Controlling Network Access to Exadata Cloud at Customer
You can control network access to your Oracle Database Exadata Cloud at Customer by listing network addresses that are either invited to connect, or excluded from connecting as follows:
-
You can use Oracle Net Services valid node checking to define a list that Oracle Net Services uses to allow or disallow connections from. You enable and control valid node checking by setting parameters in the
sqlnet.ora
file, which is typically located at$ORACLE_HOME/network/admin/dbname/sqlnet.ora
. Oracle Net Services valid node checking only controls Oracle Net Services connections. Connections by other means, such as SSH, are not arbitrated by Oracle Net Services valid node checking.To enable Oracle Net Services valid node checking, set
TCP.VALIDNODE_CHECKING = yes
in thesqlnet.ora
file. To control Oracle Net Services valid node checking use the following parameters:-
TCP.EXCLUDED_NODES
specifies clients that are denied access to the database. The parameter can be set to a list of host names or addresses and the list may include wildcards for IPv4 addresses and CIDR (Classless Inter-Domain Routing) notation for IPv4 and IPv6 addresses. For example:TCP.EXCLUDED_NODES=(finance.us.example.com, mktg.us.example.com, 192.168.2.25, 172.30.*, 2001:DB8:200C:417A/32)
-
TCP.INVITED_NODES
specifies clients that are allowed access to the database. This list takes precedence over theTCP.EXCLUDED_NODES
parameter if both lists are present. The parameter can be set to a list of host names or addresses and the list may include wildcards for IPv4 addresses and CIDR notation for IPv4 and IPv6 addresses. For example:TCP.INVITED_NODES=(sales.us.example.com, hr.us.example.com, 192.168.*, 2001:DB8:200C:433B/32)
-