Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: OEM GC and port security

RE: OEM GC and port security

From: Herring Dave - dherri <Dave.Herring_at_acxiom.com>
Date: Mon, 11 Dec 2006 11:10:27 -0600
Message-ID: <7ED53A68952D3B4C9540B4EFA5C76E36028F9236@CWYMSX04.Corp.Acxiom.net> 





Folks,



(retry in plain text)



I'm trying to setup OEM GC 10g (R2) on a 32-bit server running RHEL 4.  What I'm struggling with is configuring security as it relates to the various ports GC uses.  According to .../oms10g/install/portlist.ini, the following ports will be used:



Oracle HTTP Server port =  7779


Oracle HTTP Server Listen port = 7780


Oracle HTTP Server SSL port = 8250


Oracle HTTP Server Listen (SSL) port = 4444
Oracle Notification Server Request port = 6003
Oracle Notification Server Local port = 6101
Oracle Notification Server Remote port = 6200
ASG port = 7890


Oracle HTTP Server Diagnostic port = 7200
Application Server Control RMI port = 1850
Log Loader port = 44000


Java Object Cache port = 7000


DCM Discovery port = 7100


Oracle Management Agent Port = 1157


Application Server Control port = 1156


Web Cache HTTP Listen port = 7779


Web Cache HTTP Listen (SSL) port = 8250


Web Cache Administration port = 9400


Web Cache Invalidation port = 9401


Web Cache Statistics port = 9402


Enterprise Manager Central Console Port = 4889
Enterprise Manager Central Console Secure Port = 1159



By default all ports are closed on our servers and I have to open a security request per port, listing IPs that will access the port and the direction of communication, as in IP xxx can initiate a conversation with port y and/or port y can initiate a conversation with IP xxx.



The above list of ports is helpful, but I'd appreciate if someone could help out with defining the rules for each of the given ports.  



For example:


       (1)  port 1157.  If the repository is running on SERVERA and there are 2+ databases on SERVERA, does port 1157 need to be opened to communicate both directions with SERVERA?  Seems odd, but then again this detailed level of security is new to me.

       (2)  If I'm to discover other servers (and Oracle services on them), do agents on SERVERA and these other servers need to be opened to communicate in both directions to/from SERVERA?

       (3)  Is any access necessary to/from my PCs IP or IP subnet?  I could always run FireFox on the server itself to get a web interface going for the console if I had to.




Thanks in advance for any help on this.



Dave




Dave Herring, DBA


Acxiom Corporation


3333 Finley


Downers Grove, IL 60515


wk: 630.944.4762


<mailto:dherri_at_acxiom.com>




 


"When I come home from work and see those little noses pressed against the windowpane, then I know I am a success" - Paul Faulkner




The information contained in this communication is confidential, is
intended only for the use of the recipient named above, and may be
legally privileged.



If the reader of this message is not the intended recipient, you are 
hereby notified that any dissemination, distribution or copying of this
communication is strictly prohibited.



If you have received this communication in error, please resend this
communication to the sender and delete the original message or any copy
of it from your computer system.



Thank you.



--
http://www.freelists.org/webpage/oracle-l


Received on Mon Dec 11 2006 - 11:10:27 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US