Learn about the requirements that your system must meet before you can install Oracle Audit Vault and Database Firewall (Oracle AVDF).
3.1 Oracle AVDF Deployment Checklist
Prerequisites or deployment checklist for installing Oracle Audit Vault and Database Firewall.
- Ensure to meet the hardware requirements in sections Product Compatibility Matrix and Oracle Audit Vault and Database Firewall Hardware Requirements.
- Review and follow the sizing requirements mentioned in MOS Note (Doc ID 2092683.1) to ensure hardware has sufficient capacity. Review the sizing whenever there is increase in scale of targets.
- Review, plan, and deploy High Availability in Oracle AVDF.
- Check and resolve the Pre-upgrade RPM Boot Partition Space Check Warning.
- Follow the guidelines in Audit Vault Agent Requirements.
- Follow the guidelines in Host Monitor Requirements.
- Follow the guidelines in Audit Vault Server Post-Installation Tasks.
- Follow the guidelines in Database Firewall Post-Installation Tasks.
3.2 Oracle Audit Vault and Database Firewall Hardware Requirements
Install each Audit Vault Server and each Database Firewall onto its own dedicated x86 64-bit server (or Oracle VM 3.x).
You can use any Intel x86-64-bit hardware platform that is supported by Oracle Audit Vault and Database Firewall's embedded operating system. Oracle Audit Vault and Database Firewall uses Oracle Linux release 7 with the Unbreakable Enterprise Kernel (UEK) version 5. For a list of compatible hardware, refer to Hardware Certification List for Oracle Linux and Oracle VM. This list contains the minimum version of Oracle Linux certified with the selected hardware. All Oracle Linux updates starting with Oracle Linux release 7 as the minimum are also certified unless otherwise noted.
Do not install Audit Vault Server or Database Firewall on a server (or Oracle VM) that is used for other activities, because the installation process formats the server, deleting any existing data and operating systems.
3.2.1 Memory and Space Requirements
Learn about the minimum memory requirements for Oracle Audit Vault and Database Firewall.
Each x86 64-bit server must have the following minimum memory:
Audit Vault Server: 8 GBFoot 1
Database Firewall: 8 GB
3.2.2 Disk Space Requirements
Learn about the minimum disk space requirements for Oracle Audit Vault and Database Firewall (Oracle AVDF).
Each x86 64-bit server must have a single hard drive with a minimum of the following disk space:
Audit Vault Server: 220 GB
Database Firewall: 220 GB
- Oracle Audit Vault and Database Firewall release 20 supports both BIOS and UEFI boot mode. For system with boot disk greater than 2 TB, Oracle AVDF supports booting in UEFI mode only.
- Provisioning disks greater than 4PB each for fresh installation is not optimal. The disks equal to or under 4PB, ensure that only one disk partition is allocated per disk group on each physical disk.
- For appliance hardware specification, refer to Oracle Audit Vault and Database Firewall Sizing Advice (MOS Doc ID 2223771.1).
File System Layout
The installer checks for a number of conditions before allowing the installation or upgrade to be completed. Memory allocation and space checks on specific directories is an important aspect.
A minimum of at least 8 GB of memory is required. You can force the upgrade process to complete if your system has a lower amount of memory (for example 4 GB). However it is not difficult to extend memory for Oracle Audit Vault and Database Firewall installation. Oracle Audit Vault and Database Firewall sends daily reminders to upgrade your system's memory.
The space checks mentioned here are a bare minimum, below which the upgrade is likely to fail.
|File System||Space Check|
27 GB for Audit Vault Server
3.2.3 Network Interface Cards
Learn about the recommended number of network interface cards (NICs) for each x86 64-bit server.
Oracle recommends the following number of network interface cards (NICs) for each x86 64-bit server on which you install the following components:
1 NIC for the Audit Vault Server
At least 1 NIC for a Database Firewall operating as a proxy with no network separation
At least 2 NICs for a Database Firewall deployed in Monitoring (Out-of-Band) or Monitoring (Host Monitor) mode
2 NICs for Database Firewall deployed in Monitoring / Blocking (Proxy) mode with network separation.
At least 3 NICs for a Database Firewall deployed in Monitoring / Blocking (Proxy) mode. These 3 NICs are required for network separation, 1 NIC for management, 2 NICs for client and database network connections.
3.2.4 Fiber Channel Based Multipath in Oracle AVDF
Learn about support for multipath in Oracle AVDF.
Oracle Audit Vault and Database Firewall 20.1 and later supports fiber channel based storage with multipath. The redundant paths in multipath can enhance performance and utilize features like dynamic load balancing, traffic shaping, automatic path management, and dynamic reconfiguration. The connection to the disk can be made through two fiber channel ports.
Here are some important aspects of multipath in Oracle AVDF:
- It is not supported with ISCSI storage.
- It does not support the device xvd*.
- Multipath is supported only for Audit Vault Server installation.
- Multipath is not supported for Database Firewall installation.
- It does not support removable block devices. Check for removable block devices in the system as they can lead to installation failure.
In case there are removable block devices in the system, the following error may be encountered during Audit Vault Server installation:
ERROR: Failed to check if the disk is in multipath Traceback (most recent call last): File "/run/install/repo/partitions.py", line 386, in <module> main() File "/run/install/repo/partitions.py", line 372, in main write_partition_table( None ) File "/run/install/repo/partitions.py", line 322, in write_partition_table part_table = generate_partition_table_data(dev_list) File "/run/install/repo/partitions.py", line 243, in generate_partition_table_data raise RuntimeError("No disks detected") RuntimeError: No disks detected
3.3 Oracle Audit Vault and Database Firewall Software Requirements
Learn about the software requirements for Oracle Audit Vault and Database Firewall.
3.3.1 Java SE Requirement
AVCLI command line utility that the Audit Vault Server
administrator uses and the
avpack utility (which is part of the
software development kit) require Java SE version 8 or 11.
3.3.2 Browser Requirements
Learn about the browser requirements for Oracle Audit Vault and Database Firewall (Oracle AVDF).
Note:See section Supported Browsers for more information on the supported browsers.
3.4 Installing Audit Vault Server on VMware
Important prerequisites for installing Audit Vault Server on VMware.
- You must set VMX configuration parameter disk.EnableUUID to
TRUE. This must be done to enable proper mounting of disks. Without this setting, the Audit Vault Server installation on VMware will fail.
- You must set your virtual machine to use EFI boot. In some
versions of VMware this is done by selecting the VM
Options tab, then expanding Boot
Options, and then choose
EFIin the Firmware field. You must disable secure boot. Do not select the checkbox Enable UEFI secure boot field.
Note:This EFI boot setting is required only for fresh installation of Audit Vault Server specifically when the disk size is more than 2TB. This setting is not required for upgrade.
3.5 Privileges Required to Install Oracle Audit Vault and Database Firewall
Learn about the privileges required to install Oracle Audit Vault and Database Firewall (Oracle AVDF).
Any user can install Oracle Audit Vault and Database Firewall. You do not need administrative privileges to complete the installation.
3.6 Audit Vault Agent Requirements
Learn about the Audit Vault Agent requirements.
Recommended Prerequisites for Installing Audit Vault Agent
- Ensure to meet the system requirements. See Product Compatibility Matrix.
Ensure to meet the following Java requirements:
- Install the supported Java version on the Audit Vault Agent. See Audit Vault Agent: Supported and Tested Java Runtime Environment.
- Apply the latest java patches.
- Point the
JAVA_HOMEto JRE/JDK directory and set the path before installing the Agent.
- The host machine on which the Audit Vault Agent is deployed must have at least 512 MB RAM.
- Apply the latest security patches of OpenSSL libraries available from the OS vendor for the specific OS version on the host machine.
- The host machine on which the Audit Vault Agent is deployed must have connectivity to the Audit Vault Server. In case of high availability set up, it must have connectivity to both the primary and standby Audit Vault Servers.
- The Audit Vault Server uses 2 ports (1521 and 1522 by default) for Agent communication. Ensure to configure the ports appropriately for this communication.
- If NAT (Network Address Translation) is used in the network between Audit Vault Server and the host machine where agent is deployed, then ensure the IP address of the host machine is resolvable from Audit Vault Server.
The user must have the required OS permissions to install the Agent. The user must be able to access the audit trail location in case of directory audit trails. See About Deploying the Audit Vault Agent for the OS permissions required for installing the Agent.
Additional Requirements for Starting Audit Vault Agent as a Service on Windows
Ensure to comply with one of the following prerequisites for Oracle AVDF 20.4 and earlier releases:
- Install Visual C++ Redistributable for Visual Studio 2012 Update 4
package from Microsoft on the Windows host machine.
msvcr110.dllfile is available in
- If the
msvcr110.dllfile is not present, then add it to the
Ensure to comply with one of the following prerequisites for Oracle AVDF 20.6 and later releases:
- Install Visual C++ Redistributable for Visual Studio 2017 package
from Microsoft on the Windows host machine. Ensure
vcruntime140.dllfile is available in
- If the
vcruntime140.dllfile is not present, then add it to the
Note:There is a known issue in Oracle AVDF 20.5 for starting Audit Vault Agent as a service on Windows. See Error When Starting Audit Vault Agent as a Service on Windows in Oracle AVDF 20.5 for complete information. This issue is resolved in release Oracle AVDF 20.6 and later.
3.7 Host Monitor Requirements
Learn about Host Monitor requirements.
Requirements for installing Host Monitor on Windows platform:
- Ensure Audit Vault Agent is running on the database server.
Note and follow Npcap installation details:
For Oracle AVDF release 20.6 and later, Npcap is automatically installed along with the Agent installation. Installing Npcap removes any existing installation of Npcap or WinPcap from the Windows host machine.
For Oracle AVDF release 20.5, Npcap is automatically downloaded along with the Agent software (
agent.jar) file. The Npcap installer file is available under
For Oracle AVDF release 20.4 and earlier, install Npcap that is available in the
avdf20-utility.zipbundle in Oracle Software Delivery Cloud. It is part of the Oracle Audit Vault and Database Firewall installable files. Ensure to install Npcap in WinPcap-API-compatible mode.
- Install the latest version of OpenSSL (1.1.1g or higher) libraries.
- Ensure the Windows target machine has the latest update of Visual C++ Redistributable for Visual Studio 2015
MSVCRT.dll (*)or later) package from Microsoft installed.
Requirements for installing Host Monitor on Linux/Unix/AIX/Solaris platforms:
- Ensure Audit Vault Agent is running on the database server.
Ensure the latest version of the following packages from the OS vendor for the specific OS version are installed on the database server:
- Libcap (for Linux hosts only)
- Ensure gmake is installed for AIX database servers. For other Unix database server types (Linux/Unix/Solaris), ensure make is installed. This is required for Host Monitor to run successfully.
- In case network firewall is present, allow communication on port range 2050 - 5200. This is required for communication in between the database server and the Database Firewall.
- Ensure the Input Output Completion Ports (IOCP) is set to
availablefor IBM AIX on Power Systems (64-bit). It is set to
- Check directory permissions. All the directories in the path of the Host Monitor install location should have 755 as the permission bits starting from the root directory. This is required as the Host Monitor has to be installed in a root owned location.
- Host Monitor has to be installed by the root user.
General requirement for installing Host Monitor: Open port range 2050 - 5200 on the Database Firewall machine for communication.
Enabling and Using Host Monitoring for host monitoring instructions and prerequisites.
Footnote LegendFootnote 1:
In this guide, 1 GB represents 2 to the 30th power bytes or in decimal notation 1,073,741,824 bytes.