|
|
This section provides information and guidelines to assist you in installing, configuring, and managing an Oracle or Sybase database server to use with the AquaLogic Enterprise Security Administration Server.
| Note: | As of ALES verion 2.5, additional database types such as MS-SQL and PointBase are also supported. These other supported database servers are not covered in this section. |
This information is not meant to replace or supersede in any way the database documentation provided by Oracle and Sybase for their database server and client products. Also, the information provided here assumes that you are familiar with the Oracle database documentation.
| Note: | In prior versions of ALES, if you installed the Administration Server on a machine other than the machine on which you installed the database, you must have also installed and configured the respective Oracle or Sybase client on that machine. |
| Note: | As of version 2.5, the database runtime client is not required; only the JDBC Driver is required in this release. |
BEA AquaLogic Enterprise Security stores all policy and configuration data used by the Administration Server and Security Service Modules in the policy database. You can use either an Oracle database or a Sybase database for your policy data storage. You must install and configure the database server software before you install the Administration Server.
| Note: | To perform a database installation and setup, you must be a database administrator with a database administrator username and password and permission to create a new instance. In addition, you should be knowledgeable about the operating system you are working with and be adept at database installations and configuration issues. If you do not feel comfortable performing any of these tasks, ask your database administrator for assistance. |
This section covers the following topics:
This section contains the procedures for setting up and administering an Oracle database. It covers the following topics:
Before you install and set up your Oracle database, review the following topics to better understand Oracle database configuration requirements:
Each Oracle service is identified by a global database name and an Oracle system identifier referred to as the SID (see Figure A-1). The Oracle global database name is the full name of a database that uniquely differentiates it from any other databases in your network domain. One global database name can represent several database instances. The global database name is also known as the service name. The SID distinguishes the database instance from any other database instances on the same machine.
An Oracle instance is a running Oracle database made up of memory structures and background processes. Each instance is associated with an SID. With the Oracle Parallel Server, multiple instances can exist on different machines for a single database.
The policy database is a set of database schemas in which all data are stored. A database schema is a collection of objects associated with a particular schema name. The objects include tables, views, domains, constraints, assertions, privileges, and so on.
A datafile is an Oracle term for a file that contains the contents of logical database structures, such as tables and indexes. One or more datafiles form a logical unit of storage called a tablespace. A datafile is associated with only one tablespace and only one database.
A tablespace is a logical portion of a database used to allocate storage for table and index data. Each tablespace corresponds to one or more physical datafiles. Every Oracle database has a tablespace called SYSTEM and may have additional tablespaces. A tablespace is used to group related logical structures. The database username or user ID is a login that is given permission by the database administrator to access a specific database instance. This user is also called the schema owner, that is, the owner of the schema objects such as tables, views and triggers that are created.
Table 0-1, Oracle Setup Requirements, on page A-4 describes the minimum requirements for the system on which the Oracle database server is installed.
This section provides additional instructions for installing and configuring an Oracle database for use with the AquaLogic Enterprise Security Administration Server.
To install and configure the database, perform the following tasks:
This section provides recommendations for installing the Oracle database and creating a database instance. When you run the Oracle installation program, it automatically starts the Database Configuration Assistant, which you use to create an instance of the database. If the Oracle database is already installed on the database host machine, you can skip this procedure and go to Creating an Instance of an Oracle Database.
To install the Oracle database and create a database instance, perform these steps:
| Note: | For Oracle 10g, the Database Configuration Assistant is run after the installer program (just as it is with Oracle 9i), however, for 10g, it does not prompt you for input. |
|
|||
|
|
|||
PATH environment variables:<drive>:\oracle\ora920\bin;
C:\Program Files\Oracle\jre\1.3.1\bin;
C:\Program Files\Oracle\jre\1.1.8\bin;Where <drive> is the hard drive on which the Oracle database is installed.To configure the Oracle database to accept remote connections from the Administration Server, you must configure an Oracle listener. This would only be necessary if you intend to install the Administration Server on a machine other than the machine on which the Oracle data is installed.
To configure an Oracle listener, perform the following steps:
SQLplus system/password@listenername.
where password is the password you assigned to the SYSTEM account upon installation and listenername is the name you assigned to the Oracle listener, for example asi.
This section describes how to create and configure an instance of an Oracle database. It assumes that the Oracle database software was installed.
| Note: | You should only perform this procedure when you want to create and configure instances of the database in addition to the instance that was created when the database software was installed. |
Perform the following steps to create an instance of an Oracle database:
| Note: | The section provides guidance to assist you, but it does not supersede the documentation provided by Oracle. |
This section covers the following topics:
lists and describes the batch and shell files provided for database administration. The files are located in the following directory:
bea\ales25-admin\bin\
bea is the BEA_HOME directory.ales25-admin is the installation directory for the Administration Server.
Exports policy data. See the
BEA AquaLogic Enterprise Security Policy Managers Guide for information on how to export policy. The
dbtype is the type of database, Sybase or Oracle.
|
|
Installs the policy database schema. See Installing the Policy Database Schema for information on how to install the database schema.
|
|
Before running these scripts with an Oracle database, you need to ensure the following setup steps are completed:
PATH environment.PATH includes the BIN and DLL directory of Oracle installation. ORACLE_HOME is set, $ORACLE_HOME/bin is in the PATH, and $ORACLE_HOME/lib in the LD_LIBRARY_PATH.BEA strongly recommends that you backup your original policy database regularly. A database backup is always recommended before you uninstall or re-install the policy database. You may need to contact your database or system administrator to assist with this process. Backups should be done on a regularly scheduled basis.
For instructions on backing up your Oracle database, see the Oracle Backup and Recovery Guide that comes with your Oracle documentation.
This section contains the procedures for setting up and administering an Sybase database. It covers the following topics:
Before you begin to set up your Sybase database, review the following topics to better understand Sybase database configuration requirements:
The Sybase Adaptive Server is the server in the Sybase client/server architecture (see Figure A-2). It manages multiple databases and multiple users, keeps track of the actual location of data on disks, maintains mapping of logical data description to physical data storage, and maintains data and procedure caches in memory.
The policy database is a set of database schemas in which all data are stored. The Sybase database contains a set of related data tables and other database objects organized and presented to serve a specific purpose.
A database device is a Sybase term that represents the portion of a device (a portion of a hard drive, such as a partition) that is dedicated to holding database data. When creating the database device, you can choose either a raw partition or an existing file system. Choosing a raw partition can increase the performance of the database server.
The Database Login ID is a login created by a system administrator to log onto the Adaptive Server. Each Database Login has a password and a default database to access. A login is valid if the Adaptive Server has an entry for that user in the system table syslogins.
The Database Administrator (DBA) has a special database login ID that can access all databases in the Adaptive Server. The DBA is also referred to as the system administrator. In fact, the name of the DBA login is sa (for System Administrator).
The Database Owner (DBO) is a special database login with permission to perform all actions on a policy database. Usually, the login that creates the database automatically becomes the DBO. The Database User ID is dbo (lowercase), which is different from its Database Login ID. For your policy database, you can use any Database Login ID as the DBO.
The Database User ID pertains to one specific database and is a login given permission by the DBO or DBA (system administrator) to access that one database. In most cases, the database user ID is the same as the Database Login ID. However, in some cases, they may be different, as with the special dbo user ID.
A database schema is a collection of objects associated with a particular schema name. The objects include tables, views, domains, constraints, assertions, privileges, and so on.
The policy owner is a Database User ID that controls the set of database schema in the database. BEA recommends that you not use dbo as a policy owner because it requires special administration. The AquaLogic Enterprise Security architecture allows multiple policy owners in its database, each owning a policy different from the other policies.
Table 0-6 describes the minimum requirements for the system on which the Sybase Adaptive Server is installed.
This section provides instructions for installing and configuring a Sybase database for use with the AquaLogic Enterprise Security Administration Server.
For guidance on installing and configuring the database, see the following topics:
This section provides recommendations for installing and configuring the Sybase database software. If the Sybase database is already installed on the database host machine, you can skip this procedure and go to Creating Sybase Database Devices.
To install the Sybase Adaptive Server, perform these steps:
| Note: | By default SYBASE names your database server based on your machine name. |
The policy database requires at least two database devices, each having at least 250 MB of free space. The first device stores policy data and the other stores the transaction log. You must create these two database devices before you create and configure the policy database.
| Note: | For better performance, BEA recommends a raw partition as the best configuration for the database device. Obviously, you must allocate sufficient disk space to ensure that the database meets your performance requirements. |
To Create Sybase Database devices on the Windows platform, perform the following steps:
sa (no password is required). The Sybase Central screen appears as shown in Figure A-3.| Note: | The user sa does not have a password by default. |
asi_log_dev, repeat steps 4. to 6., but set the database device name to asi_log_dev instead of asi_data_dev, and click Finish.| Note: | For instructions for creating Sybase database devices on Solaris and Linux platforms, see the Chapter "Managing Adaptive Server Databases" in the Sybase Adaptive Server Enterprise Configuration Guide for the particular platform. |
This section covers the following database administration topics:
Table 0-7 lists and describes the batch and shell files provided for database administration. The files are located in the following directory:
bea\ales25-admin\bin\
bea is the BEA_HOME directory.ales25-admin is the installation directory for the Administration Server.
Exports policy data. See the
BEA AquaLogic Enterprise Security Policy Managers Guide for information on how to export policy. The
dbtype is the type of database, Sybase or Oracle.
|
|
Installs the policy database schema. See Installing the Policy Database Schema for information on how to install the database schema.
|
|
Before running these scripts with a Sybase database, you need to ensure the following setup steps are completed:
PATH environment.SYBASE environmental variable is set. PATH includes %SYBASE%\OCS-12_5\bin and %SYBASE%\OCS-12_5\dll.PATH includes $SYBASE/OCS-12_5/bin and that LD_LIBRARY_PATH includes $SYBASE/OCS-12_5/lib.isql command (the name of the database server, login ID and password).BEA strongly recommends that you backup your original policy database regularly. A database backup is always recommended before you uninstall or re-install the policy database. You may need to contact your database or system administrator to assist with this process. Backups should be done on a regularly scheduled basis.
If you have an existing backup procedure in place, you may choose to run it. Otherwise, follow these steps:
| Note: | See your Sybase documentation for further information on using these commands. |
|