Re: Keeping a DB from Phoning Home...
- From: Mark Bobak <Mark.Bobak@xxxxxxxxxxxx>
- To: "dmann99@xxxxxxxxx" <dmann99@xxxxxxxxx>, "oracle-l@xxxxxxxxxxxxx" <oracle-l@xxxxxxxxxxxxx>
- Date: Thu, 12 Sep 2013 16:09:29 +0000
Hi Dave,
I'm not sure how much flexibility you have, but, if the goal is to allow
communication w/ the app server, but be 100% sure that there is no way for
the db to talk to anything else, then just put the app servers and the db
server in the same LAN, and use IP addresses from the private,
non-routable blocks, such as 10.0.0.0/24 or 192.168.0.0/16. The db and app
servers will be able to talk to each other, but there's no chance that
they will be able to get to any other systems, or that any other systems
would be able to talk to them.
If you're not sure how to do that, you may want to have a chat with your
network engineering group. It should be pretty trivial to set up.
Hope that helps,
-Mark
On 9/12/13 11:07 AM, "David Mann" <dmann99@xxxxxxxxx> wrote:
>I am helping a sysadmin archive a regulated system that is slated for
>retirement. Long story short is we have it up and running on a HP-UX
>emulator but have the network interfaces turned off. We also have some app
>servers that will be archived parallel to the server the DB is running on.
>The goal is to be able to turn on the network interfaces so we can access
>the DB with the app servers for some validation activities before the
>final
>archival... but we don't know the condition of the database, it is a total
>black box to us. We want to make sure it does not try to access any
>network
>resources like DB Links, sockets opened with Java, etc. as we are not sure
>what other internal systems it was communicating with when it was turned
>off.
>
>The sysadmin currently has the DB running and all network interfaces
>turned
>off. I was thinking of starting the DB and using NetStat or whatever the
>HP-UX equivalent was but with interfaces turned off I don't think we would
>be able to observe any outgoing port activity.
>
>So I get access to SQL*Plus on the console later this week. My plan so far
>is to check the following things before turning on the network interfaces
>and starting up the DB:
>
>1) Set OPEN_LINKS to 0 to prevent attempts to open DB links.
>
>2) Set JOB_QUEUES_PROCESSES to 0 - I don't have evidence that any jobs
>will
>cause something to initiate network access but want to cover the bases.
>
>3) Check DBA_JAVA_POLICY for any Network/Socket related policies and
>investigate further if I find any.
>
>4) ??? :)
>
>After that I'm stumped. If you had a 9i DB that was a black box to you and
>were trying to ensure it was not going to try to initiate any outgoing
>activity when you started it up what would you do?
>
>-Dave
>
>--
>Dave Mann
>General Geekery | www.brainio.us
>Database Geekery | www.ba6.us | @ba6dotus | http://www.ba6.us/rss.xml
>
>
>--
>//www.freelists.org/webpage/oracle-l
>
>
>
>
--
//www.freelists.org/webpage/oracle-l
Other related posts:
