Re: RAC server network encryption

Hi,

in single instance is used sqlnet.ora from db home not listener (grid) home. But the best way is to set env variable TNS_ADMIN for the database, e.g. srvctl
setenv database -db mydb -env TNS_ADMIN=/oracle/my_tns_dir then I can have different setting for each database running under the same ORACLE_HOME.
Marian

št 11. 7. 2019 o 0:27 Shane Borden <sborden76_at_gmail.com> napísal(a):

> That is my understanding yes.
>
> Shane
>
> On Jul 10, 2019, at 5:56 PM, Ricard Martinez <ricard.martinez_at_gmail.com>
> wrote:
>
> Thanks,
> So in a standard RAC configuration, as scan listener and local listener
> are running from grid_home, then the sqlnet.ora used will be grid_home one.
> But if you have scan listener on grid_home and a non-default local
> listener running from db_home, then you will need to configure both
> sqlnet.ora.
> Is that correct?
>
>
> On Wed, Jul 10, 2019 at 9:29 PM Shane Borden <sborden76_at_gmail.com> wrote:
>
>> It all depends on which home you have the listener running out of and
>> which home you are using if you make local connections to your database.
>>
>> Shamelss plug, but I have a blog post on this very topic:
>>
>>
>> https://stborden.wordpress.com/2017/04/24/oracle-native-network-encryption/
>>
>> Shane Borden
>>
>> On Jul 10, 2019, at 4:26 PM, Ricard Martinez <ricard.martinez_at_gmail.com>
>> wrote:
>>
>> Thanks, but not really useful as the mos defines the listener parameters
>> in grid_home and the sqlnet.ora in db_home.
>> For example on this doc
>> https://docs.oracle.com/en/database/oracle/oracle-database/12.2/netrf/parameters-for-the-sqlnet-ora-file.html#GUID-CF0CE176-074D-4017-93EC-25EB2C014B72
>> it specifies on the parameter tcp.validnode_cheking:
>> "This is important in an Oracle RAC environment where the listener runs
>> out of the Oracle Grid Infrastructure home. Setting the parameter in the
>> database home does not have any effect in Oracle RAC environments."
>> but sqlnet.encryption_server that is one of the ones I want to configure
>> nothing is clarified only the 4 possible parameters.
>>
>> My understanding is that using grid_home sqlnet.ora has logic has client
>> connects using the scan, that is redirect to the local listener, but then
>> is the local listener that handles the connection with the client, so if it
>> uses the db_home sqlnet.ora and sqlnet.encryption_server is not defined, is
>> the encryption not used?
>>
>> Softlink can be a solution, but not easy to implement in my env for
>> several reason, so will like to verify if need to apply the parameters to
>> only one sqlnet.ora or both.
>>
>> Regards
>>
>>
>> On Wed, Jul 10, 2019 at 8:58 PM Krishna K <krishna.setwin_at_gmail.com>
>> wrote:
>>
>>> its ideal to have softlink between grid_home and oracle_home sqlnet.ora
>>> The mos note has detailed info -- Doc ID 1448841.1
>>>
>>> On Wed, Jul 10, 2019 at 2:44 PM Ricard Martinez <
>>> ricard.martinez_at_gmail.com> wrote:
>>>
>>>> Thanks, but based on?
>>>> Everything been reading points to ORACLE_HOME, but unclear about if
>>>> that means grid_home.
>>>> Can you point me to a doc/whitepaper or something like that?
>>>>
>>>>
>>>> On Wed, Jul 10, 2019 at 8:09 PM Krishna K <krishna.setwin_at_gmail.com>
>>>> wrote:
>>>>
>>>>> grid_home sqlnet.ora
>>>>>
>>>>> On Wed, Jul 10, 2019 at 1:52 PM Ricard Martinez <
>>>>> ricard.martinez_at_gmail.com> wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> Trying to configure network encryption in a RAC at server level, but
>>>>>> confused about the need to configure the parameters in grid_home sqlnet.ora
>>>>>> at all or only db_home sqlnet.ora. Can someone help me clarify it?
>>>>>>
>>>>>> Thanks
>>>>>>
>>>>>>
>>
>

--
http://www.freelists.org/webpage/oracle-l