| Oracle® Adaptive Access Manager Installation and Configuration Guide Release 10g (10.1.4.5) Part Number E12050-03 |
|
|
View PDF |
| Oracle® Adaptive Access Manager Installation and Configuration Guide Release 10g (10.1.4.5) Part Number E12050-03 |
|
|
View PDF |
The Oracle Adaptive Access Manager Application Server, which hosts Adaptive Risk Manager and Adaptive Strong Authenticator products needs access to the database server that contains the Adaptive Access Manager schema and it needs to be populated with some initial data.
The creation of the database schema is the same for both Adaptive Risk Manager Online and Offline.
You can install the Adaptive Access Manager schema in either an Oracle database or a SQL Server.
If you are planning to install the schema in SQL Server 2005, skip this chapter and go to Chapter 4, "Creating a SQL Server Schema."
Note:
If you are planning a proxy installation, you must install the Adaptive Manager Access Manager schema first before proceeding to the proxy installation.This chapter contains the following topics:
This chapter contains the steps needed to create the Adaptive Access Manager schema in an Oracle database.
The database used must be 10g or higher.
An Oracle Enterprise Edition database is recommended.
This section contains information if you are planning to use Oracle Adaptive Access Manager for non-English setup.
New Database
If you plan to use Oracle Adaptive Access Manager for non-English setup (i.e., localized), specify a unicode character set for your database during the Oracle database installation. For example, AL32UTF8.
Existing Database
If you plan to use Oracle Adaptive Access Manager for non-English setup and you want to use an existing database for your Oracle Adaptive Access Manager repository, determine its database character set before proceeding with the setup.
To find out the current database character set, run the following SQL script with DBA credentials:
select value from NLS_DATABASE_PARAMETERS where parameter='NLS_CHARACTERSET' and value like '%UTF8%'
The above query should return at least 1 row if the database character is set to UTF8.
If you are not using a unicode character set, refer to Metalink article #225938.1, "Database Character Set Healthcheck," for upgrade instructions.
Ensure that the appropriate initialization parameters are set before you create your database schema within the Oracle database. Please refer to the Notes section for additional details about setting the initialization parameters.
Set the initialization parameters.
ALTER SYSTEM SET db_writer_processes=4 SCOPE=SPFILE; ALTER SYSTEM SET fast_start_mttr_target=300 SCOPE=SPFILE; ALTER SYSTEM SET open_cursors=2000 SCOPE=SPFILE; ALTER SYSTEM SET pga_aggregate_target=512M SCOPE=SPFILE; ALTER SYSTEM SET processes=500 SCOPE=SPFILE; ALTER SYSTEM SET query_rewrite_enabled='FALSE' SCOPE=SPFILE; ALTER SYSTEM SET sessions=500 SCOPE=SPFILE; ALTER SYSTEM SET shared_pool_size=500M SCOPE=SPFILE; ALTER SYSTEM SET timed_statistics=TRUE SCOPE=SPFILE; ALTER SYSTEM SET undo_management='AUTO' SCOPE=SPFILE; ALTER SYSTEM SET undo_retention=900 SCOPE=SPFILE; ALTER SYSTEM SET session_cached_cursors=500 SCOPE=SPFILE; ALTER SYSTEM SET commit_write='BATCH,NOWAIT' SCOPE=SPFILE;
The following initialization parameter must be set for a RAC-specific environment:
max_commit_propagation_delay=0 (Only for RAC-specific environment)
See the Oracle Database Administrator's Guide for information about setting initialization parameter values in 10g.
Please refer to the appropriate documentation for release-specific limitations.
Restart the database after setting all the values.
Notes
The following notes are provided for your reference.
undo_retention parameter value
Adjust the undo_retention parameter value as per the UNDO tablespace size and the size of the flash recovery area.
commit_write initialization parameter
For 10g and earlier, the commit_write initialization parameter must be set to "BATCH,NOWAIT." Keeping the default value "IMMEDIATE,WAIT" will cause contention at the database level, which affects the performance of the system.
For 11g, set the commit_write initialization parameter to "NOWAIT."
To create the Adaptive Access Manager tables and populate the schema with the required objects, follow the procedures provided below.
The database scripts are located in oaam_db/full_schemas/oracle_rm_database_setup.zip
The database scripts for databases with the partition feature are located in oaam_db/full_schemas/oracle_partition_rm_database_setup.zip. For information on the partition tables and scripts to maintain the partition, refer to Section 3.7, "Partition Reference."
Unzip the file into a folder of your choice. For example, oaam_db.
The database password is set when you run the db_setup.sql script and you're prompted for a username and password.
For the Windows operating system, create the Adaptive Access Manager tables and populate the schema by following the procedures provided below:
Start SQL*Plus.
Start > Programs > Oracle_Database_Edition > Run SQL Command Line.
When the SQL*Plus Command Line appears, enter
connect
When prompted, enter the user name and password of a DBA privileged user.
For example, D:/>sqlplus sys/manager as sysdba
Run the db_setup.sql database script from the location of the scripts.
For example,
SQL > @E:/oaam_db/db_setup.sql
For the UNIX operating system, create the Adaptive Access Manager tables and populate the schema by following the procedures provided below:
Login to your server.
Run the following command:
sqlplus "sys as sysdba" or sqlplus "/ as sysdba"
Run the db_setup.sql database script from the location of the scripts.
For example,
SQL > @/home/oracle/oaam_db/db_setup.sql
When the scripts are run, they will prompt you for:
the directory location for the data tablespace
For example, in Windows, e:\oraclexe\oradata\xe
For example, in UNIX, /home/oracle/oradata
Note:
The directory must already have been created.the directory location for the index tablespace
For example, in Windows, e:\oraclexe\oradata\xe
For example, in UNIX, /home/oracle/oradata
a username
For example, oaamdbuser
a password for the database user
For example, abcd1234
the temporary tablespace to be used.
For example, TEMP
The scripts that will be run are listed below. The SQL command window will close automatically when the scripts complete their run.
When you run the db_setup.sql script, it will automatically run all the other scripts; there is no need to run the scripts manually unless you encounter a problem.
Please make sure the database user can create files on the operating system during tablespace creation. The file permissions should be set properly.
Also, ensure that the script creates the specified number of tables and indexes.
You should see a message:
OAAM No. of tables should be XXX and the script created tables: YYY
XXX should be equal to YYY
This script creates two tablespaces (BRSADATA, BRSAINDX) required for Adaptive Access Manager.
Depending on the volume of transactions expected, this script needs to be updated for the tablespace size.
This script is called by db_setup.sql to create the Oracle Adaptive Access Manager repository user and grants it the appropriate privileges.
This script is called by db_setup.sql to create the objects in the Oracle Adaptive Access Manager repository such as tables, sequences and constraints.
The initialization process involves the scripts listed below. The db_setup.sql calls the following during the first-time setup of the Oracle Adaptive Access Manager repository.
The scripts are run using the Oracle Adaptive Access Manager repository user, for example, BRSAADMIN.
oracle_user_init.sql
oracle_policy_init.sql
oracle_default_locales.sql
oracle_answerhints.sql
oracle_bharosaconfig.sql
oracle_scoringpolicy.sql
oracle_validations.sql
The user is not required to run these scripts. The db_setup.sql script will run them.
Note:
Be sure to check the log files for any errors when running the scripts.The oracle_policy_init.sql script will populate the default data set.
The oracle_default_locales.sql script will populate the locale table with seed data.
The oracle_answerhints.sql script will populate the default answer hints set.
The oracle_bharosaconfig.sql script will populate the Oracle Adaptive Access Manager configuration table with the Oracle Adaptive Access Manager configuration.
The oracle_scoringpolicy.sql script will populate the seed data for challenge question scoring.
Database tables in the Oracle Adaptive Access Manager database are divided into three different categories. The composite partition (RANGE,HASH) is in all the tables. The Range partition is created using CREATE_TIME while the HASH key is defined as per application logic.
Details about partitioned and non-partitioned tables are provided below.
Frequency: Monthly
Tables:
VCRYPT_TRACKER_NODE_HISTORY
VCRYPT_TRACKER_USERNODE_LOGS
VCRYPT_TRACKER_NODE
VT_USER_DEVICE_MAP
V_MONITOR_DATA
VT_ENTITY_ONE
VT_ENTITY_ONE_PROFILE
VT_USER_ENTITY1_MAP
VT_ENT_TRX_MAP
VT_TRX_DATA
VT_TRX_LOGS
Frequency: Weekly
Tables:
VR_POLICYSET_LOGS
VR_POLICY_LOGS
VR_RULE_LOGS
VR_MODEL_LOGS
VT_SESSION_ACTION_MAP
Other than the tables mentioned above, all other tables are non-partitioned.
After the initial Oracle Adaptive Access Manager Repository setup, use the following scripts to maintain the partition.
This script should be used to add partitions for tables with the Monthly frequency.
The script should be run at the end of each month to create partitions for the following month. To add partitions for subsequent months at the same time, run this script multiple times; when you run the script multiple times, partitions are added based on their previous month's partition.
If you fail to run the script to create monthly partitions (if your monthly partition is missing), the database errors, "ORA-14400" and "ORA-14401," are encountered, forcing the Oracle Adaptive Access Manager application to stop.
To avoid errors, it is recommend that you schedule this script as an automated job.
This script should be used to add partitions for tables with the Weekly frequency.
The script should be run at the end of each month to create partitions for the following week. To add partitions for subsequent weeks at the same time, run this script multiple times; when you run the script multiple times, partitions are added based on their previous week's partition.
If you fail to run the script to create weekly partitions (if your weekly partition is missing), the database errors, "ORA-14400" and "ORA-14401," are encountered, forcing the Oracle Adaptive Access Manager application to stop.
To avoid errors, it is recommend that you schedule this script as an automated job.
This script should be used to drop partitions for tables with the Monthly frequency. This script should run at the end of each month to drop partitions older than sixth months as per the Oracle Adaptive Access Manager Application requirement. Eventually, these tables will have six partitions at any point of time.
This script should be used to drop partitions for tables with the Weekly frequency. This script should run at the end of every fourteenth day or third week from the start of the Oracle database creation to the dropping of partitions older than two weeks as per the Oracle Adaptive Access Manager application requirement.
|
 Copyright © 2008, 2009, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|
