| Oracle9i Net Services Administrator's Guide Release 2 (9.2) Part Number A96580-02 |
|
|
View PDF |
| Oracle9i Net Services Administrator's Guide Release 2 (9.2) Part Number A96580-02 |
|
|
View PDF |
This chapter describes how to configure advanced features of Oracle Net Services, including advanced connect data parameters, load balancing, failover, and connections to non-database services.
This chapter contains these topics:
This section contains the following advanced connect descriptor topics:
A database service may be accessed by more than one network route, or protocol address. In the following example, sales.us.acme.com can connect to sales.us.acme.com using listeners on either sales1-server or sales2-server.
sales.us.acme.com= (DESCRIPTION= (ADDRESS_LIST= (ADDRESS=(PROTOCOL=tcp)(HOST=sales1-server)(PORT=1521)) (ADDRESS=(PROTOCOL=tcp)(HOST=sales2-server)(PORT=1521))) (CONNECT_DATA= (SERVICE_NAME=sales.us.acme.com)))
To add a network protocol address to an existing net service name or database service:
The right pane displays the current destination service and address list.
A new Address tab appears:
| See Also:
Oracle9i Net Services Reference Guide for details about protocol address parameters |
| See Also:
"Configuring Address List Parameters" for address list options |
When a database service is accessible by multiple listener protocol addresses, specify the order in which the addresses are to be used. The addresses can be chosen randomly or tried sequentially.
When multiple protocol addresses have been configured for a net service name or database service, you can configure the parameters described in Table 15-1.
| Parameter | Description |
|---|---|
|
|
When set to See Also: "Configuring Clients for Oracle Connection Manager" on page 13-6 |
|
|
At connect time, instructs Oracle Net to fail over to a different listener if the first listener fails when set to Connect-time failover is turned Important: Oracle Corporation recommends not setting the |
|
|
When set to Client load balancing is turned |
Implementation of these parameter depends on the naming method used. Table 15-2 describes the tools to configure connect-time failover or client load balancing. Source routing involves other configuration that goes beyond the scope of this section.
| See Also:
"Configuring Clients for Oracle Connection Manager" for more information about configuring clients for source routing |
| Naming Method | Tool to Configure Address List Options |
|---|---|
|
Local Naming |
See Also: The procedure that follows |
|
Directory Naming |
See Also: The procedure that follows |
|
Oracle Names |
Use either the Oracle Names Control utility's See Also: "Task 7: Register Data with the Oracle Names Server" |
To configure connect-time failover or client load balancing:
The right pane displays the current destination service and address list.
The Address List Options dialog box appears:
Text description of the illustration addrlist.gif
Table 15-3 describes the Address List Options dialog box options.
The following example shows a tnsnames.ora file configured for client load balancing:
sales.us.acme.com= (DESCRIPTION= (ADDRESS_LIST= (LOAD_BALANCE=on) (ADDRESS=(PROTOCOL=tcp)(HOST=sales1-server)(PORT=1521)) (ADDRESS=(PROTOCOL=tcp)(HOST=sales2-server)(PORT=1521))) (CONNECT_DATA= (SERVICE_NAME=sales.us.acme.com)))
The following example shows a tnsnames.ora file configured for connect-time failover:
sales.us.acme.com= (DESCRIPTION= (ADDRESS_LIST= (LOAD_BALANCE=off) (FAILOVER=ON) (ADDRESS=(PROTOCOL=tcp)(HOST=sales1-server)(PORT=1521)) (ADDRESS=(PROTOCOL=tcp)(HOST=sales2-server)(PORT=1521))) (CONNECT_DATA=(SERVICE_NAME=sales.us.acme.com)))
The CONNECT_DATA section of a connect descriptor defines the destination database service. In the following example, SERVICE_NAME defines a service called sales.us.acme.com:
sales.us.acme.com= (DESCRIPTION= (ADDRESS=(PROTOCOL=tcp)(HOST=sales-server)(PORT=1521)) (CONNECT_DATA= (SERVICE_NAME=sales.us.acme.com)))
Besides the service name, you can optionally configure the connect data information with the parameters described in Table 15-4.
| Oracle Net Manager Field/Option | tnsnames.ora File Parameter | Description |
|---|---|---|
|
Instance Name |
|
Use to identify the database instance to access. The instance name can be obtained from the Note: This parameter is not enabled if Use Oracle8i Release 8.0 Compatible Identification is checked. See Also: "About Connect Descriptors" |
|
Session Data Unit Size |
|
To optimize the transfer rate of data packets being sent across the network, you can specify the session data unit (SDU) size to change the performance characteristics having to do with the packets sent across the network. See Also: "Configuring Session Data Unit" |
|
Use for Heterogeneous Services |
|
If you want an Oracle database server to access a non-Oracle system through Heterogeneous Services, turn this option on. See Also: "Configuring Oracle Net Services for Oracle Heterogeneous Services" |
|
Oracle Rdb Settings |
||
|
Oracle RDB Database |
|
Specify the file name of the Oracle Rdb database. See Also: "Configuring Oracle Net Services for an Oracle Rdb Database" |
|
Type of Service |
|
Specify the type of service to use for the Oracle Rdb database. See Also: "Configuring Oracle Net Services for an Oracle Rdb Database" |
|
Global Database Name |
|
Use to identify an Oracle Rdb database. See Also: "Configuring Oracle Net Services for an Oracle Rdb Database" |
Implementation of these parameter depends on the naming method used. Table 15-5 describes the tools to configure connect-time failover or client load balancing. Source routing involves other configuration that goes beyond the scope of this section.
| See Also:
"Configuring Clients for Oracle Connection Manager" for more information about configuring clients for source routing |
| Naming Method | Tool to Configure Multiple Address Options |
|---|---|
|
Local Naming |
See Also: The procedure that follows |
|
Directory Naming |
See Also: The procedure that follows |
|
Oracle Names |
Use either the Oracle Names Control utility's See Also: "Task 7: Register Data with the Oracle Names Server" |
To configure advanced CONNECT_DATA parameters for either a net service name or a database service:
The right pane displays the current destination service and address list.
The Advanced Service Options dialog box appears:
Text description of the illustration connecto.gif
| See Also:
Table 15-4 for a description of the fields and options |
The connection load balancing feature improves connection performance by balancing the number of active connections among multiple dispatchers. In an Oracle9i Real Application Clusters environment, connection load balancing also has the capability to balance the number of active connections among multiple instances.
Because the PMON process can register with remote listeners, a listener can always be aware of all instances and dispatchers, regardless of their location. Depending on the load information, a listener decides which instance and, if shared server is configured, which dispatcher to send the incoming client request to.
In a shared server configuration, a listener selects a dispatcher in the following order: 1) least loaded node, 2) least loaded instance, and 3) least loaded dispatcher for that instance. In a dedicated server configuration, a listener selects an instance in the following order: 1) least loaded node, and 2) least loaded instance.
If a database service has multiple instances on multiple nodes, the listener selects the least loaded instance on the least loaded node. If shared server is configured, then the least loaded dispatcher of the selected instance is chosen.
An Oracle9i Real Application Clusters environment requires that the dispatchers on each instance be cross registered with the other listeners on the other nodes. This is achieved by the use of the LISTENER attribute of the DISPATCHERS parameter.
See Also:
|
|
Note: For optimum connection load balancing results, the instances that belong to the same database service should be on equivalent hardware and software configurations. |
Figure 15-1 shows an Oracle9i Real Application Clusters shared server database with two instances, sales1 and sales2, of the same service, sales.us.acme.com. The instances sales1 and sales2 reside on computers sales1-server and sales2-server, respectively. sales1 has one dispatcher and sales2 has two dispatchers. Listeners named listener run on nodes 1 and 2, respectively. The listener attribute in the DISPATCHERS parameter has been configured to allow for service registration of information to both listeners.
The listeners_sales value in (LISTENER=listeners_sales) can be then resolved through a local tnsnames.ora file on the both servers as follows:
listeners_sales= (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=sales1-server)(PORT=1521))(ADDRESS=(PROTOCOL=tcp)(HOST=sales2-server)(PORT=1521)))
Based on the environment, the following actions occur. The numbered actions correspond to the arrows shown in Figure 15-2:
sales1 and sales2 register with both listeners. The listeners are updated on the load of the instances and dispatchers dynamically. The following load information is registered:
| sales1-server | sales2-server | |
|---|---|---|
|
1 Minute Node Load Average |
600 |
400 |
| sales1 | sales2 | |
|---|---|---|
|
Number of Connections to Instance |
200 |
300 |
| dispatcher1 | dispatcher2 | dispatcher 3 | |
|---|---|---|---|
|
Number of Connections to Dispatchers |
200 |
100 |
200 |
The load average on sales2-server (400) is less than the load average on sales1-server (600). This can happen if more processing is required on sales1-server. The number of connections to sales1 (200) is the same as that of its only dispatcher, dispatcher1. The number of connections on sales2 (300) is the sum of the connections on its two dispatchers, dispatcher2 (100) and dispatcher 3 (200). Therefore, sales2 has more connections than sales1. In this example, sales2-server is the least loaded node, sales2 is the least loaded instance, and dispatcher2 is the least loaded dispatcher.
A connect descriptor is configured to try each protocol address randomly until one succeeds:
sales.us.acme.com= (DESCRIPTION= (LOAD_BALANCE=on) (FAILOVER=on) (ADDRESS=(PROTOCOL=tcp)(HOST=sales1-server)(PORT=1521)) (ADDRESS=(PROTOCOL=tcp)(HOST=sales2-server)(PORT=1521)) (CONNECT_DATA=(SERVICE_NAME=sales.us.acme.com)))
The listener on sales1-server was randomly chosen to receive the client connect request.
The listener on sales1-server compares the load of the instances sales1 and sales2. The comparison takes into account the load on nodes sales1-server and sales2-server, respectively. Since sales2-server is less loaded than sales1-server, the listener selects sales2-server over sales1-server.
dispatcher2 and dispatcher3. Because dispatcher2 is less loaded than dispatcher3, the listener redirects the client connect request to dispatcher2.dispatcher2.
Figure 15-3 shows an Oracle9i Real Application Clusters dedicated server database with two instances, sales1 and sales2, of the same service, sales.us.acme.com. The instances sales1 and sales2 reside on computers sales1-server and sales2-server, respectively. Listeners named listener run on nodes 1 and 2, respectively. The REMOTE_LISTENER parameter has been configured to allow for service registration of information to both listeners.
The listener_sales2 value in (REMOTE_LISTENER=listener_sales2) can be then resolved through a local tnsnames.ora file on the sales1-server as follows:
listener_sales2=
(DESCRIPTION=
(ADDRESS=(PROTOCOL=tcp)(HOST=sales2-server)(PORT=1521)))
The listener_sales1 value in (REMOTE_LISTENER=listener_sales1) can be then resolved through a local tnsnames.ora file on the sales2-server as follows:
listener_sales1=
(DESCRIPTION=
(ADDRESS=(PROTOCOL=tcp)(HOST=sales1-server)(PORT=1521)))
Based on the environment, the following actions occur. The numbered actions correspond to the arrows shown in Figure 15-4:
sales1 and sales2 register with both listeners. The listeners are updated on the load of the instances dynamically. The following load information is registered:
| sales1-server | sales2-server | |
|---|---|---|
|
1 Minute Node Load Average |
450 |
200 |
| sales1 | sales2 | |
|---|---|---|
|
Number of Connections to Instance |
200 |
150 |
In this example, sales2-server is the least loaded node and sales2 is the least loaded instance.
A connect descriptor is configured to try each protocol address randomly until one succeeds:
sales.us.acme.com= (DESCRIPTION= (LOAD_BALANCE=on) (FAILOVER=on) (ADDRESS=(PROTOCOL=tcp)(HOST=sales1-server)(PORT=1521)) (ADDRESS=(PROTOCOL=tcp)(HOST=sales2-server)(PORT=1521)) (CONNECT_DATA=(SERVICE_NAME=sales.us.acme.com)))
The listener on sales1-server was randomly chosen to receive the client connect request.
The listener on sales1-server compares the load of the instances sales1 and sales2. The comparison takes into account the load on nodes sales1-server and sales2-server, respectively. Since sales2-server is less loaded than sales1-server, the listener selects sales2-server over sales1-server.
sales1-server redirects the client connect request to the listener on sales2-server.sale2-server. The listener starts a dedicated server process, and the dedicated server process inherits the connection request from the listener.
|
Note: Transparent Application Failover (TAF) is available with Oracle9i Enterprise Edition. |
TAF instructs Oracle Net to fail over a failed connection to a different listener. This enables the user to continue to work using the new connection as if the original connection had never failed.
TAF involves manual configuration of a net service name that includes the FAILOVER_MODE parameter included in the CONNECT_DATA section of the connect descriptor.
This sections covers the following topics:
TAF automatically restores some or all of the following elements associated with active database connections. Other elements, however, may need to be embedded in the application code to enable TAF to recover the connection.
TAF automatically reestablishes the connection using the same connect string or an alternate connect string that you specify when configuring failover.
TAF automatically logs a user in with the same user ID as was used prior to failure. If multiple users were using the connection, then TAF automatically logs them in as they attempt to process database commands. Unfortunately, TAF cannot automatically restore other session properties. These properties can, however, be restored by invoking a callback function.
If a command was completely executed upon connection failure, and it changed the state of the database, TAF does not resend the command. If TAF reconnects in response to a command that may have changed the database, TAF issues an error message to the application.
TAF allows applications that began fetching rows from a cursor before failover to continue fetching rows after failover. This is called "select" failover. It is accomplished by re-executing a SELECT statement using the same snapshot, discarding those rows already fetched and retrieving those rows that were not fetched initially. TAF verifies that the discarded rows are those that were returned initially, or it returns an error message
Any active transactions are rolled back at the time of failure because TAF cannot preserve active transactions after failover. The application instead receives an error message until a ROLLBACK is submitted.
Serverside program variables, such as PL/SQL package states, are lost during failures; TAF cannot recover them. They can be initialized by making a call from the failover callback.
TAF works with the following database configurations to effectively mask a database failure:
The FAILOVER_MODE parameter must be included in the CONNECT_DATA section of a connect descriptor. FAILOVER_MODE can contain the subparameters described in Table 15-6.
|
Note: Oracle Net Manager does not provide support for TAF parameters. These parameters must be manually added. |
| Important:
Do not set the |
Depending on the FAILOVER_MODE parameters, you can implement TAF in a number of ways. Oracle recommends the following methods:
Implement TAF with connect-time failover and client load balancing for multiple addresses. In the following example, Oracle Net connects randomly to one of the protocol addresses on sales1-server or sales2-server. If the instance fails after the connection, the TAF application fails over to the other node's listener, reserving any SELECT statements in progress.
sales.us.acme.com= (DESCRIPTION= (LOAD_BALANCE=on) (FAILOVER=on) (ADDRESS= (PROTOCOL=tcp) (HOST=sales1-server) (PORT=1521)) (ADDRESS= (PROTOCOL=tcp) (HOST=sales2-server) (PORT=1521)) (CONNECT_DATA= (SERVICE_NAME=sales.us.acme.com) (FAILOVER_MODE= (TYPE=select) (METHOD=basic))))
TAF also provides the ability to automatically retry connecting if the first connection attempt fails with the RETRIES and DELAY parameters. In the following example, Oracle Net tries to reconnect to the listener on sales1-server. If the failover connection fails, Oracle Net waits 15 seconds before trying to reconnect again. Oracle Net attempts to reconnect up to 20 times.
sales.us.acme.com= (DESCRIPTION= (ADDRESS= (PROTOCOL=tcp) (HOST=sales1-server) (PORT=1521)) (CONNECT_DATA= (SERVICE_NAME=sales.us.acme.com) (FAILOVER_MODE= (TYPE=select) (METHOD=basic) (RETRIES=20) (DELAY=15))))
A backup connection can be pre-established. The initial and backup connections must be explicitly specified. In the following example, clients that use net service name sales1.us.acme.com to connect to the listener on sales1-server are also preconnected to sales2-server. If sales1-server fails after the connection, Oracle Net fails over to sales2-server, preserving any SELECT statements in progress. Likewise, Oracle Net preconnects to sales1-server for those clients that use sales2.us.acme.com to connect to the listener on sales2-server.
sales1.us.acme.com= (DESCRIPTION= (ADDRESS= (PROTOCOL=tcp) (HOST=sales1-server) (PORT=1521)) (CONNECT_DATA= (SERVICE_NAME=sales.us.acme.com) (INSTANCE_NAME=sales1) (FAILOVER_MODE= (BACKUP=sales2.us.acme.com) (TYPE=select) (METHOD=preconnect)))) sales2.us.acme.com= (DESCRIPTION= (ADDRESS= (PROTOCOL=tcp) (HOST=sales2-server) (PORT=1521)) (CONNECT_DATA= (SERVICE_NAME=sales.us.acme.com) (INSTANCE_NAME=sales2) (FAILOVER_MODE= (BACKUP=sales1.us.acme.com) (TYPE=select) (METHOD=preconnect))))
You can query FAILOVER_TYPE, FAILOVER_METHOD, and FAILED_OVER columns in the V$SESSION view to verify that TAF is correctly configured.
Use the V$SESSION view to obtain information about the connected clients and their TAF status. For example, query the FAILOVER_TYPE, FAILOVER_METHOD, and FAILED_OVER columns to verify that you have correctly configured TAF as in the following SQL statement:
SELECT MACHINE, FAILOVER_TYPE, FAILOVER_METHOD, FAILED_OVER, COUNT(*) FROM V$SESSION GROUP BY MACHINE, FAILOVER_TYPE, FAILOVER_METHOD, FAILED_OVER;
The output before failover resembles the following:
MACHINE FAILOVER_TYPE FAILOVER_M FAI COUNT(*) -------------------- ------------- ---------- --- ---------- sales1 NONE NONE NO 11 sales2 SELECT PRECONNECT NO 1
The output after failover is:
MACHINE FAILOVER_TYPE FAILOVER_M FAI COUNT(*) -------------------- ------------- ---------- --- ---------- sales2 NONE NONE NO 10 sales2 SELECT PRECONNECT YES 1
See Also:
|
The INSTANCE_ROLE parameter is an optional parameter for the CONNECT_DATA section of a connect descriptor. It enables you to specify a connection to the primary or secondary instance of Oracle9i Real Application Clusters and Oracle9i Real Application Clusters Guard configurations.
This parameter is useful when:
INSTANCE_ROLE supports the following values:
primary -- Specifies a connection to the primary instance
secondary -- Specifies a connection to the secondary instance
any -- Specifies a connection to whichever instance has the lowest load, regardless of primary or secondary instance role
In the following example, net service name sales_primary enables connections to the primary instance, and net service name sales_secondary enables connections to the secondary instance.
sales_primary= (DESCRIPTION= (ADDRESS= (PROTOCOL=tcp) (HOST=sales1-server) (PORT=1521)) (ADDRESS= (PROTOCOL=tcp) (HOST=sales2-server) (PORT=1521)) (CONNECT_DATA= (SERVICE_NAME=sales.us.acme.com) (INSTANCE_ROLE=primary))) sales_secondary= (DESCRIPTION= (ADDRESS= (PROTOCOL=tcp) (HOST=sales1-server) (PORT=1521)) (ADDRESS= (PROTOCOL=tcp) (HOST=sales2-server) (PORT=1521)) (CONNECT_DATA= (SERVICE_NAME=sales.us.acme.com) (INSTANCE_ROLE=secondary)))
There are times when Oracle Enterprise Manager and other system management products need to connect to a specific instance regardless of its role to perform administrative tasks. For these types of connections, configure (INSTANCE_NAME=instance_name) and (INSTANCE_ROLE=any) to connect to the instance regardless of its role.
In the following example, net service name sales1 enables connections to the instance on sales1-server and sales2 enables connections to the instance on sales2-server. (SERVER=dedicated) is specified to force a dedicated server connection.
sales1= (DESCRIPTION= (ADDRESS= (PROTOCOL=tcp) (HOST=sales1-server) (PORT=1521)) (CONNECT_DATA= (SERVICE_NAME=sales.us.acme.com) (INSTANCE_ROLE=any) (INSTANCE_NAME=sales2) (SERVER=dedicated))) sales2= (DESCRIPTION= (ADDRESS= (PROTOCOL=tcp) (HOST=sales2-server) (PORT=1521)) (CONNECT_DATA= (SERVICE_NAME=sales.us.acme.com) (INSTANCE_ROLE=any) (INSTANCE_NAME=sales2) (SERVER=dedicated)))
If Transparent Application Failover (TAF) is configured, a backup connection can be pre-established to the secondary instance. The initial and backup connections must be explicitly specified. In the following example, Oracle Net connects to the listener on sales1-server and preconnects to sales2-server, the secondary instance. If sales1-server fails after the connection, the TAF application fails over to sales2-server, the secondary instance, preserving any SELECT statements in progress.
sales1.acme.com= (DESCRIPTION= (ADDRESS= (PROTOCOL=tcp) (HOST=sales1-server) (PORT=1521)) (CONNECT_DATA= (SERVICE_NAME=sales.us.acme.com) (INSTANCE_ROLE=primary) (FAILOVER_MODE= (BACKUP=sales2.acme.com) (TYPE=select) (METHOD=preconnect)))) sales2.acme.com= (DESCRIPTION= (ADDRESS= (PROTOCOL=tcp) (HOST=sales2-server) (PORT=1521)) (CONNECT_DATA= (SERVICE_NAME=sales.us.acme.com) (INSTANCE_ROLE=secondary)))
Before sending data across the network, Oracle Net buffers and encapsulates data into the SDU. Oracle Net sends the data stored in this buffer when the buffer is full, flushed, or when RDBMS tries to read data. When large amounts of data are being transmitted or when the message size is consistent, adjusting the size of the SDU buffers can improve performance, network utilization, or memory consumption.
The SDU size can range from 512 bytes to 32 KB. The default SDU for the client and the database is 2 KB.
Optimal SDU size depends on the maximum segment size (MSS) and message fragmentation. For TTC connections, configuring an SDU size larger than the 2 KB default requires configuring the SDU on both the client and server computers. When the configured values do not match, the lower of the two values will be used.
To minimize packet header overhead and message fragmentation, set the SDU size as a multiple of the MSS. When Oracle Advanced Security encryption is not used, increase the SDU size by one (1). For example, the TCP/IP version 4 MSS on Ethernet is 1460 bytes. Use a multiple of 1460 for the SDU size if encryption is used. If encryption is not used, increase the SDU size to 1461.
The packet header overhead and message fragmentation can be measured using a network sniffer or by analyzing Oracle Net trace files.
To configure the client, set the SDU size with the SDU parameter in a connect descriptor as follows:
net_service_name= (DESCRIPTION= (SDU=2920) (ADDRESS=...) (ADDRESS=...) (CONNECT_DATA= (SERVER_NAME=sales.us.acme.com)))
Database server configuration depends upon whether or not the database is configured to use shared server or dedicated server processes.
If using shared server processes, set the SDU size in the DISPATCHERS parameter as follows:
DISPATCHERS="(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp))(SDU=2920))"
Ensure that the SDU size matches the value configured for the client.
If using dedicated server processes for a database that is dynamically registered with the listener through service registration, then the SDU size cannot be set. Instead, the 2 KB default is used.
If using dedicated server processes for a database that is registered with the listener through static configuration in the listener.ora file, then set the SDU size in the SID_DESC section of the listener.ora file as follows:
SID_LIST_listener_name= (SID_LIST= (SID_DESC= (SDU=2920) (SID_NAME=sales)))
Ensure that the SDU size matches the value configured for the client.
The following topics describe how to configure connections to non-Oracle database services:
An external procedure is a procedure called from another program, but written in a different language. An example would be a PL/SQL program calling one or more C routines that are required to perform special-purpose processing.
You can configure the listener to listen for external procedure calls. When an application calls an external procedure, the listener starts an external procedure agent named extproc. Using the network connection established by the listener, the application passes the following information to the agent:
The agent then loads the DLL and runs the external procedure and passes back to the application any values returned by the external procedure.
The agent must reside on the same computer as the application making the external procedure call.
This section contains the following topics:
Oracle Net Configuration Assistant configures a listener to accept connections for both the database and external procedures during a database server installation. In addition, Oracle Net Configuration Assistant configures a net service name for the external procedures in tnsnames.ora file on the database server. The external procedure agent will only be able to load DLLS from $ORACLE_HOME/lib on UNIX operating systems and ORACLE_HOME\bin on Windows NT.
Figure 15-5 shows the default configuration in the listener.ora file.
LISTENER= (DESCRIPTION= (ADDRESS_LIST= (ADDRESS=(PROTOCOL=tcp)(HOST=sale-server)(PORT=1521)) (ADDRESS=(PROTOCOL=ipc)(KEY=extproc)))) SID_LIST_LISTENER= (SID_LIST= (SID_DESC= (GLOBAL_DBNAME=sales.us.acme.com) (ORACLE_HOME=/oracle9i) (SID_NAME=sales)) (SID_DESC= (SID_NAME=plsextproc) (ORACLE_HOME=/oracle9i) (PROGRAM=extproc)))
Figure 15-6 shows the default configuration in the tnsnames.ora file.
EXTPROC_CONNECTION_DATA= (DESCRIPTION= (ADDRESS=(PROTOCOL=ipc)(KEY=extproc)) (CONNECT_DATA= (SID=extproc)))
To achieve a higher level of security in a production environment, modify the default configuration by performing the following tasks:
The extproc agent spawned by the listener inherits the operating system privileges of the listener. Therefore, configure this listener to run with operating system privileges lower than those of the listener for the database.
extproc agent can load by listing them explicitly in the listener.ora file.The details of these tasks follow.
To modify the default configuration for a higher level of security:
For most installation types, this listener is named LISTENER.
A new Address tab appears.
extproc.
| See Also:
"Configuring Listening Protocol Addresses" for more information about configuring listener protocol addresses |
extproc in the listener.ora file, including the parameters described in Table 15-7.
To configure service information about extproc in the listener.ora file:
A new Service tab appears.
extproc in the Program Name field, the EXTPROC_DLLS environment variable in the Environment Variable field, a system identifier, such as extproc, in the SID field, and the Oracle home where the extproc executable resides in the Oracle Home Directory field.The listener.ora file updates with information for external procedures, as shown in the following output:
LISTENEREXTPROC= (DESCRIPTION= (ADDRESS= (PROTOCOL=ipc)(KEY=extproc))) SID_LIST_LISTENEREXTPROC= (SID_LIST= (SID_DESC= (PROGRAM=extproc) (ENVS="EXTPROC_DLLS=ONLY:/home/xyz/mylib.so:/home/abc/urlib.so,
LD_LIBRARY_PATH=/private/xpm/lib:/private/mylibs,
MYPATH=/usr/ucb:/usr/local/packages,APL_ENV_FILE=/apl/conf/env.txt") (SID_NAME=extproc) (ORACLE_HOME=/oracle9i)))
oracle user.
Ensure that this user account does not have general access to oracle-owned files. Specifically, this user should not have permission to read or write to database files or to the Oracle server address space. In addition, this user should have read access to the listener.ora file, but must not have write access to it.
Running the listener with lower privileges also prevents you from using Listener Control utility SET commands to alter the configuration of this listener in the listener.ora file. For this reason, Oracle Corporation recommends that you complete listener.ora file configuration prior to running the listener.
See Also:
|
Heterogeneous Services are an integrated component within the Oracle database server, and provides the generic technology for accessing non-Oracle systems from the Oracle database server. Heterogeneous Services enable you to:
While Heterogeneous Services provides the generic technology in the Oracle database server, a Heterogeneous Service agent is required to access a particular non-Oracle system.
To initiate a connection to the non-Oracle system, the Oracle database server starts an agent process through the listener on the gateway. For the Oracle database server to be able to connect to the agent, perform the following steps:
listener.ora file.
To configure the SID, ORACLE_HOME, and PROGRAM parameters:
A new Service tab appears.
The listener.ora file updates information about the Heterogeneous Services, as shown in the following:
SID_LIST_LISTENER= (SID_LIST= (SID_DESC= (SID_NAME=sybase_gtw) (ORACLE_HOME=/oracle9i) (PROGRAM=tg4sybs)))
HS=ok clause to make sure the connection uses Heterogeneous Services:
| See Also:
"Task 1: Configure Net Service Names" for net service name creation for local naming |
The Advanced Service Options dialog box appears.
The tnsnames.ora file updates with the new net service name configured for Heterogeneous Services, as shown in the following:
sybase_gtw= (DESCRIPTION= (ADDRESS=(PROTOCOL=tcp)(HOST=gate_server)(PORT=1521)) (CONNECT_DATA= (SERVICE_NAME=sybase_gtw) (HS=ok)))
Oracle Rdb is a database for Digital's 64-bit operating systems. Because Oracle Rdb has its own listener, the client interacts with Rdb in the same manner as it does with an Oracle database.
To initiate a connection to an Oracle Rdb, set up a net service name to connect to the Oracle Rdb database using the parameters described in Table 15-9.
To configure a client for an Oracle Rdb database, use Oracle Net Manager:
| See Also:
"Task 1: Configure Net Service Names" for net service name creation for local naming |
The Advanced Service Options dialog box appears.
Text description of the illustration oraclerd.gif
| See Also:
Table 15-9 for a description of the Oracle Rdb fields |
The tnsnames.ora file updates with the new net service name configured for the Oracle Rdb database, as shown in the following:
alpha5= (DESCRIPTION= (ADDRESS=...) (CONNECT_DATA= (SERVICE_NAME=generic) (RDB_DATABASE=[.mf]mf_personnel.rdb) (GLOBAL_NAME=alpha5)))
In the following example, TYPE_OF_SERVICE is used to load balance between an Oracle Rdb database service and an Oracle database service:
alpha5= (DESCRIPTION_LIST= (DESCRIPTION= (ADDRESS=...) (CONNECT_DATA= (SERVICE_NAME=generic) (RDB_DATABASE=[.mf]mf_personnel.rdb) (GLOBAL_NAME=alpha5))) (DESCRIPTION= (ADDRESS=...) (CONNECT_DATA= (SERVICE_NAME=sales.us.acme.com)) (TYPE_OF_SERVICE=oracle9_database))
Unauthorized access to the listener or database server can result in denial-of-service attacks, whereby an unauthorized client attempts to block authorized users' ability to access and use the system when needed. Malicious clients may attempt to flood the listener or database server with connect requests that have the sole purpose of consuming resources, such as connections, processes, or threads. To mitigate these types of attacks, configure limits that constrain the time in which resources can be held prior to authentication. Client attempts to exceed the configured limits will result in connection terminations and an audit trail containing the IP address of the client being logged.
To limit the resource consumption by unauthorized users and enable the audit trail, set time-limit values for the parameters described in Table 15-10. These parameters do not have default values.
| Parameter | Description |
|---|---|
|
|
Specify the time, in seconds, for the client to complete its connect request to the listener after the network connection had been established. If the listener does not receive the client request in the time specified, then it terminates the connection. In addition, the listener logs the IP address of the client and an See Also:
|
|
|
Specify the time, in seconds, for a client to connect with the database server and provide the necessary authentication information. If the client fails to establish a connection and complete authentication in the time specified, then the database server terminates the connection. In addition, the database server logs the IP address of the client and an See Also: "Resolving the Most Common Error Messages for Oracle Net Services" for a description of error message workarounds |
When specifying values for these parameters, consider the following recommendations:
INBOUND_CONNECT_TIMEOUT_listener_name parameter to a lower value than the SQLNET.INBOUND_CONNECT_TIMEOUT parameter.For example, you can set INBOUND_CONNECT_TIMEOUT_listener_name to 2 seconds and INBOUND_CONNECT_TIMEOUT parameter to 3 seconds. If clients are unable to complete connections within the specified time due to system or network delays that are normal for the particular environment, then increment the time as needed.
|
 Copyright © 2001, 2002 Oracle Corporation. All Rights Reserved. |
|