Changes in This Release for Oracle Database Net Services Administrator's Guide

Review the changes in Oracle Database Net Services Administrator's Guide for Oracle Database 19c.

New Features

These are the new features and enhancements available with Oracle Database 19c.

Identity and Access Management Integration with Additional Oracle Database Environments

Available for Oracle Database release 19.16, Oracle Cloud Infrastructure (OCI) Identity and Access Management (IAM) users can log in to additional Oracle Database Environments.

For a list of the supported Oracle Database environments, see Oracle Database Security Guide.

Ability to Use the IAM User Name and IAM Database Password to Retrieve a Database Token

Retrieving an IAM database token using the IAM user name and IAM database password or secure external password store (SEPS) is more secure than using the password verifier method of database access. You can configure the database client to request this token directly from an OCI IAM endpoint.

The new sqlnet.ora or tnsnames.ora parameters enable you to configure this authentication method and specify the IAM endpoint along with additional metadata. These parameters are PASSWORD_AUTH, OCI_IAM_URL, OCI_TENANCY along with optional OCI_COMPARTMENT and OCI_DATABASE.

See Connecting to the Database and Oracle Database Security Guide.

Microsoft Azure Active Directory Integration with Additional Oracle Database Environments

Available for Oracle Database release 19.16, Microsoft Azure Active Directory (Azure AD) users can log in to additional Oracle Database environments with their Azure AD OAuth2 access token.

For a list of the supported Oracle Database environments, see Oracle Database Security Guide.

Azure AD Integration with Oracle Autonomous Cloud Databases

Available for Oracle Autonomous Database in June 2022, Azure AD users can log in to Oracle Cloud Infrastructure (OCI) Autonomous Database (Shared Infrastructure) with their Azure AD OAuth2 access token.

OCI Oracle Autonomous Database now can accept Azure AD OAuth2 tokens to access the database. Azure AD users can access the database directly using their Azure AD tokens, and applications can use their service tokens to access the database.

See Connecting to the Database and Oracle Database Security Guide.

IAM Integration with Oracle Autonomous Cloud Databases

Available for Oracle Database release 19.13, IAM users can log in to Oracle Autonomous Database using either database password or token-based authentication.

An IAM ADMIN user can configure both the authentication and authorization of IAM users and IAM groups. An IAM user can log in to Oracle Autonomous Cloud Databases using tools, such as SQL*Plus or SQLcl.

See Connecting to the Database and Oracle Database Security Guide.

One-Way Transport Layer Security (TLS)

This feature allows you to configure one-way TLS (server authentication). With this method, only the database server authenticates to the client by presenting its certificate issued by Certificate Authority (CA) and the client verifies whether the database server certificate is valid.

An Oracle client wallet with the server certificate is not required if the database server certificate is signed by a trusted common root certificate that is already installed in the local system default certificate store.

See About TCP/IP with TLS Protocol.

SQL*Net: Auto-Detection of Support for Out-of-Band Breaks

This feature automatically probes the network path between the client and the server in order to determine the status of out-of-band support, and automatically enable or disable it.

Out-of-band breaks were enabled by default for UNIX platforms in past releases. However, this configuration causes numerous problems when network devices on the path between the client and the server do not allow out-of-band data to pass through. This data may either be dropped or inlined leading to server-side problems such as Transparent Network Substrate (TNS) errors or data corruption. These problems are often very hard to diagnose. The solution is to turn off usage of out-of-band data manually by setting a sqlnet.ora parameter.

See About Advanced Profile Information.

Oracle Network Log File Segmentation

This feature allows you to configure the maximum size and number of text log files for Oracle Network components, such as Oracle Net Listener, Connection Manager (CMAN), and global services manager. See Oracle Network Log File Segmentation.

Websocket Support for Database Client/Server Communication

The secure web socket connection establishment is designed to work over HTTPS to support HTTPS proxies and intermediary proxies. The Database client connection supports secure websocket protocol. This protocol offers a native connection to the database with minimum protocol overhead.

See About Websocket Protocol.

Easy Connect Plus

The Easy Connect syntax that applications use to connect to Oracle Database has improved functionality. The new version is called Easy Connect Plus.

Easy Connect Plus simplifies Oracle Database application configuration and deployment for common use cases. With Easy Connect Plus, you no longer need to configure Oracle Net parameter files such as tnsnames.ora and sqlnet.ora. Easy Connect Plus also no longer requires you to set the TNS_ADMIN environment variable.

See Support for Easy Connect Plus.

Deprecated Features

These features are deprecated in this release and may be desupported in a future release.

Deprecation of the SERVICE_NAMES Initialization Parameter

Starting with Oracle Database 19c, customer use of the SERVICE_NAMES parameter is deprecated. It can be desupported in a future release.

The use of the SERVICE_NAMES parameter is no longer actively supported. It must not be used for high availability (HA) deployments. It is not supported to use service names parameter for any HA operations. This restriction includes FAN, load balancing, FAILOVER_TYPE, FAILOVER_RESTORE, SESSION_STATE_CONSISTENCY, and any other uses.

To manage your services, Oracle recommends that you use the SRVCTL or GDSCTL command line utilities, or the DBMS_SERVICE package.

Note:

The SERVICE_NAMES parameter that is deprecated is different from the SERVICE_NAME parameter in Oracle Net connect strings. The SERVICE_NAME parameter is still valid.

Deprecation of Weak Native Network Encryption and Integrity Algorithms

The DES, DES40, 3DES112, 3DES168, RC4_40, RC4_56, RC4_128, RC4_256, and MD5 algorithms are deprecated in this release.

As a result of this deprecation, Oracle recommends that you review your network encryption and integrity configuration to check if you have specified any of the deprecated weak algorithms.

To transition your Oracle Database environment to use stronger algorithms, download and install the patch described in My Oracle Support note 2118136.2.