H.7 Enabling Agent Connectivity On Secondary NICs for Audit Vault Server

Use this procedure to enable agent connectivity on a secondary network interface card.

After a secondary NIC is online, you can enable it for agent database communication. This topic describes how to enable this agent connectivity on secondary network interface cards.

To enable agent connectivity on secondary network interfaces card for Audit Vault Server:

1. Enable the secondary Network Interface card.
2. Run the following commands to open the appliance configuration file:

   cp /usr/local/dbfw/etc/dbfw.conf /usr/local/dbfw/etc/dbfw.conf.backup

   vi /usr/local/dbfw/etc/dbfw.conf

3. Scroll down to the end of the file, below the new SECONDARY_NIC_1_ keys and add the following to enable incoming agent connections from all addresses:

   # Enable agent connectivity on eth1.

   SECONDARY_NIC_1_AGENT="all"

   Note:

   Optionally, you can replace all with disabled or with a blank string. This disables agent connections on the network interface card.

4. To limit the incoming connections to specific addresses, use a space-separated list of IP addresses as follows:

   SECONDARY_NIC_1_AGENT=”<IP address 1> <IP address 2>”

5. The default ports for agent connections are 1521 and 1522. To use a different port number, add the following keys:

   SECONDARY_NIC_1_AGENT_PORT="21521"

   SECONDARY_NIC_1_AGENT_PORT_TLS="21522"

6. Alternately, replace the values as required:

   cat <<EOF>> /usr/local/dbfw/etc/dbfw.conf
   
   # Enable agent connectivity on eth1.
   SECONDARY_NIC_1_AGENT="all"
   SECONDARY_NIC_1_AGENT_PORT="21521"
   SECONDARY_NIC_1_AGENT_PORT_TLS="21522"
   EOF

7. Run the following commands to apply the configuration changes using the network configuration application:

   /usr/local/dbfw/bin/priv/configure-networking

   /usr/local/dbfw/bin/os_manager execute_script update_connect_string_ip.sh

8. You can view the database listener active configuration by running the following command:

   netstat -pean | grep tnslsnr

   The following output confirms that a listener is waiting for an incoming connection:

   tcp 0 0 127.0.0.1:5700 0.0.0.0:* LISTEN
   503 9423978 13596/tnslsnr
   tcp 0 0 127.0.0.1:1521 0.0.0.0:* LISTEN
   503 9423976 13596/tnslsnr
   tcp 0 0 <IP address>:21521 0.0.0.0:* LISTEN
   503 9423970 13596/tnslsnr
   tcp 0 0 10.170.90.16:1521 0.0.0.0:* LISTEN
   503 9423935 13596/tnslsnr
   tcp 0 0 <IP address>:21522 0.0.0.0:* LISTEN
   503 9423974 13596/tnslsnr
   tcp 0 0 10.170.90.16:1522 0.0.0.0:* LISTEN
   503 9423966 13596/tnslsnr
   tcp 0 0 127.0.0.1:1523 0.0.0.0:* LISTEN
   507 272087 32752/tnslsnr
   tcp 0 0 127.0.0.1:1521 127.0.0.1:10272 ESTABLISHED
   503 9433031 13596/tnslsnr
   tcp 0 0 127.0.0.1:1521 127.0.0.1:10273 ESTABLISHED
   503 9433032 13596/tnslsnr
   unix 2 [ ACC ] STREAM LISTENING 272084 32752/tnslsnr
   /var/tmp/.oracle/sEXTPROC1523
   unix 2 [ ACC ] STREAM LISTENING 272085 32752/tnslsnr
   /var/tmp/.oracle/s#32752.1
   unix 2 [ ACC ] STREAM LISTENING 272088 32752/tnslsnr
   /var/tmp/.oracle/s#32752.2
   unix 2 [ ACC ] STREAM LISTENING 9423930 13596/tnslsnr
   /var/tmp/.oracle/sEXTPROC1521
   unix 2 [ ACC ] STREAM LISTENING 9423931 13596/tnslsnr
   /var/tmp/.oracle/s#13596.1
   unix 2 [ ACC ] STREAM LISTENING 9423979 13596/tnslsnr
   /var/tmp/.oracle/s#13596.2

9. You can now connect to the database on the local network from another computer:

   sqlplus64 avadmin/<password>@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=<IP address>)(PORT=21521))(CONNECT_DATA = (SERVICE_NAME=dbfwdb)))

   Note:

   This connects to the clear text communication port of Audit Vault Server, which you must avoid. Use encrypted communication protocols whenever possible.

   The following output verifies the established connection:

   SQL*Plus: Release 12.1.0.2.0 Production on Wed Oct 12 11:37:00 2016
   Copyright (c) 1982, 2014, Oracle. All rights reserved.
   Last Successful login time: Wed Oct 12 2016 11:36:23 +01:00
   Connected to:
   Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production
   With the Partitioning, Automatic Storage Management, Oracle Label Security, OLAP,
   Advanced Analytics, Oracle Database Vault and Real Application Testing options
   SQL> select 1 from dual;
   1
   ----------
   1
   SQL>

10. Deploy the Audit Vault agent on the host computer.
11. You must upgrade all of the agents. To do this, run the following PL/SQL block as Audit Vault administrator to initiate the auto upgrade process:

    DECLARE 
        hostName VARCHAR2(300 CHAR);
          CURSOR HOST_NAMES
      IS
        SELECT HOST_NAME
        FROM AVSYS.AGENT_VIEW 
        WHERE STATUS IN ('RUNNING');
    BEGIN
    
    OPEN HOST_NAMES;
          LOOP
            FETCH HOST_NAMES INTO hostName;
            EXIT WHEN HOST_NAMES%notfound;
            BEGIN
             AVSYS.ADM.send_update_message(hostName);
          EXCEPTION
              WHEN NO_DATA_FOUND THEN
                -- no host to auto upgrade.
                EXIT;
             END;
          END LOOP;
        CLOSE HOST_NAMES;
    END;

    See Also:

    • Deploying the Audit Vault Agent on the Host Computer

    • Enabling A Secondary Network Interface For Audit Vault Server