Re: RAC server network encryption

From: Shane Borden <sborden76_at_gmail.com>
Date: Wed, 10 Jul 2019 16:29:53 -0400
Message-Id: <755A9C7B-6919-483F-B10A-D37DEAC4C3C8_at_gmail.com>

It all depends on which home you have the listener running out of and which home you are using if you make local connections to your database.

Shamelss plug, but I have a blog post on this very topic:

https://stborden.wordpress.com/2017/04/24/oracle-native-network-encryption/

Shane Borden

> On Jul 10, 2019, at 4:26 PM, Ricard Martinez <ricard.martinez_at_gmail.com> wrote:
>
> Thanks, but not really useful as the mos defines the listener parameters in grid_home and the sqlnet.ora in db_home.
> For example on this doc https://docs.oracle.com/en/database/oracle/oracle-database/12.2/netrf/parameters-for-the-sqlnet-ora-file.html#GUID-CF0CE176-074D-4017-93EC-25EB2C014B72 <https://docs.oracle.com/en/database/oracle/oracle-database/12.2/netrf/parameters-for-the-sqlnet-ora-file.html#GUID-CF0CE176-074D-4017-93EC-25EB2C014B72> it specifies on the parameter tcp.validnode_cheking:
> "This is important in an Oracle RAC environment where the listener runs out of the Oracle Grid Infrastructure home. Setting the parameter in the database home does not have any effect in Oracle RAC environments."
> but sqlnet.encryption_server that is one of the ones I want to configure nothing is clarified only the 4 possible parameters.
>
> My understanding is that using grid_home sqlnet.ora has logic has client connects using the scan, that is redirect to the local listener, but then is the local listener that handles the connection with the client, so if it uses the db_home sqlnet.ora and sqlnet.encryption_server is not defined, is the encryption not used?
>
> Softlink can be a solution, but not easy to implement in my env for several reason, so will like to verify if need to apply the parameters to only one sqlnet.ora or both.
>
> Regards
>
>
> On Wed, Jul 10, 2019 at 8:58 PM Krishna K <krishna.setwin_at_gmail.com <mailto:krishna.setwin_at_gmail.com>> wrote:
> its ideal to have softlink between grid_home and oracle_home sqlnet.ora
> The mos note has detailed info -- Doc ID 1448841.1
>
> On Wed, Jul 10, 2019 at 2:44 PM Ricard Martinez <ricard.martinez_at_gmail.com <mailto:ricard.martinez_at_gmail.com>> wrote:
> Thanks, but based on?
> Everything been reading points to ORACLE_HOME, but unclear about if that means grid_home.
> Can you point me to a doc/whitepaper or something like that?
>
>
> On Wed, Jul 10, 2019 at 8:09 PM Krishna K <krishna.setwin_at_gmail.com <mailto:krishna.setwin_at_gmail.com>> wrote:
> grid_home sqlnet.ora
>
> On Wed, Jul 10, 2019 at 1:52 PM Ricard Martinez <ricard.martinez_at_gmail.com <mailto:ricard.martinez_at_gmail.com>> wrote:
> Hi,
>
> Trying to configure network encryption in a RAC at server level, but confused about the need to configure the parameters in grid_home sqlnet.ora at all or only db_home sqlnet.ora. Can someone help me clarify it?
>
> Thanks
>

--
http://www.freelists.org/webpage/oracle-l

Received on Wed Jul 10 2019 - 22:29:53 CEST

This message: [ Message body ]
Next message: Ricard Martinez: "Re: RAC server network encryption"
Previous message: Ricard Martinez: "Re: RAC server network encryption"
In reply to: Ricard Martinez: "Re: RAC server network encryption"
In reply to Krishna K: "Re: RAC server network encryption"
Next in thread: Ricard Martinez: "Re: RAC server network encryption"
Reply: Ricard Martinez: "Re: RAC server network encryption"
Reply: Shane Borden: "Re: RAC server network encryption"
Reply: Shane Borden: "Re: RAC server network encryption"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message