Create an Oracle Data Safe On-Premises Connector
You can create an Oracle Data Safe on-premises connector to connect Oracle Data Safe to an Oracle On-Premises Database, or Oracle Database on Compute. You can create up to five Oracle Data Safe on-premises connectors on the On-Premises Connectors page in the Oracle Data Safe service in Oracle Cloud Infrastructure. One on-premises connector instance can support up to 192 active connections.
Prerequisites for Creating an Oracle Data Safe On-Premises Connector
Prior to creating an Oracle Data Safe on-premises connector, be sure to complete the following prerequisite tasks:
- Obtain permission for creating an Oracle Data Safe on-premises connector. See the section called Target Registration Resources in OCI Resources for Oracle Data Safe.
- Ensure that the host(s) on which you plan to install the Oracle Data Safe on-premises connector meets the hardware and software requirements.
Hardware Requirements
Oracle recommends that you install the on-premises connector on a host machine other than your Oracle database host machine. You can, however, install it on the database host machine if needed. In a production environment, Oracle recommends that you install the same on-premises connector on two Linux hosts for high availability. If one of your hosts goes down due to system failure or maintenance, Oracle Data Safe connections automatically fail over to the on-premises connector running on the other host, and the on-going Oracle Data Safe operations are not affected.
Be sure that the host machine on which you are going to install the on-premises connector meets the following hardware requirements:
- Minimum CPU: 2
- Minimum RAM: 16GB
- Minimum local disk storage:
- 5GB, where the on-premises connection software plus log space takes 100 MB
/tmp
space: 100 MB
- Network interface bandwidth: 1Gbps
- Network connectivity:
- Outbound connectivity to Oracle Data Safe
(
accesspoint.datasafe.<region>.oci.oraclecloud.com:443
). Replace<region>
with your region; for example,accesspoint.datasafe.us-ashburn-1.oci.oraclecloud.com
. - Local connectivity to target database listener hosts/ports
- Outbound connectivity to Oracle Data Safe
(
Software Requirements
Be sure that the host machine on which you are going to install the on-premises connector meets the following software requirements:
- Operating system:
- Oracle Linux 7 or higher (Linux x86-64) or
- Red Hat Enterprise Linux (RHEL) 8
- Python 3.5 or higher - If you have multiple versions of Python installed, make sure that you set the default to Python 3.5 or higher, or explicitly provide the Python path when running the commands.
- Java version 7 or higher with a valid Java Home
(
JAVA_HOME
)
Note:
For instructions on how to uninstall, update, stop, and show the status, please refer to theREADME
file that comes with the install
bundle.
Download the Install Bundle for the Oracle Data Safe On-Premises Connector
You can download the install bundle for the on-premises connector from the Connector Detail page in the Oracle Data Safe service.
Install an Oracle Data Safe On-Premises Connector
The Connection Manager, as part of your on-premises connector
installation, establishes a TLS tunnel to a cloud Connection Manager. You can
control outgoing traffic from your host machine to the IP address of the cloud
Connection Manager, which listens on port 443. The address of a cloud Connection
Manager is accesspoint.datasafe.REGIONNAME.oci.oraclecloud.com
. For
example, for the Ashburn region, the address is
accesspoint.datasafe.us-ashburn-1.oci.oraclecloud.com
. You can obtain
the IP address of the cloud Connection Manager by doing a DNS lookup.
The following items are also installed. For more information about these items, see the Database Administrator's Guide.
- Listener control utility (
lsnrctl
) - Connection testing utility (
tnsping
)
High Availability of an On-Premises Connector
If you wish to increase the resilience of your on-premises connector and make it highly available, install another instance of the connector using the same install bundle you downloaded for the first installation on a different host or VM. Up to three instances of the same on-premises connector can be started or installed. Each connector will check in with Oracle Data Safe, and if one connector instance fails or is unreachable, Data Safe will automatically try one of the remaining connectors. You may have up to three copies of the connector running simultaneously.
Related Topics
Check the Status of an On-Premises Connector
To check the status of an on-premises connector, enter the following command:
python setup.py status
Restart an On-Premises Connector
To restart an on-premises connector, run the following command:
python setup.py restart
Creating OS User Service for Existing On-Premises Connectors
By designating the on-premises connector as an operating system(OS) service, you can prevent the on-premises connector from requiring a manual restart after an OS reboot of the on-premises connector's host machine.
To designate an existing on-premises connector as an OS service, run the following command on the on-premises connector:
setup.py osservice --command=create
This command will ensure that the on-premises connector is restarted whenever the OS of the host machine is rebooted.
Update an Oracle Data Safe On-Premises Connector
You can update an Oracle Data Safe On-Premises Connector by downloading a new copy of the install bundle and then running the setup script to perform the update.
The download procedure for creating and updating on-premises
connectors is the same and the bundle includes the same set of
files. However, in the update procedure you must unzip the bundle
files into the same directory where the connector is already
installed, overwriting the existing files. Also, to perform an
update pass the update
argument to the
setup.py
script instead of the
install
argument.
Note:
During the update, the on-premises connector is not able to connect to target databases that may be using it. Connection is reestablished when the update is complete.- Download the install bundle to your local computer
from the Connector Detail page in the Oracle Data Safe service.
See Download the Install Bundle for the Oracle Data Safe On-Premises Connector for the download instructions.
- Upload the bundle to the host where you want to update the connector.
- Unzip the bundle into the directory where the on-premises connector is installed. This overwrites the current files.
- As a user other than
root
, runsetup.py
with theupdate
argument.$ python setup.py update
- Enter the bundle password when prompted for
it.
Enter bundle password:
You should see the following messages:
Data Safe on-premises connector update in progress...
Updating wallet...
Data Safe on-premises connector successfully updated
This completes the update of the on-premises connector.
If you encounter errors during the update, see Troubleshooting Install or Update Issues.
Uninstall an Oracle Data Safe On-Premises Connector
You can use the setup.py
script to uninstall an Oracle Data Safe on-premises connector.
- Log on to the host where the on-premises connector is installed.
- Navigate to the directory where the on-premises connector is
installed. Find the
setup.py
script. - As a user other than root, run
setup.py
with theuninstall
argument.$ python setup.py uninstall
At the prompt, confirm that you want to uninstall the connector:
This will remove the Data Safe on-premises connector, please confirm (Yes/No): yes Data Safe on-premises connector successfully uninstalled
Find the Log Files for an On-Premises Connector
<script_directory>/log/
<script_directory>/oracle_cman_home/log/diag/netcman/<hostName>/cust_cman/trace/cust_cman.log
Troubleshooting Install or Update Issues
- Error message:
Failed to create the tunnels to Data Safe connection manager - for more details check <log file name>
After installation or update, the Oracle Data Safe on-premises connector attempts to connect (or re-connect) to the Oracle Data Safe Connection Manager. This message may not indicate an actual error. It can appear if tunnel creation is slow. To confirm that the connector is working, run the
show tunnels
command. If one or more tunnels (connections) exist, then the on-premises connector can communicate with the Connection Manager and you can ignore this message.$ ./oracle_cman_home/bin/cmctl show tunnels -c cust_cman
CMCTL for Linux: Version 20.0.0.0.0 - Production on 09-OCT-2021 10:45:34 Copyright (c) 1996, 2020, Oracle. All rights reserved. Current instance cust_cman is already started Connecting to (address_list=(address=(protocol=TCPS)(host=localhost)(port=1520))) Number of connections: 12. The command completed successfully.
- If an error occurs during an
update
(for example ifshow tunnels
shows that no tunnels exist), try rerunning theupdate
command. Rununinstall
and then reruninstall
only ifupdate
fails again. This is because after runninguninstall
you may need to reimport the database certificates if TCPS configuration was part of the original installation.