4 Configuring Oracle Database Firewall for High Availability

This chapter contains:

• About Using High Availability with Oracle Database Firewall

• Configuring a Resilient Pair of Oracle Database Firewall Management Servers

• Configuring a Resilient Pair of Oracle Database Firewalls

• Pairing Enforcement Points

• Archiving Data

• Updating the Oracle Database Firewall Software in Resilient Pairs

About Using High Availability with Oracle Database Firewall

This section contains:

• How Does High Availability Work with the Oracle Database Firewall Components?

• Incorporating Resilient Pairs of Oracle Database Firewall Management Servers

• Adding Paired Enforcement Points

• Network Communication for the Resilient Pairs

How Does High Availability Work with the Oracle Database Firewall Components?

Oracle Database Firewall provides high-availability solutions by allowing two Database Firewalls to be configured in a resilient pair. During normal operation, one unit (the primary) carries out all normal operations, while the other (the secondary) monitors traffic, but alerts only in the unlikely event that the primary should fail.

Both devices connect to the network normally. All settings necessary to configure the resilient pair are available from the Management Server Administration Console.

Figure 4-1 shows an example of two Database Firewalls being used as a resilient pair.

Figure 4-1 High Availability Using a Resilient Pair of Oracle Database Firewalls

Description of "Figure 4-1 High Availability Using a Resilient Pair of Oracle Database Firewalls"

High availability is available only when the Oracle Database Firewall is configured in Database Activity Monitoring mode.

Note:

If the Oracle Database Firewall Management Server fails, it is not possible to generate reports, monitor system status and change configuration settings, although Oracle Database Firewalls will continue to monitor and log traffic. When the Oracle Database Firewall Management Server returns to an online status, it collects logged data from the Oracle Database Firewalls and automatically generates any outstanding scheduled reports.

Incorporating Resilient Pairs of Oracle Database Firewall Management Servers

Optionally, two Oracle Database Firewall Management Servers can also be configured as a resilient pair. The primary Oracle Database Firewall Management Server carries out all tasks while the secondary Oracle Database Firewall Management Server stands by, ready to assume control.

The main benefit of a resilient pair of Oracle Database Firewall Management Servers it that it provides continuous service to generate reports, monitor system status and change configuration settings in the event of a failure of the primary Oracle Database Firewall Management Server.

The secondary Oracle Database Firewall Management Server obtains its configuration settings automatically from the primary. To ensure that settings remain consistent between the two devices, the Administration Console allows configuration settings to be saved only from the primary Oracle Database Firewall Management Server.

Note:

You can have a maximum of two Management Servers for an Oracle Database Firewall system.

Figure 4-2 shows an example of high availability using a resilient pair of Database Firewalls and a resilient pair of Database Management Servers.

Figure 4-2 High Availability Using a Resilient Pair of Firewall Servers and Firewalls

Description of "Figure 4-2 High Availability Using a Resilient Pair of Firewall Servers and Firewalls"

Adding Paired Enforcement Points

Oracle Database Firewall also allows two enforcement points to be paired. This may be useful in certain high-availability architectures that have two data centers. See "Pairing Enforcement Points" for more information.

Network Communication for the Resilient Pairs

When you use resilient pairs, it is important to ensure that the network allows both devices in the pair to communicate with each other. Oracle Database Firewall must be able to communicate with both the primary and secondary Oracle Database Firewall Management Servers, and vice versa.

Configuring a Resilient Pair of Oracle Database Firewall Management Servers

Chapter 3, "Configuring a Database Firewall Management Server,"explains how to set up a new Oracle Database Firewall system, including the steps necessary to configure a resilient pair of Oracle Database Firewall Servers. This section provides steps that are specific to creating a resilient pair of Oracle Database Firewall Management Servers, which may be useful when adding high availability to an existing system.

This section contains:

• Procedure for Configuring a Pair of Resilient Database Firewall Management Servers

• Swapping the Primary and Secondary Database Firewall Management Servers

Procedure for Configuring a Pair of Resilient Database Firewall Management Servers

To set up a resilient pair of Oracle Database Firewall Management Servers:

1. Ensure that the Management Server software is installed and running on two servers.

2. For each Database Firewall that will be managed by the resilient pair of Management Servers:

   1. Log in to the Administration Console of the Database Firewall.

      See "Logging in to the Administration Console" for more information.

   2. Click the System tab, then click Management Server in the System menu.

   3. Enter the IP address and certificate of one of the installed Management Servers.

   4. Check Add Second Management Server, and then add the IP address and certificate of the other installed Management Server.

3. For each of the paired Management Servers:

   1. Log in to the Administration Console of the Management Server.

   2. Click the System tab, and in the High Availability Pairing section, click Change.

   3. Select whether this is the primary or secondary Management Server in the Change Status field.

   4. Enter the IP address and certificate of the partner Management Server, then click Apply.

   5. Add each managed Database Firewall as an appliance in both Management Servers in the resilient pair. See "Step 3B: Add Each Oracle Database Firewall to the Management Server".

To view the high availability settings for the Database Firewall Management Server:

1. In the Management Server's administration console, click the System tab, and then click Status under the System menu.

2. View the Management Server's high availability settings in the High Availability section of the Status page.

Swapping the Primary and Secondary Database Firewall Management Servers

There is normally no need to manually swap the status of an Oracle Database Firewall Management Server from primary to secondary and vice versa, since this is handled automatically in the event of a failure of the primary. However, there may be times when you want to swap the primary and secondary Management Servers (for example, during the upgrade process). For upgrades, you may want to swap the primary Management Server with the secondary Management Server. After you are satisfied that the upgrade is successful, you can swap them back again.

To swap the primary and secondary Database Firewall Management Servers:

1. Log in to the Administration Console for the current primary Management Server.

   See "Logging in to the Administration Console" for more information.

2. Click Change in the High Availability Pairing section.

3. Click the Secondary button.

Configuring a Resilient Pair of Oracle Database Firewalls

This section explains the steps necessary to configure a resilient pair of Oracle Database Firewalls. Although these steps are covered in Chapter 3, which explains how to set up a new Oracle Database Firewall system, the summary of the steps given below may be useful if you are adding high availability to an existing system.

This section contains:

• Procedure for Configuring a Pair of Oracle Database Firewalls

• Swapping the Primary and Secondary Oracle Database Firewalls

Procedure for Configuring a Pair of Oracle Database Firewalls

To set up a resilient pair of Oracle Database Firewalls:

1. Log in to the Administration Console for the current primary Management Server (or the Management Server if you only have one).

   See "Logging in to the Administration Console" for more information.

2. Select the Appliances tab, and in the Resilience menu, click Create Resilient Pair.

3. Use the Primary and Secondary menus to choose the two Oracle Database Firewalls.

   The Status column in the Appliances page shows which Oracle Database Firewall is the primary, and which is the secondary, as shown next. The status is refreshed each time the page is displayed.

   Clicking Unpair removes the two devices from the resilient pair.

4. When setting up an enforcement point, the paired Oracle Database Firewalls are listed together, with a single radio button:

Swapping the Primary and Secondary Oracle Database Firewalls

There is normally no need to manually swap the status of an Oracle Database Firewall from primary to secondary and vice versa, since this is handled automatically in the event of a failure of the primary. However, if there are circumstances where you do want to make the change, such as during a software update:

1. Log in to the Administration Console for the current primary Management Server.

   See "Logging in to the Administration Console" for more information.

2. Select the Appliances tab, and then in the Appliances page, click Swap.

Pairing Enforcement Points

Some high-availability architectures employ two data centers in different locations, each of which has a local database, but which are viewed from the client applications as a single database. In this scenario, you should set up a separate enforcement point for each database and pair the two enforcement points in the Administration Console. Pairing the enforcement points prevents duplicate records from appearing for user role auditing (see Chapter 6, "Configuring and Using Role Auditing") and stored procedure auditing (see Chapter 5, "Configuring Stored Procedure Auditing"), and allows any change to the policy to be automatically applied to both databases.

Note:

There is no concept of a primary and secondary enforcement points; both enforcement points monitor at the same time. High-availability redundancy is achieved only by setting up resilient pairs of Oracle Database Firewalls, and (optionally) resilient pairs of Oracle Database Firewall Management Servers.

To pair two enforcement points:

1. Log in to the Administration Console for the current primary Management Server.

   See "Logging in to the Administration Console" for more information.

2. Select the Monitoring tab in the Administration Console of the primary Oracle Database Firewall Management Server.

3. In the Resilience menu, click Create Pair.

4. Use the Primary and Secondary menus to choose the two enforcement points.

5. Save the changes.

   You can unpair two enforcement points by clicking Unpair in the Enforcement Points page.

Archiving Data

You can archive data from Oracle Database Firewall Management Servers and Oracle Database Firewalls that are in resilient pairs by performing an archive in the normal way from only the primary Oracle Database Firewall Management Server. The secondary Oracle Database Firewall Management Server obtains configuration and SPA/URA audit data automatically from the primary. See "Archiving Data" for more information.

Updating the Oracle Database Firewall Software in Resilient Pairs

Updating the Oracle Database Firewall software with patch updates should not require you to interrupt database monitoring and protection. A patch installation can be carried out for resilient pairs with the primary server remaining online at all times.

When updating Oracle Database Firewall software in resilient pairs, you should first update the secondary server, swap the primary and secondary servers, and then update the new secondary server. This process is described in the Oracle Database Firewall Installation Guide.