Re: RAC server network encryption

From: Ricard Martinez <ricard.martinez_at_gmail.com>
Date: Wed, 10 Jul 2019 22:56:05 +0100
Message-ID: <CAFGV9uk6Gfgw4PmAho=p1Xia6nYxq47QCQf2MBo58H_c2t4+HQ_at_mail.gmail.com>

Thanks,
So in a standard RAC configuration, as scan listener and local listener are running from grid_home, then the sqlnet.ora used will be grid_home one. But if you have scan listener on grid_home and a non-default local listener running from db_home, then you will need to configure both sqlnet.ora. Is that correct?

On Wed, Jul 10, 2019 at 9:29 PM Shane Borden <sborden76_at_gmail.com> wrote:

> It all depends on which home you have the listener running out of and
> which home you are using if you make local connections to your database.
>
> Shamelss plug, but I have a blog post on this very topic:
>
> https://stborden.wordpress.com/2017/04/24/oracle-native-network-encryption/
>
> Shane Borden
>
> On Jul 10, 2019, at 4:26 PM, Ricard Martinez <ricard.martinez_at_gmail.com>
> wrote:
>
> Thanks, but not really useful as the mos defines the listener parameters
> in grid_home and the sqlnet.ora in db_home.
> For example on this doc
> https://docs.oracle.com/en/database/oracle/oracle-database/12.2/netrf/parameters-for-the-sqlnet-ora-file.html#GUID-CF0CE176-074D-4017-93EC-25EB2C014B72
> it specifies on the parameter tcp.validnode_cheking:
> "This is important in an Oracle RAC environment where the listener runs
> out of the Oracle Grid Infrastructure home. Setting the parameter in the
> database home does not have any effect in Oracle RAC environments."
> but sqlnet.encryption_server that is one of the ones I want to configure
> nothing is clarified only the 4 possible parameters.
>
> My understanding is that using grid_home sqlnet.ora has logic has client
> connects using the scan, that is redirect to the local listener, but then
> is the local listener that handles the connection with the client, so if it
> uses the db_home sqlnet.ora and sqlnet.encryption_server is not defined, is
> the encryption not used?
>
> Softlink can be a solution, but not easy to implement in my env for
> several reason, so will like to verify if need to apply the parameters to
> only one sqlnet.ora or both.
>
> Regards
>
>
> On Wed, Jul 10, 2019 at 8:58 PM Krishna K <krishna.setwin_at_gmail.com>
> wrote:
>
>> its ideal to have softlink between grid_home and oracle_home sqlnet.ora
>> The mos note has detailed info -- Doc ID 1448841.1
>>
>> On Wed, Jul 10, 2019 at 2:44 PM Ricard Martinez <
>> ricard.martinez_at_gmail.com> wrote:
>>
>>> Thanks, but based on?
>>> Everything been reading points to ORACLE_HOME, but unclear about if that
>>> means grid_home.
>>> Can you point me to a doc/whitepaper or something like that?
>>>
>>>
>>> On Wed, Jul 10, 2019 at 8:09 PM Krishna K <krishna.setwin_at_gmail.com>
>>> wrote:
>>>
>>>> grid_home sqlnet.ora
>>>>
>>>> On Wed, Jul 10, 2019 at 1:52 PM Ricard Martinez <
>>>> ricard.martinez_at_gmail.com> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> Trying to configure network encryption in a RAC at server level, but
>>>>> confused about the need to configure the parameters in grid_home sqlnet.ora
>>>>> at all or only db_home sqlnet.ora. Can someone help me clarify it?
>>>>>
>>>>> Thanks
>>>>>
>>>>>
>

--
http://www.freelists.org/webpage/oracle-l

Received on Wed Jul 10 2019 - 23:56:05 CEST

This message: [ Message body ]
Next message: Shane Borden: "Re: RAC server network encryption"
In reply to Shane Borden: "Re: RAC server network encryption"
Next in thread: Adric Norris: "Re: RAC server network encryption"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message