|Oracle® Database Vault Installation Guide
Oracle9i Release 2 (18.104.22.168) for Solaris Operating System (SPARC 32-Bit)
|PDF · Mobi · ePub|
This chapter includes an overview of the major steps required to install Oracle Database Vault into an existing Oracle9i Database release 2 (22.214.171.124) database. These procedures transform an existing Oracle Database system (including associated applications) into an Oracle Database Vault system. Databases upgraded using the procedures described in this chapter can work almost in the same manner as in earlier releases and, optionally, can leverage new Database Vault functionality. For a list of changes that Database Vault makes, refer to Appendix E, "Initialization Parameters" and the Oracle Database Vault Administrator's Guide.
Note:In order to upgrade a pre-Oracle9i Database release 2 (126.96.36.199) database to Oracle Database Vault, you first need to upgrade the database to Oracle9i Database release 2 (188.8.131.52).
This chapter covers the following topics:
This section covers the following topics:
Before you plan the upgrade process, become familiar with the features of Database Vault. The Oracle Database Vault Administrator's Guide discusses the basic features of Database Vault.
The system must meet the following minimum hardware requirements:
At least 512 MB of available physical RAM
Swap space on the disk equal to the system's physical memory, or 1GB, whichever is greater.
400 MB of disk space in the
270 MB of disk space for the Database Vault software
10 MB of additional disk space for the database files
To ensure that the system meets these requirements:
To determine the physical RAM size, enter the following command:
# /usr/sbin/prtconf | grep "Memory size"
If the size of the physical RAM installed in the system is less than the required size, then you must install more memory before continuing.
To determine the size of the configured swap space, enter the following command:
# /usr/sbin/swap -s
Note:Oracle recommends that you take multiple readings for the available RAM and swap space before freezing on a value. This is because the available RAM and swap space keep changing depending on the user interactions with the computer.
To determine the amount of disk space available in the
/tmp directory, enter the following command:
# df -k /tmp
Delete unnecessary files from the
/tmp directory to meet the disk space requirement.
TMPDIR environment variables when setting the
oracle user's environment (described later).
Extend the file system that contains the
/tmp directory. If necessary, contact your system administrator for information about extending file systems.
# df -k
# /bin/isainfo -kv
Note:This command displays the processor type. Verify that the processor architecture matches the Oracle software release that you want to install. If you do not see the expected output, then you cannot install the software on this system.
The system must meet the following minimum software requirements:
The version of Solaris must be Solaris 8, Solaris 9, or Solaris 10.
The following packages must be installed:
SUNWarc SUNWlibms SUNWi1of SUNWbtool SUNWsprot SUNWi1cs SUNWhea SUNWsprox SUNWi15cs SUNWlibm SUNWtoo SUNWxwfnt
The following patches must be installed:
Patches for Solaris 8:
All of the patches included in the J2SE Patch Cluster for Solaris 8:
108528-23, SunOS 5.8: kernel update patch
108652-66, X11 6.4.1: Xsun patch
108773-18, SunOS 5.8: IIIM and X I/O Method patch
108921-16, CDE 1.4: dtwm patch
108940-53, Motif 1.2.7 and 2.1.1: Runtime lib. patch for Solaris 8
108987-13, SunOS 5.8: Patch for patchadd and patchrm
108989-02, /usr/kernel/sys/acctctl & /.../exacctsys patch
108993-18, SunOS 5.8: LDAP2 client, libc, libthread ... lib. patch
109147-24, SunOS 5.8: linker patch
110386-03, SunOS 5.8: RBAC Feature Patch
111023-02, SunOS 5.8: /kernel/fs/mntfs and ... sparcv9/mntfs
111111-03, SunOS 5.8: /usr/bin/nawk patch
111308-03, SunOS 5.8: /usr/lib/libmtmalloc.so.1 patch
111310-01, SunOS 5.8: /usr/lib/libdhcpagent.so.1 patch
112396-02, SunOS 5.8: /usr/bin/fgrep patch
The following additional patches:
111721-04, SunOS 5.8: Math Library (libm) patch
112003-03, SunOS 5.8: Unable to load fontset in 64-bit Solaris 8 iso-1 or iso-15
112138-01, SunOS 5.8: usr/bin/domainname patch
Patches for Solaris 9:
112233-11: SunOS 5.9: Kernel Patch
111722-04: SunOS 5.9: Math Library (libm) patch
To ensure that the system meets these requirements, follow these steps:
To determine which version of Solaris is installed, enter the following command:
# uname -r 5.8
In this example, the version shown is Solaris 8 (5.8). If necessary, see your operating system documentation for information about upgrading the operating system.
To determine whether the required packages are installed, enter a command similar to the following:
# pkginfo -i SUNWarc SUNWbtool SUNWhea SUNWlibm SUNWlibms \ SUNWsprot SUNWsprox SUNWtoo SUNWi1of SUNWi1cs SUNWi15cs SUNWxwfnt
If a package is not installed, then install it. See your operating system or software documentation for information about installing packages.
To determine whether an operating system patch is installed, enter a command similar to the following:
# /usr/sbin/patchadd -p | grep patch_number
If an operating system patch is not installed, download it from the following Web site and install it:
Verify that the following kernel parameters are set to values greater than or equal to the recommended value shown:
|noexec_user_stack (obsolete in Solaris 9)||1|
|shmsys:shminfo_shmmin (obsolete in Solaris 9)||1|
|shmsys:shminfo_shmseg (obsolete in Solaris 9)||10|
To view the current value specified for these kernel parameters, and to change them if necessary, follow these steps:
To view the current values of these parameters, enter the following commands:
# grep noexec_user_stack /etc/system # /usr/sbin/sysdef | grep SEM # /usr/sbin/sysdef | grep SHM
If you must change any of the current values, follow these steps:
Create a backup copy of the
/etc/system file, for example:
# cp /etc/system /etc/system.orig
/etc/system file in any text editor:
# vi /etc/system
To specify new values for the parameters, add lines similar to the following to the
/etc/system file, or edit the lines if the file already contains them:
set noexec_user_stack=1 set semsys:seminfo_semmni=100 set semsys:seminfo_semmns=1024 set semsys:seminfo_semmsl=256 set semsys:seminfo_semvmx=32767 set shmsys:shminfo_shmmax=4294967295 set shmsys:shminfo_shmmin=1 set shmsys:shminfo_shmmni=100 set shmsys:shminfo_shmseg=10
Enter a command similar to the following to reboot the system:
When the system restarts, log in and switch user to
In order to install Oracle Database Vault, you must be running the Enterprise Edition of Oracle9i Database release 2 (184.108.40.206). In addition, the Database Vault installer requires write access to the files,
/var/opt/oracle/oratabfile should have an entry for the database. For example:
You can set the
REMOTE_LOGIN_PASSWORDFILE parameter in the
init.ora file. Use the
orapwd utility to create and manage password files.
See Also:Oracle9i Database Administrator's Guide for more information on creating and maintaining a password file
The following topic discusses applying the 220.127.116.11 patch set:
To install Oracle Database Vault, you need to upgrade the database to Oracle9i Database release 2 (18.104.22.168). Oracle strongly recommends that you back up your database before performing any upgrade or installation.
See Also:Oracle9i Backup and Recovery Concepts for information on database backups
This section covers the following topics:
Patch sets are cumulative. Patch set release 22.214.171.124 includes all fixes in patch sets 126.96.36.199 and earlier as well as new fixes for patch set 188.8.131.52. This means that unless the patch set documentation indicates otherwise, you can apply this patch set to any earlier release 9.2 installation. You do not have to install intermediate patch sets.
Patch sets contain generic fixes that apply to all platforms. Patch sets may also include additional platform-specific patches.
Note:The 32-bit version of the patch set must be installed only on the 32-bit version of the database software, regardless of whether the operating system is 32-bit or 64-bit. The 64-bit version of the patch set must be installed only on the 64-bit version of the database software that runs on the 64-bit operating system.
This patch set includes Oracle Universal Installer release 10.1.0.5. You must use this Oracle Universal Installer to install this patch set and not Oracle Universal Installer from the 9.2.0.x maintenance release media or Oracle home.
This is not a complete software distribution. You must install it in an existing Oracle9i release 2 (9.2.0.x.x) installation. Users applying this patch set must use Oracle Universal Installer release 10.1.0.5 (provided as part of this patch set) or later to ensure that their Oracle home can be patched in the future. Oracle Universal Installer release 10.1.0.5 is also installed when you install this patch set.
There are two documents related to this release of the Oracle9i release 2 patch set:
Oracle9i Patch Set Notes, Release 2 (184.108.40.206) Patch Set 7 for Solaris Operating System (SPARC 32-Bit)
This document provides:
System requirements and information about how to install or reinstall the patch set
A list of all bugs fixed to date that are specific to Oracle9i release 2 for Solaris Operating System (SPARC 32-Bit)
A list of known issues relating to Oracle9i release 2 for Solaris Operating System (SPARC 32-Bit)
Oracle9i List of Bugs Fixed, Release 2 (220.127.116.11) Patch Set 7
The List of Bugs Fixed is a list of all generic bugs related to Oracle9i release 2 that have been fixed in this release.
Both of these documents are included with the patch set. The Oracle9i List of Bugs Fixed is also available on OracleMetalink, from document 189908.1, ALERT: Oracle9i Release 2 (9.2) Support Status and Alerts at:
Oracle strongly recommends that you back up your database before performing any upgrade or installation. The ultimate success of your upgrade depends heavily on the design and execution of an appropriate backup strategy. To develop a backup strategy, consider the following questions:
How long can the production database remain inoperable before business consequences become intolerable?
What backup strategy should be used to meet your availability requirements?
Are backups archived in a safe, offsite location?
How quickly can backups be restored (including backups in offsite storage)?
Have recovery procedures been tested successfully?
Your backup strategy should answer all of these questions and include procedures for successfully backing up and recovering your database.
See Also:Oracle9i User-Managed Backup and Recovery Guide for information on database backups
The Global Services Daemon (GSD) should be running for the Database Vault installer to find existing Oracle Real Application Clusters (RAC) databases. If you have stopped GSD, then you should restart it before running Oracle Universal Installer. Use the following command to start the GSD service:
You need to run this command on each Oracle RAC node.
Stop all processes running in the Oracle home. You must complete this task to enable Oracle Universal Installer to relink certain executables and libraries. For Oracle RAC databases, you need to stop the processes on all nodes.
Stop the processes in the following order:
apachectl process using the following command:
agentctl process using the following command:
Shut down all database instances running from the Oracle home directory into which Oracle Database Vault is to be installed.
sqlplus SYS "AS SYSDBA" Enter password: SQL> shutdown immediate
Use the Server Control (
srvctl) utility, and not SQL*Plus, to stop an Oracle Real Application Clusters (RAC) Database instance.
srvctl stop database -d database_name
Oracle Universal Installer configures and starts a default Oracle Net listener using TCP/IP port 1521. However, if an existing Oracle Net listener process is using the same port or key value, then Oracle Universal Installer can only configure the new listener, it cannot start it. To ensure that the new listener process starts during the installation, you must shut down any existing listeners before starting Oracle Universal Installer.
Switch user to
# su - oracle
$ ps -ef | grep tnslsnr
This command displays information about the Oracle Net listeners running on the system:
... oracle_home1/bin/tnslsnr LISTENER -inherit
In this example,
oracle_home1 is the Oracle home directory where the listener is installed and
LISTENER is the listener name.
Note:If no Oracle Net listeners are running, then refer to the "Configure the Oracle User's Environment" section to continue.
Bourne, Bash, or Korn shell:
$ ORACLE_HOME=oracle_home1 $ export ORACLE_HOME
C or tcsh shell:
% setenv ORACLE_HOME oracle_home1
Enter the following command to identify the TCP/IP port number and IPC key value that the listener is using:
$ $ORACLE_HOME/bin/lsnrctl status listenername
Note:If the listener uses the default name LISTENER, then you do not have to specify the listener name in this command.
$ $ORACLE_HOME/bin/lsnrctl stop listenername
Repeat this procedure to stop all listeners running on this system.
Note:If you are installing Database Vault for Oracle Real Application Clusters (RAC), then you need to shut down all Oracle processes on all cluster nodes. See Appendix A, "How to Stop Processes in an Existing Oracle Real Application Clusters Database" for more details.
Run Oracle Universal Installer (OUI) using the account that owns the Oracle software. This is usually the
However, before you start Oracle Universal Installer you must configure the environment of the
oracle user. To configure the environment, you must:
Note:Ensure that the
To set the
oracle user's environment:
Start a new terminal session, for example, an X terminal (
Enter the following command to ensure that X Window applications can display on this system:
$ xhost fully_qualified_remote_host_name
$ xhost somehost.us.acme.com
If you are not already logged in to the system where you want to install the software, then log in to that system as the
If you are not logged in as the
oracle user, then switch user to
$ su - oracle
$ echo $SHELL
Bourne shell (
sh), Bash shell (
bash), or Korn shell (
$ vi .profile
C shell (
% vi .login
Enter or edit the following line, specifying a value of 022 for the default file mode creation mask:
Save the file, and exit from the editor.
To run the shell startup script, enter one of the following commands:
Bourne, Bash, or Korn shell:
$ . ./.profile
% source ./.login
Bourne, Bash, or Korn shell:
$ DISPLAY=local_host:0.0 ; export DISPLAY
% setenv DISPLAY local_host:0.0
In this example,
local_host is the host name or IP address of the system that you want to use to display Oracle Universal Installer (your workstation or PC).
If you determined that the
/tmp directory has less than 400 MB of free disk space, then identify a file system with at least 400 MB of free space and set the
TMPDIR environment variables to specify a temporary directory on this file system:
df -k command to identify a suitable file system with sufficient free space.
If necessary, enter commands similar to the following to create a temporary directory on the file system that you identified, and set the appropriate permissions on the directory:
$ su - root # mkdir /mount_point/tmp # chmod a+wr /mount_point/tmp # exit
Enter commands similar to the following to set the
TMPDIR environment variables:
Bourne, Bash, or Korn shell:
$ TEMP=/mount_point/tmp $ TMPDIR=/mount_point/tmp $ export TEMP TMPDIR
% setenv TEMP /mount_point/tmp % setenv TMPDIR /mount_point/tmp
Enter commands similar to the following to set the
ORACLE_SID environment variables:
Bourne, Bash, or Korn shell:
$ ORACLE_BASE=/u01/app/oracle $ ORACLE_SID=sales $ export ORACLE_BASE ORACLE_SID
% setenv ORACLE_BASE /u01/app/oracle % setenv ORACLE_SID sales
In these examples,
/u01/app/oracle is the Oracle base directory that you created or identified earlier and
sales is the name that you want to call the database (typically no more than five characters).
Bourne, Bash, or Korn shell:
$ unset ORACLE_HOME $ unset TNS_ADMIN
% unsetenv ORACLE_HOME % unsetenv TNS_ADMIN
$ umask $ env | more
Verify that the
umask command displays a value of
0022 and the environment variables that you set in this section have the correct values.
Run Oracle Universal Installer (OUI) to install Oracle Database Vault into an existing Oracle9i Database release 2 (18.104.22.168) database. You should run the installer as the software owner account that owns the current
ORACLE_HOME environment. This is normally the
Log in as the
oracle user. Alternatively, switch user to
oracle using the
su command. Change your current directory to the directory containing the installation files. Start Oracle Universal Installer.
The following steps discuss the options you need to select:
In the Specify Installation Details screen, you need to specify the path to the Oracle home that contains the existing Oracle Database. The Destination Path box lists the Oracle home paths of all Oracle9i Database release 2 (22.214.171.124) Enterprise Edition databases registered with the system.
Select the Oracle home corresponding to the database into which you want to install Oracle Database Vault.
If an Oracle home does not have an Enterprise Edition of Oracle9i Database release 2 (126.96.36.199) installed, then it is not displayed. You must ensure that the Oracle home has an Enterprise Edition of Oracle9i Database release 2 (188.8.131.52) installed.
If an Oracle home already contains Oracle Database Vault, then it is not displayed. You cannot install Oracle Database Vault into an Oracle home more than once.
Enter a user name for the Database Vault Owner account in the Database Vault Owner field. The user name can be a minimum of 2 and maximum of 30 characters long.
Enter a password for the Database Vault Owner account in the Database Vault Owner Password field. The password can be a minimum of 8 and a maximum of 30 characters. The password must include at least one alphabet, one digit, and one nonalphanumeric character (symbol). It cannot be the same as the account names for either the Database Vault owner or the Database Vault account manager. It cannot contain any consecutive repeating characters.
Reenter the password in the Confirm Password field.
Select Create a Separate Account Manager if you want to create a separate Account Manager to manage Oracle Database Vault accounts.
In the Database Vault Account Manager field, enter a user name for the Database Vault Account Manager if you have chosen to select the Create a Separate Account Manager check box. The user name can be a minimum of 2 and a maximum of 30 characters.
Enter a password for the Database Vault Account Manager account in the Account Manager Password field. The password can be a minimum of 8 and a maximum of 30 characters. The password must include at least one alphabet, one digit, and one nonalphanumeric character (symbol). It cannot be the same as the account names for either the Database Vault owner or the Database Vault account manager. It cannot contain any consecutive repeating characters.
Reenter the password in the Confirm Password field. Click Next.
The Select Existing Database screen is displayed. A list of all databases running from the selected Oracle home is displayed. Select the database into which you wish to install Oracle Database Vault.
If the selected Oracle home contains more than one database, then Operating System (OS) authentication is turned off for all the databases in the Oracle home.
If a database is not listed, then check to make sure that you have followed the instructions under "Check the Database Requirements".
Install Oracle Database Vault into an Oracle home containing multiple databases only if you wish to enable Oracle Database Vault for all these databases. If this is not the case, then Oracle recommends that you install Oracle Database Vault into an Oracle home containing a single database.
Enter the existing
SYS user password for the selected database in the Existing Database SYS Password field.
Reenter the SYS password in the Confirm Password field. Click Next.
Note:At this point, the database requirements are validated.
You are prompted to shut down all Oracle processes running from the Oracle home before proceeding. Shut down the Oracle processes, if you have not already done so.
See Also:"Stop Existing Oracle Processes" for more information on stopping existing Oracle processes
Product-specific prerequisite checks are performed. Confirm that all tests have passed. Click Next to continue.
The Summary screen is displayed with the installation details. Verify the details and click Install.
The Installation screen is displayed. After the installation completes, the Database Vault Configuration Assistant (DVCA) is run automatically. DVCA helps configure the Database Vault installation.
Make sure you perform a full backup of the production database. See Oracle9i Backup and Recovery Concepts for details on backing up a database.
Make sure that the following environment variables point to the correct Oracle Database Vault directories:
ORACLE_HOME: Specifies the Oracle home directory. For example,
PATH: Specifies the directories searched by the shell to locate executable programs. For example,
You may also need to set the following environment variables:
ORA_NLS33: Specifies the directory where the language, territory, character set, and linguistic definition files are stored. For example,
LD_LIBRARY_PATH: Specifies the list of directories that the shared library loader searches to locate shared object libraries at run time. For example,
man ld command for more information about this environment variable.
Oracle strongly recommends that you change the password for each account after installation. This enables you to effectively implement the strong security provided by Oracle Database Vault.
Note:If you are creating a database using Database Configuration Assistant, you can unlock accounts after the database is created by clicking Password Management before you exit from Database Configuration Assistant.
To unlock and reset user account passwords using SQL*Plus:
Start SQL*Plus and log in using the Database Vault Account Manager account. If you did not create the Database Vault Account Manager account during installation, then you will need to log in using the Database Vault Owner account.
Enter a command similar to the following, where
account is the user account that you want to unlock and
password is the new password:
SQL> ALTER USER account [ IDENTIFIED BY password ] ACCOUNT UNLOCK;
In this example:
ACCOUNT UNLOCK clause unlocks the account.
password clause resets the password.
If you are using password file authentication for administrative users, then you can choose to disable
SYSDBA logins by creating the password file with the
nosysdba flag set to
If a password file has been created using the
orapwd utility with the
nosysdba flag set to
y (Yes) (the default action of a Database Vault installation), users will not be able to log in to an Oracle Database Vault instance using the
SYS account or any account with
SYSDBA privilege using the
AS SYSDBA clause. You can reenable the ability to connect with the
SYSDBA privilege by re-creating the password file with the
nosysdba flag set to
n (No). You might need to reenable the ability to connect with SYSDBA privileges, if certain products or utilities require it's use.
When you re-create the password file, any accounts other than
SYS that were granted the
SYSOPER privileges will have those privileges removed. You will need to regrant the privileges for these accounts after you have re-created the password file.
In order to run the
orapwd command, you need to shut down the database, run the
orapwd command and then restart the database. Use the following syntax to run the
orapwd file=filename password=password [entries=users] nosysdba=y/n
file: Name of password file (mandatory)
password: Password for
SYS (mandatory). Enter at least six alphanumeric characters.
entries: Maximum number of distinct DBA users
nosysdba: Whether to enable or disable the
SYS logon (optional for Oracle Database Vault only). Enter
y (for yes) or
n (for no)
The default is no, so if you omit this flag, the password file will be created enabling
SYSDBA access for Oracle Database Vault instances.
orapwd file=$ORACLE_HOME/dbs/orapworcl password=5hjk99 nosysdba=n where the file name is of the format, orapwSID_Name
Note:Do not insert spaces around the equal (=) character.
See Also:Oracle9i Database Administrator's Guide for more information on using the
Under a cluster file system and raw devices, the password file under
$ORACLE_HOME is in a symbolic link that points to the shared storage location in the default configuration. In this case, the
orapwd command you issue affects all nodes.
You need to start the listener and database on all Oracle Real Application Clusters (RAC) nodes other than the one on which the installation is performed. Use the following commands to start the listener and the database:
Note:You need to enable
SYSDBAconnections on all nodes before running these commands. See "Enable or Disable Connections with the SYSDBA Privilege" for more information on enabling
$ORACLE_HOME/bin/lsnrctl start listener_name srvctl start instance -d unique_database_name -i instance_name -c "SYS/password AS SYSDBA"
After installing Database Vault for an Oracle Real Application Clusters (RAC) instance, you need to run Database Vault Configuration Assistant (DVCA) with the
-action optionrac switch. You need to run this command for all Oracle RAC nodes other than the node on which the Database Vault installation is performed. This step is required to enable the enhanced security features provided by Oracle Database Vault.
The command itself needs to be run on the node on which the Database Vault installation is performed. You need to supply the name of the remote Oracle RAC node for which the action is being performed using the
Note:The listener and database instance should be running on the nodes for which you run DVCA.
You should also ensure that the Global Services Daemon (GSD) is running on the remote nodes. You can use the following command to start the GSD service on a node:
# dvca -action optionrac -racnode host_name -oh oracle_home -jdbc_str jdbc_connection_string -sys_passwd sys_password [-logfile ./dvca.log] [-silent] [-nodecrypt]
action: The action to perform.
optionrac performs the action of updating the instance parameters for the Oracle RAC instance and optionally disabling
SYSDBA operating system access for the instance.
racnode: The host name of the Oracle RAC node for which the action is being performed. Do not include the domain name with the host name.
oh: The Oracle home for the Oracle RAC instance.
jdbc_str: The JDBC connection string used to connect to the instance you are configuring. For example,
sys_password: The password for the
logfile: Optionally, specify a log file name and location. You can enter an absolute path or a path that is relative to the location of the
silent: Required if you are not running DVCA in an xterm window.
nodecrypt: Reads plaintext passwords as passed on the command line.
Note:You can reenable
SYSDBAaccess by re-creating the password file with the
nosysdbaflag set to
orapwdutility enables you to do this.
Oracle Database Vault Administrator (DVA) is a browser-based graphical user interface console that you can use to manage Oracle Database Vault. You can deploy DVA in an existing Oracle Database 10g Release 2 (10.2) installation in order to manage an Oracle Database Vault Oracle9i Release2 (184.108.40.206.1) instance.
You should have the following directory structure on the host containing the Oracle Database 10g Release 2 (10.2) installation:
$ORACLE_HOME |------> jlib | |------> lib | |------> sysman | |---> jlib | |------> rdbms | |---> jlib | |------> owm | |---> jlib | |------> oui | |---> jlib
Note:The environment variable
$ORACLE_HOMEmust be set to the directory containing the installed Oracle product.
For example, if the 10.2 installation directory is
ORACLE_HOME = /u00/app/oracle/product/10.2/db_1
Create the following directory structure under the
$ORACLE_HOME | |------> dv | |---> jlib
mkdir -p $ORACLE_HOME/dv/jlib/
The following files should already be present in the Oracle Database 10g Release 2 (10.2) installation:
$ORACLE_HOME/sysman/jlib/emCORE.jar $ORACLE_HOME/sysman/jlib/emDB.jar $ORACLE_HOME/sysman/jlib/emjsp.jar $ORACLE_HOME/sysman/jlib/ems.jar $ORACLE_HOME/sysman/jlib/log4j-core.jar $ORACLE_HOME/sysman/jlib/jcb.jar $ORACLE_HOME/rdbms/jlib/jmscommon.jar $ORACLE_HOME/rdbms/jlib/qsma.jar $ORACLE_HOME/oui/jlib/OraInstaller.jar $ORACLE_HOME/jlib/regexp.jar $ORACLE_HOME/jlib/providerutil.jar $ORACLE_HOME/jlib/ojmisc.jar $ORACLE_HOME/jlib/netcfg.jar $ORACLE_HOME/jlib/orai18n-mapping.jar $ORACLE_HOME/jlib/ldapjclnt10.jar $ORACLE_HOME/lib/xschema.jar $ORACLE_HOME/lib/xsu12.jar $ORACLE_HOME/lib/oraclexsql.jar
You can manually deploy Database Vault Administrator (DVA) to the following Oracle Application Server Containers for J2EE (OC4J) home:
Use the following steps to manually deploy the DVA application:
Note:If you are redeploying the DVA application, then you need to remove the application before you can run the steps to deploy the application. Use the following commands to remove the DVA application:
cd $ORACLE_HOME/dv/jlib rm -rf dv_webapp
dva_webapp.ear files are shipped with the Oracle Database Vault Oracle9i Release 2 (220.127.116.11) installation media. Navigate to the
dva.zip file to the disk.
Copy the following extracted files to the
$ORACLE_HOME/dv/jlib/ directory in your Oracle Database 10g Release 2 (10.2) installation:
<application name="dva" path="$ORACLE_HOME/dv/jlib/dva_webapp.ear" auto-start="true" />
<application name="dva" path="/u00/app/oracle/oracle/product/dv12/dv/jlib/dva_webapp.ear" auto-start="true" />
Edit the file,
$ORACLE_HOME/oc4j/j2ee/home/config/http-web-site.xml. Enter the following line just above the last line that reads,
<web-app application="dva" name="dva_webapp" root="/dva" />
<init-param> <param-name>main_mode</param-name> <param-value>justrun</param-value> </init-param>
mkdir -p $ORACLE_HOME/dv/jlib/sysman/config
oracle.sysman.emSDK.svlt.ConsoleMode=standalone oracle.sysman.eml.mntr.emdRepRAC=FALSE oracle.sysman.eml.mntr.emdRepDBName=ORACLE_SID oracle.sysman.eml.mntr.emdRepConnectDescriptor=TNS_connection_string
oracle.sysman.eml.mntr.emdRepRAC should be set to
TRUE for a Real Application Clusters (RAC) database.
ORACLE_SID should be the SID of the Oracle Database Vault Oracle9i Release 2 (18.104.22.168) instance.
oracle.sysman.eml.mntr.emdRepConnectDescriptor, you can use an alias from
$ORACLE_HOME/network/admin/tnsnames.ora. Alternatively, you can use the following syntax:
ORACLE_HOME=/u00/app/oracle/product/10.2/db_1 export ORACLE_HOME LD_LIBRARY_PATH=$ORACLE_HOME/bin:$ORACLE_HOME/lib:$ORACLE_HOME/jdbc/lib export LD_LIBRARY_PATH PATH=$ORACLE_HOME/bin:$ORACLE_HOME/jdk/bin:$PATH export PATH
LD_LIBRARY_PATHmust be set to use the OCI-based JDBC libraries.
Start OC4J using the following syntax:
$ORACLE_HOME/jdk/bin/java -Djava.awt.headless=true -DEMDROOT=$ORACLE_HOME/dv/jlib -jar $ORACLE_HOME/oc4j/j2ee/home/oc4j.jar -userThreads -config $ORACLE_HOME/oc4j/j2ee/home/config/server.xml
Tip:You can create a shell script file, put the command to start OC4J in it, and grant appropriate
executepermissions for the file. This allows you to easily reuse the command when required.
You can also create a shell script file to stop OC4J, if required. You will need to stop and start OC4J if you make DVA configuration changes. For example:
# script to stop and start OC4J $ORACLE_HOME/jdk/bin/java -jar $ORACLE_HOME/oc4j/j2ee/home/admin.jar ormi://localhost admin welcome -stop $ORACLE_HOME/jdk/bin/java -Djava.awt.headless=true -DEMDROOT=$ORACLE_HOME/dv/jlib -jar $ORACLE_HOME/oc4j/j2ee/home/oc4j.jar -userThreads -config $ORACLE_HOME/oc4j/j2ee/home/config/server.xml
You can now access the DVA application. The HTTP port defaults to 8888 for this environment. Use the following URL:
You can modify the length of time that DVA stays connected while inactive. By default, the connection duration is 35 minutes. Your session automatically gets expired after 35 minutes of inactivity.
To set the session time for Oracle Database Vault Administrator:
Back up the
web.xml file, which by default is in the
In a text editor, open the
web.xml file .
Search for the following setting:
<session-config> <session-timeout>35</session-timeout> </session-config>
<session-timeout> setting to the amount of time in minutes that you prefer.
Save and close the
Stop and restart OC4J for the change to take effect.
You can use the following command to restart OC4J:
$ORACLE_HOME/jdk/bin/java -jar $ORACLE_HOME/oc4j/j2ee/home/admin.jar ormi://oc4jHost:oc4jOrmiPort adminId adminPassword -restart
$ORACLE_HOME/jdk/bin/java -jar $ORACLE_HOME/oc4j/j2ee/home/admin.jar ormi://localhost admin welcome -restart
Note:If you have Oracle Enterprise Manager Console DB installed in your Oracle Database 10g Release 2 (10.2) installation, then you can also use the following commands to stop and start the DVA application:
emctl stop dbconsole emctl start dbconsole
Log in as the user that owns the Oracle software. This is usually the
Shut down all processes running in the Oracle home.
Start Oracle Universal Installer as follows:
In the Welcome screen, select Deinstall Products. The Inventory screen appears. This screen lists all the Oracle homes on the system.
Select the Oracle home and the products that you wish to remove. Click Remove.
See Also:Refer to the Oracle Universal Installer Concepts Guide for Oracle Universal Installer (OUI) concepts
Note:You cannot remove or uninstall the Database Vault option. However, you can disable Oracle Database Vault. Refer to Oracle Database Vault Administrator's Guide for more details.
You can also remove the entire Oracle home, as discussed earlier in this section.