If Grid Infrastructure 12.x, you can add additional network, vips,
listener, and then set the local_listener and remote_listener parameters,
and then you could restrict access to IP over VPN? It might not be worth
the trouble but that is another possibility.
On Fri, May 27, 2016 at 9:27 AM, Andy Wattenhofer <watt0012@xxxxxxx> wrote:
Have you looked at Oracle Connection Manager?
Andy
On Fri, May 27, 2016 at 7:30 AM, David Mann <dmann99@xxxxxxxxx> wrote:
I have a customer that is requesting to add IP addresses of all nodes in
a cluster to their VPN so they can access a subset of databases on the
cluster.
If they were the only organization that had databases on that cluster I
wouldn't have an issue - but there are other databases on there that have
nothing to do with their workflow.
In the past I would usually work to get them on their own isolated
machine or cluster so the VPN endpoints could be added to their b2b VPN and
they would only have access to systems which only housed their data. I
don't have that option in this case.
I was thinking about setting up a listener for them on another port which
was only configured for their subset of databases... And block access to
the general scan listener already set up on the cluster. Would this afford
any protection to attempts to connect to other databases on the cluster? Or
better to approach this from a firewall configuration standpoint?
--
Dave Mann
General Geekery | www.brainio.us
Database Geekery | www.ba6.us | @ba6dotus | http://www.ba6.us/rss.xml
--
Andy
