|Oracle Advanced Security Administrator's Guide
Part Number A90150-01
Oracle DCE Integration enables Oracle applications and tools to access Oracle9i servers in a distributed computing environment. This chapter briefly describes the Distributed Computing Environment (DCE) and the Oracle DCE Integration product. It contains the following topics:
Oracle DCE Integration requires Oracle Net and Oracle9i. It is based on the Open Software Foundation (OSF) DCE protocol (V1.1 and later).
Note that OSF has merged with X/OPEN, another standards group, to form The Open Group. This group is committed to continuing DCE support.
Oracle servers running DCE Integration 2.3.2 and later are backward compatible with clients running SQL*Net/DCE 2.1.6 or 2.2.3; however, Release 2.1.6 clients cannot take advantage of external roles.
A client running DCE Integration 2.3.2 or later cannot connect to a SQL*Net/DCE 2.1.6 or 2.2.3 server. A DCE Integration Release 2.3.2 or later client requires a Release 2.3.2 or later server in order to connect to a database.
The Distributed Computing Environment (DCE) from the Open Group is a set of integrated network services that works across multiple systems to provide a distributed environment. The network services include remote procedure calls (RPCs), directory service, security service, threads, distributed file service, diskless support, and distributed time service.
DCE is the middleware between distributed applications and the operating system/network services and is based on a client/server model of computing. By using the services and tools that DCE provides, users can create, use, and maintain distributed applications that run across a heterogeneous environment.
Oracle DCE Integration has two components: DCE Communication/Security and DCE CDS Native Naming.
This component has three principal features:
Oracle DCE Integration provides authenticated Remote Procedure Call (RPC) as the transport mechanism that enables multi-vendor interoperability. RPC also uses some of the other DCE services, including directory and security services, to provide location transparency and secure distributed computing.
Oracle DCE Integration works with the DCE Security service to provide security within DCE cells. It enables a user logged onto DCE to securely access any Oracle database without having to specify a user name or password. This is sometimes called external authentication to the database, or single sign-on. Clients and servers that are not running DCE authentication services can interoperate with systems that have DCE security by specifying an Oracle password.
Oracle DCE Integration uses the multiple levels of security that DCE provides to ensure data authenticity, privacy, and integrity. Users have a range of choices, from no protection to full encryption for each connection, with a guarantee that no data is modified in transit.
For parts of the network that do not use DCE, you can use the other security and authentication services that are part of Oracle Advanced Security. These services work with SQL*Net release 2.1 and above or with Oracle Net. They provide message integrity and data encryption services in non-DCE environments, letting administrators ensure that all network traffic is protected against unauthorized viewing or modification, regardless of the start or end point.
The DCE Cell Directory Service (CDS) Native Naming component includes naming and location transparency.
DCE Integration registers Oracle9i connect descriptors in the DCE CDS, letting them be transparently accessed across the entire DCE environment. Users can connect to Oracle database servers in a DCE environment using familiar Oracle service names.
The DCE Cell Directory Service offers a distributed, replicated repository service for name, address, and attributes of objects across the network. Because servers register their name and address information in the CDS, Oracle clients can make location-independent connections to Oracle9i servers. Services can be relocated without any changes to the client configuration. An Oracle utility is provided to load the Oracle service names with corresponding connect descriptors into CDS. After this is done, Oracle connect descriptors can be viewed from a central location with standard DCE tools.
For location of services across multiple cells, either of the following options can be used:
Oracle Advanced Security provides flexibility in your use of DCE services. You have the following options:
The following are limitations in Release 9.0.1 of Oracle Advanced Security: