_at_umn.edu> wrote:
> Have you looked at Oracle Connection Manager?
>
> Andy
>
> On Fri, May 27, 2016 at 7:30 AM, David Mann <dmann99_at_gmail.com> wrote:
>
>>
>> I have a customer that is requesting to add IP addresses of all nodes in
>> a cluster to their VPN so they can access a subset of databases on the
>> cluster.
>>
>> If they were the only organization that had databases on that cluster I
>> wouldn't have an issue - but there are other databases on there that have
>> nothing to do with their workflow.
>>
>> In the past I would usually work to get them on their own isolated
>> machine or cluster so the VPN endpoints could be added to their b2b VPN and
>> they would only have access to systems which only housed their data. I
>> don't have that option in this case.
>>
>> I was thinking about setting up a listener for them on another port which
>> was only configured for their subset of databases... And block access to
>> the general scan listener already set up on the cluster. Would this afford
>> any protection to attempts to connect to other databases on the cluster? Or
>> better to approach this from a firewall configuration standpoint?
>>
>> --
>> Dave Mann
>> General Geekery | www.brainio.us
>> Database Geekery | www.ba6.us | _at_ba6dotus | http://www.ba6.us/rss.xml
>>
>
>
>
> --
> Andy
>
-- Thomas Roach 813-404-6066 troach_at_gmail.com -- http://www.freelists.org/webpage/oracle-lReceived on Fri May 27 2016 - 16:37:22 CEST