| Oracle® Database Net Services Administrator's Guide 10g Release 1 (10.1)< /strong> Part Number B10775-01 |
|
|
View PDF |
| Oracle® Database Net Services Administrator's Guide 10g Release 1 (10.1)< /strong> Part Number B10775-01 |
|
|
View PDF |
This chapter describes how to configure Oracle Connection Manager features.
This chapt er contains these topics:
Migrating cman.ora from Oracle9i to O racle Database 10g
|
Note: Oracle Connection Manager is available for installation with Oracle Database 10gEnterprise Edition. |
|
See Also:
|
Oracle Connection Manager is a proxy server , an intermediate server that forwards connection requests to database servers or to other proxy servers. It has two primary func tions:
Session multiplexing
Access control
With session mu ltiplexing, you can quickly enable Oracle Connection Manager to funnel multiple client sessions through a network connection to a shared server destination.
With access control, you can use rule-based confi guration to filter out certain client requests and accept others.
To configure Oracle Connection Manager:
Configure
the cman.ora file on the Oracle Connection Manager computer. This file specifies the listening endpoint for the server,
access control rules, and Oracle Connection Manager performance parameters.
Configure clients with the protocol addr esses of the Oracle Connection Manager listener.
Optionally Configure the database server for session multiplexing.< /p>
This section contains these topics:
|
Note: Oracle Net Manager does not supp ort configuration of thecman.ora file, so changes must be made manually. |
To configure the Oracle Connection Manager computer, you can define three types of parameters in the
Listening endpoint (ADDRESS)
Access
control rule list (RULE_LIST)
Parameter list (PARAMETER_LIST)
The cman.ora file is located in the $ORACLE_HOME/network/admin di
rectory on UNIX and in the ORACLE_HOME\network\admin directory on Windows. Fig
ure 11-0 shows an example cman.ora file file that contains a configuration entry for an Oracle Connection Manager ca
lled CMAN1.
Example 11-1 Example cman.ora File
CMAN1=
(CO
NFIGURATION=
(ADDRESS=(PROTOCOL=tcp)(HOST=proxysvr)(PORT=1521))
(RULE_LIST=
(RULE=(SRC=206.62.226.32/27)(DST=sales-server
)(SRV=*)(ACT=accept)
(ACTION_LIST=(AUT=on)(MCT=120)(MIT=30)))
(RULE=(SRC=206.26.226.32)(DST=proxysvr)(SRV=cmon)(ACT=acc
ept)))
(PARAMETER_LIST=
(MAX_GATEWAY_PROCESSES=8)
(MIN_GATEWAY_PROCESSSES=3)
(REMOTE_ADMIN=YES)))
One computer can host any number of Oracle Connection Managers, each with its own configuration entry in cman.ora. When defining more than one Oracle Connection Manager in the file, you can assign a default by giving only one a f ully qualified host name.
To learn more about this feature, see the ADMINISTER and STARTUP commands in the chapter "Oracle Connection Manager Control Utility" in Oracle Net Services Reference Guide.
The listening endpoint specifies the protocol address for the Oracle Connection Manager listener. CMADMIN, the Oracle Connection Manager monitoring process, uses this address to register information about gateway processe s with the listener. The database server, in turn, uses the address to register service information at the Oracle Connection Manager node.
Note that the Oracle Connection Manager listener always listens on the TCP/IP protocol. The address shown in Figure 11-0 is the default address of TCP/IP, port 1521.
(ADDRESS=(PROTOCOL=tcp)(HOST=proxysvr)(PORT=1521))
|
Note: Oracle Connection Manager can connect to the dat abase server using any protocol that Oracle supports. For example, IPC may be used if Oracle Connection Manager and the database resi de on the same host. |
The access control rule list specifies which connections are accepted, rejected, or dropped by the listener.
(RULE=(SRC=2 06.62.226.32/27)(DST=sales-server)(SRV=*)(ACT=accept) (ACTION_LIST=(AUT=on)(MCT=120)(MIT=30))) (RULE=(SRC=206.26.226.32)(DST=proxys vr)(SRV=cmon)(ACT=accept))
The example shows two rules. The first one is for client connections. The second is for the Or
acle Connection Manager Control utility (CMCTL). In the first rule, src=206.62.226.32/27 designates the IP address of th
e client, or source. DST=sales-server designates the destination host name. The abbreviation ACT stands for
"action"—that is, accept, reject, or drop. In the second rule, SRC=206.26.226.32 and DST=proxysvr r
epresent the same server, indicating that Oracle Connection Manager and CMCTL must reside on the same computer.
The parameter
ACTION_LIST in the first rule sets att
ributes for a connection if it is accepted. This parameter enables you to override default parameter settings on a connection by conn
ection basis. See "Oracle Connection Manager Parameters" in Oracle Net Services Reference Guide for a complete definition of AC
TION_LIST subparameters.
You can specify multiple rules for both client and CMCTL connections.
|
Notes:
|
The parameter list sets attributes for an Oracle Connection Manager. Parameters take two forms: global and rule level.
A global parameter applies to all Oracle Connectio
n Manager connections, unless a rule-level parameter overrides it. To change a global parameter's default setting, enter it into the
PARAMETER_LIST, together with an allowable value.
A rule-level parameter is enabled in the ACTION_LIST section of the RULE_LIST and applie
s only to connections specified by the rule. It overrides its global counterpart.
|
See Also: Oracle Net Services Reference Guide for a complete list of parameters and their default and allowed v alues |
To route clients to the database server through Oracle Connection Manager, configure the tnsnames.ora file wit
h a connect descriptor that specifies the protocol address of Oracle Connection M
anager. This address enables clients to connect to the Oracle Connection Manager computer. The connect descriptor looks like this:
sales=
(DESCRIPTION=
(ADDRESS=
(PROTOCOL=tcp)
(HOST=cman-pc)
(PORT=1521))
(CONNECT_DATA
=
(SERVICE_NAME=sales.com)))
To configure a protocol address for Oracle Connection Manager:
Start Oracle Net Manager.
In the navigator pane, expand Directory or Local > Service Naming.
Click plus (+) from the toolbar, or choose Edit > Create .
Enter any name in the Net Service Name field.
Click Next.
The Protocol page appears.
Select the protocol on which Oracle Connection Manager is configured to li sten on. By default this protocol is TCP/IP.
Click Next.
The Protocol Settings page appears.
Enter the appropriate parameter information for the selected protocol in the fields provided. If you are using TCP/ IP, the default port to use is 1521.
Click Next.
The Service page appears.
Select a release, and then enter the name of destination datab ase service.
If the destination service is an Oracle Database 10g, Oracle9i or Oracle8i database, select
|
See Also: "About Connect Descriptors" for further information about setting the service name string |
Click Next.
|
Note: Do not click Test, because a connection cannot be tested at this point. |
Click Finish to save your configuration an d dismiss Net Service Name Wizard.
The new net service name and the Oracle Connection Manager protocol address is added to the Service Naming folder.
Confi guring the database server is a two-part process that involves registering database information remotely with Oracle Connection Manag er and, optionally, configuring the server for multiplexing.
To enable the database server to comm
unicate with Oracle Connection Manager, the initialization parameter file init.ora must contain a descriptor that specif
ies the listening address of Oracle Connection Manager. Because this address is TCP, port 1521 but not the default local listening ad
dress of TCP, port 1521, you must specify an alias, using the REMOTE_LISTENER parameter:
R EMOTE_LISTENER=cman_listener_alias
After the alias is specified, it must be resolved with a service name entry in
the tnsnames.ora file.
For example, an alias for an Oracle Connection Manager listener located at proxyserver1 m
ight look like this in the init.ora file:
REMOTE_LISTENER=listener_cman
The al
ias listeners_cman would then be resolved to the following entry in the tnsnames.ora file:
listener_cman= (DESCRIPTION= (ADDRESS_LIST= (ADDRESS=(PROTOCOL=tcp)(HOST=proxyserver1)(PORT=1521))))
Once the initialization parameter file is configured with the listening address of Oracle Connection Manager, thePMON process—the database instance background process—can regis ter database information with the Oracle Connection Manager listener. This registration is similar to what occurs on the proxy node, where the CMADMIN (Connection Manager Administration) pr ocess—the Oracle Connection Manager background process—registers the location and load of proxy processes with the list ener of Oracle Connection Manager.
To enable Connection Manager to take advantage of session multiplexing, set the <
code>DISPATCHERS parameter in the initialization parameter file with the attributes PROTOCOL and MULTIPLEX<
/code>.
DISPATCHERS="(PROTOCOL=tcp)(MULTIPLEX=on)"
|
This section contains these topics:
The first feature is enabled by using the parameter DISPATCHERS in the initialization parameter
file, the second by using the parameter RULE_LIST in the cman.ora file.
Once the attributes PROTOCOL and MULTIPLEX have been added to the parameter
DISPATCHERS in the initialization parameter file, enabling session multiplexing is simply a matter of ensuring that on or to an equivalent value.
You can set different levels of multiplexing, as Table 11-1 shows.
Table 11-1 Session Multiplexing Paramete rs
|
Note: You can configure theDISPATCHERS p
arameter using the Database Configuration Assistant. |
A
s stated in "Configuring the Oracle Connection Manager Computer", you can use the parameter RULE_LIST to control client access to designated database servers in a TCP/IP environment. By entering filtering rules under this paramete
r, you can allow or restrict specific clients access to a database server.
To configure access control:
Manually create a cman.ora file, if one does not already exist.
Add the parameter R
ULE_LIST and its subparameters, using the fo
llowing format:
(RULE_LIST=
(RULE=(SRC=source_host)
(DST=destinatio
n_host)
(SRV=service)
(ACT=accept | reject | drop)))
Add the follow ing parameters for each rule described in Table 11-2 as needed.
Table 1 1-2 Rule-Level Parameters
| Paramet er | Description< /strong> |
|---|---|
SRC<
/code> |
Specify the source host name or IP address of the client. The IP address can be a subnet such as 152.10.10.62/24. |
| Specify the destination host name or IP address of the database server . The IP address can be a subnet such as 152.10.10.62/24. | |
SRV |
Specify the service name of the Oracle Database 10
g, Oracle9i, or Oracle8i database (obtained from the SERVICE_NAME parameter in the initialization para
meter file). |
ACT |
Specify to accept, reject, or drop incoming requests based on the preceding three parameters. |
|
See Also: |
You can define multiple rules in the RULE_LIST.
The action (ACT) in the first matched RULE is applied to the connection request. If no rules are defined, a
ll connections are rejected.
In the following example, client computer client1-pc is denied access to the service
sales.us.acme.com, but client 144.25.23.45 is granted access to the service db1.
(RULE_LIST= (RULE=(SRC=client1-pc)(DST=sales-server)(SRV=sales.us.acme.com)(ACT=reject)) (RULE=(SRC=144.25.23.45)(DST=144.25.187.200)(SRV=db1)(ACT=accept)))
|
|
If you want to migrate an Oracle9i cman.ora file to Oracle Database 10g, use the cmmigr tool. Here is the synta x for the tool:
cmmigr [cman.ora_location]
Specifying the file location is optional. If you omit it, cmmigr tries to find the file in the TNS_ADMIN directory; then it looks in $ORACLE_HOME/network/admin.When it runs, cmmigr renames the Oracle9i cman.ora file cman.bak. It names the Oracle Database 10g file cman.ora. The tool migrates three of the four sect ions that are in the Oracle9i file:
Address sectioncmmigr converts the listener protocol address from th e Oracle9i format to the Oracle Database 10g format
Admin sectioncmmigr ignores this section.
Profile sectioncmmigr translates the parameter names in cman_profile into Oracle Database 10g names. With the exce ption of log level and trace level, the tool leaves parameter values untouched. Obsolete parameters appear in a commented list in the new file.
Rules sectioncmmigr copies existing rules to the new file. It adds a rule that enables CMCTL to contact CMADMIN. If the old file contains no rules, cmmigr adds two rules to the new file: one for the connection between CMCTL an d CMADMIN and one for the client connection. See "Access Control Rule List (RULE_LIST)" for examples of these two rules.
The tool throws the messages listed in Table 11–3.
Table 11-3
| Message | Description |
|---|---|
| 1.4140 -"Migration completed successfully." | This message appears when cman.ora has been migrated successfully. |
| This message appears when the file location that you specify is incorrect. | |
| 3.4142-"CMAN.ORA has an invalid format." | This mess age appears when the file is in a format that cmmigr cannot understand. Need formatting guidelines |
| 4.4143-"Unable to write the new CMAN.ORA file." | need explanation |
| 5.4 144-"Nothing to migrate." | The tool found nothing in the file that it could migrate. |
