Oracle Audit Vault and Database Firewall Bridge configuration - Audit Vault and Database Firewall

Hi, I would like to understand how do we configure the Bridge IP so that all the traffic to the databases goes through the firewall.What are the things that has to be done from a network perspective and what are the things that the DBA has to provide to the network team to achieve this? Please help me in this regard. regardsDBA22

Related

ICS and Databases behind VPN

Hello We do have a database that resides between a firewall and we have the ICS cloud service. The question is when we do setup the agent and configure the connection how to we handle the VPN aspect of this? Do we need to do that while configuring the agent itself or do we need to make the DB Agent itself be available externally?
By using a connection agent, the DB need only be visible to the connection agent.  The VPN or proxying to allow the agent to connect to ICS server needs to be handled by the agent setup Is the VPN exposed to Oracle Public Cloud?
Hello Thanks for the quick response. OK so the VPN will have to be handled in the agent setup. Not sure I fully understand the question about it being exposed to the public cloud. I am not the infra expert here so do forgive me if the question sound stupid.  Normally we would connect to our VPN to access the DB. How with ICS be handled. Will I need a fixed user and passcode or somehow have the VPN recognize the Public Cloud so that it allows it to be bypassed?    

Integrating Oracle Cloud DB and On-Prem with trial

Hi all, I'm evaluating Oracle ICS but I've hit a limitation. I'd like to integrate a database hosted on Oracle Cloud with one on-prem using the Oracle Database Adapter.  The trial limits one to only one connection agent which I've used on-prem, however I've learned (https://docs.oracle.com/cloud/latest/intcs_gs/ICSSB/GUID-4E02E9C6-4156-4BDF-8B72-049F07B07AD8.htm#ICSSB-GUID-4E02E9C6-41… the only way that we can connect to our Oracle Cloud DB using ICS is through another connection agent (I suppose using Cloud Compute)? I've been in contact with Oracle support to request an additional connection agent, but they've advised this isn't possible, so I am looking for a workaround. Does anyone have any ideas? I suppose I could create a security rule in Oracle Cloud to open port 1521 to the world, which seems really insecure. If I knew the IP ranges that Oracle ICS would connect from, that would help. I am a bit surprised by the connection agent limitation- I would have thought this would be a scenario tested often during evaluation. Thanks!
After further research it appears the only way to use the Database Adapter is through an agent-- even opening the port would not work. With one agent, this means that unless it's another public cloud SAAS application, the ICS trial does not really allow integration of two systems unless they're within the same firewall. Please let me know if my understanding is incorrect.

How Storage, connectivity , network and security defined on compute cloud

Hi Team, i have certain queries related to compute cloud and how it secured and also other things are defined.1) How much storage are available for any set , how does it is available to client.  is it comes with licencing.2) How to connect the compute cloud from client premises, are there any VPN or other third party tool for connecting it..3) How cloud is secures as it comes with public and private IP. also what security policies are defined to make it more protective.4) How network flows are defined in cloud. If suppose migration needs to be done from client network to Compute cloud how best way it can be transferred over the network. Please let us know the above query  as i need to know how compute cloud is different and we can suggest/recommend other client to use it...Many thanks in advance. regards,
Hi, > 1) How much storage are available for any set , how does it is available to client. Maximum of 2 TB per volume, maximum of 9 volumes per compute instance (VM) -> 18 TB block storage. > is it comes with licencing. Price is per terabyte. > 2) How to connect the compute cloud from client premises, are there any VPN or other third party tool for connecting it.. Three choices: 1) Install a VM with your own client, e.g. Freeswan / openvpn.2) Install a VM with Oracle's provided solution, Corente Client in the cloud, and another instance on-premise in your datacenter. Comes with a management server, so might be a bit oversized for most standard installations, but does its job.3) Direct connection to an Oracle datacenter with traffic isolation and QoS, available in 1 Gbit/s and 10 Gbit/s variants. Google for Oracle FastConnect to find details. 3) How cloud is secures as it comes with public and private IP. also what security policies are defined to make it more protective. If you ask about IaaS services (VMs), you can configure a packet filter with typical rulesets on your own. You can freely define your own IP ranges for securing networks and hybrid cloud setups. The latter feels still a bit beta though. 4) How network flows are defined in cloud. If suppose migration needs to be done from client network to Compute cloud how best way it can be transferred over the network. Via a standard VPN connection, for example. Nothing unusual here.If required, you can define multi-hop routes within the Compute client for individual subnets you define. Hope that helps,  Ralf
Thanks Ralf. Appreciate your help.
Hi Ralf, Could you explore how One Click provisioning Console connect to Existing database server. Anything needs to be done on One Click provisioning console/ server to connect it, Like hostname of DB server , 32 db client on it. I have created database server on Linux 7.3 and installed Oracle database 12C SE2 with Pluggable database "JDEORCL". I am able to connect this newly created Db from putty as well as from SQL developer. but while while creating plan on One click provisioning console in Orchestration steps where existing database is getting validated , its not getting validated. Error appearing on screenprint "Invalid Password". Am i doing anything woring Like for Db server Linux should be 6.X not 7.X.. please hlep me to understand how console is establishing connection with DB server. Note: I dont have DBCS cloud liscnece hence DB installed manually on Linux image OCsys. 7.3. Thanks i advance.
Nope, sorry. I am not an Oracle employee. Please contact Oracle support.
For the questions related to JD Edwards, you may have better answers in the dedicated MOS group: JDEdwards EnterpriseOne (MOSC)(you should have the support contract and have registered CSI to be able to access MOS groups) Regards

Oracle Audit Vault and Database Firewall

Hi All,I understand that by design the OAVDF resilient pairs doesn't support DPE mode. Is there any other operational way of achieving this.The reason we look for this is to configure high availability. In case if a secured target is placed in DPE(Proxy) mode and if the primary firewall goes down, Will the Secondary firewall just do only the monitoring activity for this secured target?Is there any way(by shell scripts/network settings) to achieve high availability for DPE(Proxy) mode?If the DB firewalls are placed as resilient pair, can we have DPE mode enabled for any enforcement point (say I don't need high availability for DPE mode) and in case of failover it automatically does the monitoring alone without blocking?Version: OAVDF 12.1Your help is much appreciated. Thanks.regards,Prem

how to audit dba activities done by taking local connection?

Hi,    I am in planning for oracle dba activities auditing. Using database firewall and port spanning, we are monitoring the network traffic. IF any privileged user connects to the database server and login to the database, how to monitor such activities without enabling auditing in the database. Enabling auditing in production server will have performance impact. RegardsSridhar
It is not possible to audit local connections using Database Firewall. The only way is to enable native auditing. Regards, Iain Barr
Hi, in a huge production system, where thousands of users are logging and working, after enabling auditing severe performance impact is there. Is there any other tool or technique available apart from oracle products in the market to overcome this issue?

Categories

Resources