Thursday, February 8, 2024

Oracle Zero Data Loss Recovery Appliance Cyber Security Architecture

 Separation of Duty

Ensuring that backup data is validated is key to being prepared for a future recovery, which means that all data, including TDE databases, must be validated for recoverability at each step of the workflow into the Cyber Vault.



Multi-layer anomaly detection in the architecture ensures that data is valid at all points in the Oracle ecosystem. Each zone indicated above will perform independent checks to prevent invalid or compromised data from entering or exiting the zone and ultimately the Cyber Vault.
  • Zone 1
    • RMAN will do consistency checks at the database to ensure the backup data is valid before being sent to the Recovery Appliance in the production data center
  • Zone 2
    • The Recovery Appliance in the production data center performs checks to ensure that the data is valid and complete.
    • Data is validated when the RMAN database backup arrives on the Recovery Appliance in the production data center. 
    • Data replicated from the Recovery Appliance in the production data center is validated again before being sent to the Recovery Appliance in the Cyber Vault. 
    • Regular automated validation is scheduled within the Recovery Appliance in the production data center to ensure ongoing validity as the data ages.
  • Zone 3
    • The Recovery Appliance in the Cyber Vault performs checks to ensure that the data is valid and complete
    • Data is validated upon arrival into the Recovery Appliance in the Vault from the Recovery Appliance in the production data center.

Friday, January 26, 2024

Connecting CMAN - Traffic Director Mode to an Oracle Database

Oracle Connection Manager (CMAN) serves as a proxy for database connections within Oracle deployments. It facilitates the transmission of client requests to the Oracle Database and seamlessly transmits the database responses back to the client, whether it be an application, middle-tier, or other components. CMAN operates as a versatile networking solution, providing features such as TLS security, protocol switching/routing, and session multiplexing to enhance the accessibility of both local and remote Oracle databases.

Traffic Director Mode (TDM) is an intelligent layer introduced in Oracle Client 18c and beyond, designed to enhance CMAN. TDM introduces additional dimensions to the system, including transparent High Availability (HA) with outage support, advanced security features for cloud environments (protection against DoS and fuzzing attacks, tenant isolation, etc.), and capabilities for optimizing performance.

In summary, CMAN-TDM allows any client application to establish a connection with an Oracle database, whether it's on-premises or in the cloud, without revealing the underlying database details to the client. An important aspect worth highlighting is the interoperability of CMAN-TDM with various versions of Oracle databases.



Tuesday, January 23, 2024

COLOCATION_TAG of Client Connections

The COLOCATION_TAG parameter is an alphanumeric string that you can use with the CONNECT_DATA parameter of the TNS connect string.

When you set the colocation_tag within the CONNECT_DATA parameter, load balancing is ignored.

Friday, January 12, 2024

Where is my TNSNAMES.ORA from Oracle database 21c

Oracle has started from Oracle version 18c to use Oracle read-only software trees. See my blog Configuring Read Only OracleHome - 18c 

From Oracle version 21c there are no distinctions between software trees in read-only and read-write modes. As of now, the default configuration is set to utilize the read-only mode introduced in Oracle 18c.

When installing a CDB through DBCA on Oracle Database 21c, you will observe the presence of TNSNAMES.ORA

The question then arises: where is it located?

Wednesday, October 5, 2022

Managing Oracle Database 19c Users in Active Directory (Part 2 - CMU)

 To integrate with Active Directory we are going to use two database features 

  • Kerberos authentication (Part 1),
  • Centrally Managed Users (Part 2) 
    • (note: Centrally Managed Users is an Enterprise Edition feature).
Centrally Managed Users (Part 2) 


Managing Oracle Database 19c Users in Active Directory (Part 1 - Kerberos)

To integrate with Active Directory we are going to use two database features 

  • Kerberos authentication (Part 1),
  • Centrally Managed Users (Part 2) 
    • (note: Centrally Managed Users is an Enterprise Edition feature)
Kerberos authentication (Part 1)


Tuesday, September 20, 2022

FORWARD_LISTENER : the offsite listener forwards the connection to the new Oracle listener

 The parameter FORWARD_LISTENER is useful when it is difficult to change an existing client connect string, for example, after an offsite database has been moved into the Oracle Cloud. With the FORWARD_LISTENER parameter, clients can continue to connect to their offsite listener, and the offsite listener forwards the connection to the Oracle Cloud listener. 

Once a forward listener has been configured through the FORWARD_LISTENER parameter, the LOCAL_LISTENER parameter can be cleared by setting its value to "-oracle-none-" so that all the connections coming to an existing set of remote listeners configured through the REMOTE_LISTENER parameter are forwarded only to listeners configured through FORWARD_LISTENER.

The FORWARD_LISTENER parameter can also be specified in the LISTENER_NETWORKS parameter.

Lets play and test it, information of the environment