This chapter provides an overview of the DIVArchive product and explains the general principles of application security.
Oracle's DIVArchive is a distributed content storage management system. DIVArchive consists of the following major components:
The DIVArchive Manager is the main component in a DIVArchive System. All archive operations are controlled and handled by the DIVArchive Manager. Operation requests are sent by initiator applications through the DIVArchive Client API. As a purchasable option, DIVArchive also supports Main and Backup DIVArchive Managers. For more information about DIVArchive, see the DIVArchive Software Release 7.3 Customer Documentation Library at:
The DIVArchive Actor is the data mover between devices in the production system. It supports the data transfer between many different types of devices and handles transcode operations with TeleStream Transcoding Software (optional).
All Actor operations are initiated and coordinated by the DIVArchive Manager. A single DIVArchive Manager can configure and control one or more Actors.
Although DIVArchive can be used to only manage disk storage, storage capacity can be further expanded by adding one or more tape libraries. In these cases, the DIVArchive Robot Manager module provides an intermediate software layer for the DIVArchive Manager to interact with many different types of tape libraries. It is connected to the DIVArchive Manager through TCP/IP. The DIVArchive Robot Manager interfaces to the library by using either a direct interface to the library itself (through native SCSI or SCSI over Fiber Channel), or through an intermediate Ethernet connection to the manufacturer's own library control software.
To ensure reliability and monitoring of both the Oracle Database and Metadata Database backups, the DIVArchive Backup Service was introduced.
The DIVArchive Backup Service component is installed as an integral part of the standard DIVArchive System installation. The component is typically installed on the same server as the DIVArchive Manager and Oracle Database. The DIVArchive Backup Service allows for configuration of scheduled backups through its configuration file. The DIVArchive Backup Service manages and monitors the entire backup process.
The DIVArchive Backup Service now incorporates the ability to send out emails of issues arising from the process of backing up the Database and Metadata Database files. To take advantage of this feature, DIVArchive must be configured to connect to an SMTP mail provider. The email notifications are configured through the DIVArchive Configuration Utility under the Manger Setting Tab.
For information about installing and configuring the DIVArchive Backup service, see the DIVArchive Software Release 7.3 Customer Documentation Library at:
The purpose of the Avid Connectivity with DIVArchive is to transfer archival data to and from DIVArchive in specific video formats and enable archiving and retrieval of single clips or a sequence of clips. The AMC and TMC related components are installed along with the main DIVArchive installation. Additional installation is required for certain plugins for both AMC and TMC.
The DIVArchive Drop Folder Monitor (DFM) provides automatic monitoring of newly created files in up to 20 local folders or FTP folders (or combinations thereof). One file or multiple files (in FTP-folders) per DIVArchive Object are supported. When a new file (or FTP folder) is identified, DFM issues an archive request automatically to DIVArchive to archive the new file or folders. Once these files are successfully archived, they are then automatically deleted from the source.
The DIVArchive Simple Network Management Protocol (SNMP) Agent and Management Information Base (MIB) support status and activity monitoring of DIVArchive and its subsystems through a third party monitoring application over the SNMP protocol.
The DIVArchive Storage Plan Manager (SPM) provides automatic migration and life cycling of material within the archive based on the rules and policies defined in the SPM configuration.
The SPM component is also used to trigger deletion of material from SPM managed arrays (based on disk space watermarks).
DIVArchive includes an embedded migration service. It is a new and separate internal (to DIVArchive) service which helps users to schedule and run jobs to migrate content between different media inside of a DIVArchive system. You can use the Control GUI or command line client.
VACP (Video Archive Command Protocol) is a protocol developed by Harris Automation for interfacing to an Archive System. DIVArchive has its own API for communicating with the DIVArchive Manager, which is not compatible with VACP.
The DIVArchive Control GUI (Graphical User Interface) monitors, controls, and supervises operations in DIVArchive. Several DIVArchive GUIs can be running and connected to the same DIVArchive System at the same time.
The DIVArchive Configuration Utility configures a DIVArchive System. Although used primarily for configuration of DIVArchive, some operational functions are also performed from the Configuration Utility.
Access Gateway allows the operation and interaction of multiple independent DIVArchive systems from a single computer. It is the global solution for content distribution. Automated file replication to mirror sites provides a clean and easy method for local distribution, backup, and disaster recovery with security, bandwidth control, and checksum verification. Networks are monitored and DIVAnet ensures final delivery of content.
LYNXLocalDelete is a service that monitors object replication functions between a local DIVArchive System (for example, LYNXlocal) and one (or more) remote DIVArchive Systems (for example, LYNXdr). Once the object has been successfully replicated to the remote DIVArchive System, it is flagged as eligible for deletion from the local DIVArchive System.
The following sections describe the fundamental principles that are required to use any application securely.
Stay current with the version of DIVArchive that you run. You can find current versions of the software for download at the Oracle Software Delivery Cloud:
DIVArchive uses the following TCP/IP ports:
tcp/8500 is used by the DIVArchive Robot Manager
tcp/9000 is used by the DIVArchive Manager
tcp/9300 is used by the DIVArchive Backup Service
tcp/9500 is used by the DIVArchive Access Gateway
tcp/9900 is used by the DIVArchive Actor
tcp/9191 is used by DIVArchive Migrate Service
All DIVArchive services run as a DIVA user. The DIVArchive Control GUI provides three fixed user profiles (Administrator, Operator and User). The Administrator and Operator accounts require a password to obtain access. The DIVArchive System comes installed with default passwords that can be changed any time using the DIVArchive Configuration Utility. If the default passwords are not changed, it leaves the DIVArchive System accessible to possible malicious activity.
Default passwords need to be changed immediately after installation and configuration for both the Administrator and Operator accounts, and every 180 days (minimum) thereafter. Once the change has been made, you must store the passwords in a safe location, offline, where they can be made available for Oracle Support if needed.
Monitor system activity to determine how well DIVArchive is operating and whether it is logging any unusual activity. Check the log files located in the installation directory under /Program/log/.
You can access several sources of security information. For security information and alerts for a large variety of software products, see:
The primary way to keep up to date on security matters is to run the most current version of the DIVArchive software.