THE WORLD DISCUSSES #PYTHIAN ON TWITTER. HAVE A QUESTION? USE OUR HASHTAG AND ASK AWAY.

How to Access Oracle GridControl 10.2 Agents via HTTPS/Port 443

Posted by Grégory Guillou on Dec 6, 2007

I’m a Linux fan, and when it comes to specific problems, I’m afraid not all operating systems are equally armed. Enabling a specific user to listen on a port below 1024 is one of these problems that was solved for years with various approaches:

  • The Windows approach: we just don’t care!
  • The Solaris 10 approach: we have an advanced privilege (net_privaddr)
  • The Linux approach*: you’ll find a way to make it work anyway (man setuid)

So you may think, obviously you can access the GridControl 10.2 agent on Linux with HTTPS only, on port 443! And obviously you can — but:

  1. The agent cannot listen on port 443 on Linux because it uses the OC4J HTTP listener and cannot run under port 1024. I didn’t try to install the agent as root and you may know something I don’t.
  2. You cannot, with 10.2, set up an HTTP front-end, like Apache, for your agent. That’s because the agent sends its listening port to the Oracle Management Server (OMS) so that the OMS can interact with it.
  3. Here is a section of EM 10.2.0.4 documentation, you may want to consider: “The final step in that configuration process is to restrict uploads from the Management Agents to secure channels only. Before completing that step, configure your firewalls to allow both HTTP and HTTPS traffic between the Management Agent and Management Repository and test to be sure that you can log in to Enterprise Manager . . . ”
  4. There is another interesting section of the documentation. It explains that the OMS directly accesses the target database with the Oracle*Net Protocol.

Regarding the last point, you can open the firewall to Oracle*Net traffic or have a look at Connection Manager (CMAN) to create a kind of Oracle*Net DMZ access to your databases. I’m wondering if SSH tunnels are reliable enough to handle this? I wouldn’t use it.

I know I least one other way, but I need to keep some material for future posts.

Part 1: How to Make the OMS to Agent Traffic via port 443

Can you use only port 443 between the OMS and the agent on Linux? The answer is obviously yes, and here is at least one approach: port address translation. Read the rest of this entry . . .

3 Comments »

Oracle Enterprise Manager 10.2.0.4 is Available for Linux and Windows 32 bit

Posted by Alex Gorbachev on Oct 31, 2007

I’ve got notification of new download on OTN. Here is the link to OEM download page with 10.2.0.4 is for Linux x86 and Windows x86. Other platforms should be available upon release on the same page. I think I also saw it on in my Google Reader mentioned but today I couldn’t find it.

We are rolling it out for one Oracle Agent installation with one of our clients today – let’s see how it works.

2 Comments »

Start NowWith Pythian - database design, management and emergency handling capabilities...

Papers & Books

MySQL Administrator's Bible by Sheeri K. Cabral

Oracle RAC Workload Management whitepaper by Alex Gorbachev

8 Rules for Designing More Secure Applications with MySQL by Augusto Bott and Nick Westerlund

Live Updates

pythian: RT @FN_Press2: Schooner Information Technology Teams with Pythian to Deliver Advanced Support and High... http://finanznachrichten.de/20
more



Testimonials

  • Serge Racine

    DBA, Brookfield Energy

    We are very satisfied by the service given to us by Andre and Shakir in support of our recent data quality and reorganization initiative.... more



Social links powered by Ecreative Internet Marketing