We can discuss this further coming wednesday if you want
regards,
Philippe Fierens
On 15 Nov 2015, at 21:19, Pondichy Sébastien <pondichys@xxxxxxxxxxxxxxx>
wrote:
Hello Philippe,
Thanks for your feedback.
Well this is a good question that we also asked.
The architects really want the servers to be physically connected through
both networks because they want to use different switches too (not from
beginning but it is planned for the future).
Hope this clears things up.
Seb
From: exabelux-bounce@xxxxxxxxxxxxx [mailto:exabelux-bounce@xxxxxxxxxxxxx] On
Behalf Of Philippe Fierens
Sent: dimanche 15 novembre 2015 16:54
To: exabelux@xxxxxxxxxxxxx
Subject: [exabelux] Re: Question about VLANs and EXADATA
Sebastien,
Is it just the db that needs to “listen” on another network or do the
machines need to be separated on other network as well ?
Philippe Fierens
philippe@xxxxxxxxxxxxxxxxxxxx <mailto:philippe@xxxxxxxxxxxxxxxxxxxx>
On 13 Nov 2015, at 11:40, Pondichy Sébastien <pondichys@xxxxxxxxxxxxxxx
<mailto:pondichys@xxxxxxxxxxxxxxx>> wrote:
Hi everyone,
I’m posting on this list to get some wisdom from you about network
segregation and EXADATA.
First let me give you the context
We are running 2 EXADATA boxes on different sites.
Box A is for production/ACC DBs
Box B is for DEV/TEST + DRP DBs (Production DBs are protected via Data Guard)
We do not use RAC or RAC On node due to financial constraints and no real
need for scalability or super-HA J
Our EXADATA boxes are hosting DBs for different environments (named standard
and industrial – related to the business processes that use them).
Now our architects want to segregate the standard and industrial networks.
On EXADATA we will thus need to handle 2 different networks that cannot be
routed (strict denial on this from security / architect team)
We are only using the copper 1/10 GB NICs for the client access.
I know we can activate and configure the 10 GB fiber NICs to get a physical
access to the second network but if I understood correctly, we would not be
able to use another batch of SCAN ips on this network. So we would need to
configure new VIPs on DB nodes and make the local listeners listen on these /
create new listeners maybe but it won’t be as resilient as SCAN ips
I’m not very comfortable with this kind of requirements and of course, we do
not want to buy additional EXA boxes J
Do you guys have any feedback, ideas on how to get things working in a
segregated network environment ?
Thanks for your valuable inputs,
Sébastien Pondichy
Database Operations Manager
STIB-MIVB
<image001.png>
<image004.png>Sébastien Pondichy
Database Operations Manager
Information Systems – Service Delivery
Transport Systems
STIB-MIVB - rue Royale 76 Koningsstraat - Bruxelles 1000 Brussel
Tel: +32 2 515 37 28 - GSM: +32 499 866 658
E-mail: pondichys@xxxxxxxxxxxxxxx <mailto:pondichys@xxxxxxxxxxxxxxx> - Web:
www.stib.be <http://www.stib.be/> - www.mivb.be <http://www.mivb.be/>
<image003.png>
