RE: OEM GC and port security
- From: "Herring Dave - dherri" <Dave.Herring@xxxxxxxxxx>
- To: <oracle-l@xxxxxxxxxxxxx>
- Date: Mon, 11 Dec 2006 11:10:27 -0600
Folks,
(retry in plain text)
I'm trying to setup OEM GC 10g (R2) on a 32-bit server running RHEL 4. What
I'm struggling with is configuring security as it relates to the various ports
GC uses. According to .../oms10g/install/portlist.ini, the following ports
will be used:
Oracle HTTP Server port = 7779
Oracle HTTP Server Listen port = 7780
Oracle HTTP Server SSL port = 8250
Oracle HTTP Server Listen (SSL) port = 4444
Oracle Notification Server Request port = 6003
Oracle Notification Server Local port = 6101
Oracle Notification Server Remote port = 6200
ASG port = 7890
Oracle HTTP Server Diagnostic port = 7200
Application Server Control RMI port = 1850
Log Loader port = 44000
Java Object Cache port = 7000
DCM Discovery port = 7100
Oracle Management Agent Port = 1157
Application Server Control port = 1156
Web Cache HTTP Listen port = 7779
Web Cache HTTP Listen (SSL) port = 8250
Web Cache Administration port = 9400
Web Cache Invalidation port = 9401
Web Cache Statistics port = 9402
Enterprise Manager Central Console Port = 4889
Enterprise Manager Central Console Secure Port = 1159
By default all ports are closed on our servers and I have to open a security
request per port, listing IPs that will access the port and the direction of
communication, as in IP xxx can initiate a conversation with port y and/or port
y can initiate a conversation with IP xxx.
The above list of ports is helpful, but I'd appreciate if someone could help
out with defining the rules for each of the given ports.
For example:
(1) port 1157. If the repository is running on SERVERA and there are
2+ databases on SERVERA, does port 1157 need to be opened to communicate both
directions with SERVERA? Seems odd, but then again this detailed level of
security is new to me.
(2) If I'm to discover other servers (and Oracle services on them), do
agents on SERVERA and these other servers need to be opened to communicate in
both directions to/from SERVERA?
(3) Is any access necessary to/from my PCs IP or IP subnet? I could
always run FireFox on the server itself to get a web interface going for the
console if I had to.
Thanks in advance for any help on this.
Dave
-------------------------------------
Dave Herring, DBA
Acxiom Corporation
3333 Finley
Downers Grove, IL 60515
wk: 630.944.4762
<mailto:dherri@xxxxxxxxxx>
-------------------------------------
"When I come home from work and see those little noses pressed against the
windowpane, then I know I am a success" - Paul Faulkner
*************************************************************************
The information contained in this communication is confidential, is
intended only for the use of the recipient named above, and may be
legally privileged.
If the reader of this message is not the intended recipient, you are
hereby notified that any dissemination, distribution or copying of this
communication is strictly prohibited.
If you have received this communication in error, please resend this
communication to the sender and delete the original message or any copy
of it from your computer system.
Thank you.
*************************************************************************
--
//www.freelists.org/webpage/oracle-l
Other related posts:
