OEM GC and port security

  • From: "Herring Dave - dherri" <Dave.Herring@xxxxxxxxxx>
  • To: <oracle-l@xxxxxxxxxxxxx>
  • Date: Mon, 11 Dec 2006 11:05:19 -0600

Folks,

 

I'm trying to setup OEM GC 10g (R2) on a 32-bit server running RHEL 4.
What I'm struggling with is configuring security as it relates to the
various ports GC uses.  According to .../oms10g/install/portlist.ini,
the following ports will be used:

 

Oracle HTTP Server port =  7779

Oracle HTTP Server Listen port = 7780

Oracle HTTP Server SSL port = 8250

Oracle HTTP Server Listen (SSL) port = 4444

Oracle Notification Server Request port = 6003

Oracle Notification Server Local port = 6101

Oracle Notification Server Remote port = 6200

ASG port = 7890

Oracle HTTP Server Diagnostic port = 7200

Application Server Control RMI port = 1850

Log Loader port = 44000

Java Object Cache port = 7000

DCM Discovery port = 7100

Oracle Management Agent Port = 1157

Application Server Control port = 1156

Web Cache HTTP Listen port = 7779

Web Cache HTTP Listen (SSL) port = 8250

Web Cache Administration port = 9400

Web Cache Invalidation port = 9401

Web Cache Statistics port = 9402

Enterprise Manager Central Console Port = 4889

Enterprise Manager Central Console Secure Port = 1159

 

By default all ports are closed on our servers and I have to open a
security request per port, listing IPs that will access the port and the
direction of communication, as in IP xxx can initiate a conversation
with port y and/or port y can initiate a conversation with IP xxx.

 

The above list of ports is helpful, but I'd appreciate if someone could
help out with defining the rules for each of the given ports.  

 

For example:

(1)  port 1157.  If the repository is running on SERVERA and there are
2+ databases on SERVERA, does port 1157 need to be opened to communicate
both directions with SERVERA?  Seems odd, but then again this detailed
level of security is new to me.

(2)  If I'm to discover other servers (and Oracle services on them), do
agents on SERVERA and these other servers need to be opened to
communicate in both directions to/from SERVERA?

(3)  Is any access necessary to/from my PCs IP or IP subnet?  I could
always run FireFox on the server itself to get a web interface going for
the console if I had to.

 

Thanks in advance for any help on this.

 

Dave

-------------------------------------

Dave Herring, DBA

Acxiom Corporation

3333 Finley

Downers Grove, IL 60515

wk: 630.944.4762

<mailto:dherri@xxxxxxxxxx <mailto:dherri@xxxxxxxxxx> >

-------------------------------------

 

"When I come home from work and see those little noses pressed against
the windowpane, then I know I am a success" - Paul Faulkner

 

***************************************************************************
The information contained in this communication is confidential, is
intended only for the use of the recipient named above, and may be legally
privileged.

If the reader of this message is not the intended recipient, you are
hereby notified that any dissemination, distribution or copying of this
communication is strictly prohibited.

If you have received this communication in error, please resend this
communication to the sender and delete the original message or any copy
of it from your computer system.

Thank You.
****************************************************************************

Other related posts: