It is completely depending on the type of application and network configuration you have in your environment, Node validation can be a powerful tool to restrict most traffic from the Listener. Currently I am supporting web applications database and I found that only web application require access to the Listener from the application servers and a limited number of clients for administration. The simplest method to determine valid IP addresses for checking nodes is through database auditing.
As I read in some notes, it is always recommended that we always have session level auditing enabled.
In Oracle 9i/10g Database the valid node checking lines are added to the $ORACLE_HOME/network/admin/sqlnet.ora file.
tcp.validnode_checking = yes
tcp.invited_nodes = (x.x.x.x | name, x.x.x.x | name)
tcp.excluded_nodes=( x.x.x.x | name, x.x.x.x | name)
Any one option can be included i.e. either the invited_nodes or excluded_nodes and not both. Only individual IP addresses or host names are allowed.
For more details I would request you to read Oracle Connection Manager reference material at Oracle Docs.
Thanks,
Bhavik
No comments:
Post a Comment