This chapter provides an overview of the Oracle DIVAnet 2.3.0 product and explains the general principles of application security.
Oracle DIVAnet provides a unified view of archived content across multiple, distributed Oracle DIVArchive systems. Oracle's DIVArchive is a scalable content storage management system supporting archival to tape libraries and disk systems. DIVAnet facilitates the moving of content back and forth among DIVArchive sites, and from customer Source and Destination servers and disks. It performs its tasks for the purposes of disaster recovery, content distribution, access control, performance, and content availability.
DIVAnet consists of the following major components:
Application clients that want to use the DIVArchive API, or want to use the DIVAnet GUI, connect to the DIVAnet ClientAdapter Service. This DIVAnet service accepts web and socket connections from applications and processes the requests. A ClientAdapter is configured on each site that has applications that are local to the site where DIVArchive and DIVAnet are installed.
The DIVAnet ManagerAdapter Service serves as a bridge between DIVAnet and the Oracle DIVArchive Manager. It must be configured to provide remote access by other DIVAnet systems.
The DIVAnet DbSync Service is responsible for synchronizing asset information from multiple DIVArchive sites, and storing the information in the DIVAnet database. DbSync communicates remotely with ManagerAdapter services on multiple sites to synchronize archived object information. DbSync is typically deployed with the ClientAdapter. The DbSync service and ClientAdapter both require direct access to the DIVAnet database.
DIVAnetUI is a GUI application that enables monitoring DIVAnet requests, and view, copy, and delete DIVAnet assets (DIVA archived objects) across multiple DIVArchive sites. All DIVAnet level requests can be monitored, whether issued through the API or through the UI itself. You can also view asset information for all configured DIVArchive sites, regardless of whether the asset was archived through DIVAnet. DIVAnetUI provides flexible ways of querying both request information and asset information.
The following sections describe the fundamental principles that are required to use any application securely.
Stay current with the version of DIVAnet that you run. You can find current versions of the software for download at the Oracle Software Delivery Cloud:
DIVAnet uses the following TCP/IP ports by default:
tcp/9801 is the default WebService port used by the DIVAnet ClientAdapter
tcp/7101 is the default API socket port used by DIVAnet ClientAdapter (you can configure other ports)
tcp/9800 is the default WebService port used by the DIVAnet ManagerAdapter
Note:
Not all of these ports must be exposed externally, and are based on configuration and usage.The DbSync port (by default, port 9802) should remain blocked for network access outside of the server machine running DIVAnet.
DIVAnet services should not be run as admin or root. Running the services using a different operating system user (than the user used to administer the application) contributes to overall system security.
The DIVanet Linux installer requires two users to complete DIVAnet installation - diva and an operating system user. Administrators and Operators use the diva account to install and monitor DIVAnet. The operating system user controls the DIVAnet services.
Firewalls must restrict ports to only those that are required. DIVAnet contains access control features (briefly described in Access Control) used to restrict users and systems to the least privilege possible.
You must monitor system activity to determine how well DIVAnet is operating and whether it is logging any unusual activity. Check the log files located in the $DIVANET_HOME/Program/log folder.