Er, that should be "10.0.0.0/8". On 9/12/13 12:09 PM, "Bobak, Mark" <Mark.Bobak@xxxxxxxxxxxx> wrote: >Hi Dave, > >I'm not sure how much flexibility you have, but, if the goal is to allow >communication w/ the app server, but be 100% sure that there is no way for >the db to talk to anything else, then just put the app servers and the db >server in the same LAN, and use IP addresses from the private, >non-routable blocks, such as 10.0.0.0/24 or 192.168.0.0/16. The db and app >servers will be able to talk to each other, but there's no chance that >they will be able to get to any other systems, or that any other systems >would be able to talk to them. > >If you're not sure how to do that, you may want to have a chat with your >network engineering group. It should be pretty trivial to set up. > >Hope that helps, > >-Mark > >On 9/12/13 11:07 AM, "David Mann" <dmann99@xxxxxxxxx> wrote: > >>I am helping a sysadmin archive a regulated system that is slated for >>retirement. Long story short is we have it up and running on a HP-UX >>emulator but have the network interfaces turned off. We also have some >>app >>servers that will be archived parallel to the server the DB is running >>on. >>The goal is to be able to turn on the network interfaces so we can access >>the DB with the app servers for some validation activities before the >>final >>archival... but we don't know the condition of the database, it is a >>total >>black box to us. We want to make sure it does not try to access any >>network >>resources like DB Links, sockets opened with Java, etc. as we are not >>sure >>what other internal systems it was communicating with when it was turned >>off. >> >>The sysadmin currently has the DB running and all network interfaces >>turned >>off. I was thinking of starting the DB and using NetStat or whatever the >>HP-UX equivalent was but with interfaces turned off I don't think we >>would >>be able to observe any outgoing port activity. >> >>So I get access to SQL*Plus on the console later this week. My plan so >>far >>is to check the following things before turning on the network interfaces >>and starting up the DB: >> >>1) Set OPEN_LINKS to 0 to prevent attempts to open DB links. >> >>2) Set JOB_QUEUES_PROCESSES to 0 - I don't have evidence that any jobs >>will >>cause something to initiate network access but want to cover the bases. >> >>3) Check DBA_JAVA_POLICY for any Network/Socket related policies and >>investigate further if I find any. >> >>4) ??? :) >> >>After that I'm stumped. If you had a 9i DB that was a black box to you >>and >>were trying to ensure it was not going to try to initiate any outgoing >>activity when you started it up what would you do? >> >>-Dave >> >>-- >>Dave Mann >>General Geekery | www.brainio.us >>Database Geekery | www.ba6.us | @ba6dotus | http://www.ba6.us/rss.xml >> >> >>-- >>//www.freelists.org/webpage/oracle-l >> >> >> >> > -- //www.freelists.org/webpage/oracle-l