Image fwins_vm_012.gif shows an example of one deployment of Oracle Database Firewall. From top to bottom are the following components:
The existing database clients and applications that you want to monitor with Oracle Database Firewall appear first. These clients and applications connect to each Database Firewall. These clients also connect to a cluster of databases, described later on in this list.
Three Database Firewalls appear next. In this configuration, two Database Firewalls are configured for high availability and a third Database Firewall is separate from the high availability configuration. Each Database Firewall connects to the following components:
A source database that contains the SQL statement traffic to monitor. The standalone Database Firewall connects to one source database and the High Availability Mode pair of Database Firewalls connect to a source database. In this diagram, each cluster has one Oracle Database, one Microsoft SQL Server, and one Sybase Adaptive Server Enterprise.
One Database Firewall Management Server. The Management Server handles reports, archives the repository, and manages the Database Firewalls, policies, alerts, integration.
One policy Analyzer, which creates security policies and runs on a Windows desktop.
There is a third cluster of database products, also containing one Oracle Database, one Microsoft SQL Server, and one Sybase Adaptive Server Enterprise. This cluster represents a remote or local monitor configuration. The remote or local monitor is responsible for forwarding network traffic directly from within a database server. (That is, the monitoring software is installed directly inside the database server.) This database server connects to one Database Firewall and to the set of database clients and applications described earlier in this list.