1. Installation Guide
  2. Oracle Audit Vault and Database Firewall Pre-Install Requirements

2 Oracle Audit Vault and Database Firewall Pre-Install Requirements

Learn about the requirements that your system must meet before you can install Oracle Audit Vault and Database Firewall (Oracle AVDF).

2.1 Oracle AVDF Deployment Checklist

Prerequisites or deployment checklist for installing Oracle Audit Vault and Database Firewall.

  1. Ensure to meet the hardware requirements in sections Product Compatibility Matrix and Oracle Audit Vault and Database Firewall Hardware Requirements.
  2. Review and follow the sizing requirements mentioned in My Oracle Support Doc ID 2092683.1 to ensure hardware has sufficient capacity. Review the sizing whenever there is increase in scale of targets.
  3. Review, plan, and deploy High Availability in Oracle AVDF.
  4. Check and resolve the Ensure That the Boot Partition Has at Least 500 MB.
  5. Follow the guidelines in Audit Vault Agent Requirements.
  6. Follow the guidelines in Host Monitor Agent Requirements.
  7. Follow the guidelines in Audit Vault Server Post-Installation Tasks.
  8. Follow the guidelines in Database Firewall Post-Installation Tasks.

2.2 Oracle Audit Vault and Database Firewall Hardware Requirements

Install each Audit Vault Server and each Database Firewall onto its own dedicated x86 64-bit server or virtual machine (VM).

Caution:

Don't install the Audit Vault Server or Database Firewall on a server or VM that is used for other activities, because the installation process formats the server, which deletes existing data and operating systems.

See unresolvable-reference.html#GUID-BE3DB19A-1D33-4813-8A3E-45CE59987C56 for all supported hardware and virtualization platforms.

2.2.1 Memory and Space Requirements

Learn about the minimum memory requirements for Oracle Audit Vault and Database Firewall.

Each x86 64-bit server must have the following minimum memory:

  • Audit Vault Server: 8 GBFoot 1

    Note:

    • System memory reduction is not supported in Audit Vault Server after installation. However, you may increase system memory with no restrictions from AVDF as long as a reboot of AVDF is performed.
    • For Oracle AVDF 20.1, Audit Vault Server uses HugePages to manage memory for the embedded Oracle Database.

  • Database Firewall: 8 GB

2.2.2 Disk Space Requirements

Learn about the minimum disk space requirements for Oracle Audit Vault and Database Firewall (Oracle AVDF).

Each x86 64-bit server must have a single local hard drive with a minimum of the following disk space:

  • Audit Vault Server: 370 GB

  • Database Firewall: 220 GB

Note:

  • Oracle AVDF must be installed on the appliance's local disk storage. SAN storage is not supported as the default storage and boot device.

  • Any additional disks on Audit Vault Sever must be greater in size than the first disk.
  • Oracle Audit Vault and Database Firewall release 20 supports both BIOS and UEFI boot mode. For system with boot disk greater than 2 TB, Oracle AVDF supports booting in UEFI mode only.
  • Provisioning disks greater than 4PB each for fresh installation is not optimal. The disks equal to or under 4PB, ensure that only one disk partition is allocated per disk group on each physical disk.
  • For appliance hardware specification, refer to Oracle Audit Vault and Database Firewall Sizing Advice ( My Oracle Support Doc ID 2092683.1).

File System Layout

The installer checks for a number of conditions before allowing the installation or upgrade to be completed. Memory allocation and space checks on specific directories is an important aspect.

A minimum of at least 8 GB of memory is required. You can force the upgrade process to complete if your system has a lower amount of memory (for example 4 GB). However it is not difficult to extend memory for Oracle Audit Vault and Database Firewall installation. Oracle Audit Vault and Database Firewall sends daily reminders to upgrade your system's memory.

The space checks mentioned here are a bare minimum, below which the upgrade is likely to fail.

File System Space Check

/home

100 MB

/usr/local/dbfw

200 MB

/usr/local/dbfw/tmp

7.5 GB

/var/lib/oracle

31 GB for Audit Vault Server

/

2 GB

/tmp

1.4 GB

/var/dbfw

100 MB

/var/log

100 MB

/var/tmp

5 GB

/boot

1 GB

2.2.3 Network Interface Cards

Learn about the recommended number of network interface cards (NICs) for each x86 64-bit server.

Oracle recommends the following number of network interface cards (NICs) for each x86 64-bit server on which you install the following components:

Table 2-1 Number of Network Interface Cards (NIC) Recommended for AVDF Appliances

AVDF Appliance Minimum Number of NICs Recommended
Audit Vault Server 1
Database Firewall deployed in Monitoring (Out-of-Band) mode 2
Database Firewall deployed in Monitoring (Host Monitor) mode 2
Database Firewall deployed in Monitoring / Blocking (Proxy) mode without network separation. 1
Database Firewall deployed in Monitoring / Blocking (Proxy) mode with network separation. 3

1 NIC for management, 2 NICs for client and database network connections.

See Also:

Introduction to Oracle Database Firewall Deployment

2.2.4 Fiber Channel Based Multipath in Oracle AVDF

Learn about support for multipath in Oracle AVDF.

Oracle Audit Vault and Database Firewall 20.1 and later supports fiber channel based storage with multipath. The redundant paths in multipath can enhance performance and utilize features like dynamic load balancing, traffic shaping, automatic path management, and dynamic reconfiguration. The connection to the disk can be made through two fiber channel ports.

Here are some important aspects of multipath in Oracle AVDF:

  • It is not supported with ISCSI storage.
  • It does not support the device xvd*.
  • Multipath is supported only for Audit Vault Server installation.
  • Multipath is not supported for Database Firewall installation.
  • It does not support removable block devices. Check for removable block devices in the system as they can lead to installation failure.

Note:

In case there are removable block devices in the system, the following error may be encountered during Audit Vault Server installation:

ERROR: Failed to check if the disk is in multipath
Traceback (most recent call last):
  File "/run/install/repo/partitions.py", line 386, in <module>
    main()
  File "/run/install/repo/partitions.py", line 372, in main
    write_partition_table( None )
  File "/run/install/repo/partitions.py", line 322, in write_partition_table
    part_table = generate_partition_table_data(dev_list)
  File "/run/install/repo/partitions.py", line 243, in generate_partition_table_data
    raise RuntimeError("No disks detected")
RuntimeError: No disks detected

2.3 Oracle Audit Vault and Database Firewall Software Requirements

Learn about the software requirements for Oracle Audit Vault and Database Firewall.

2.3.1 Java SE Requirement

The AVCLI command line utility that the Audit Vault Server administrator uses and the avpack utility (which is part of the software development kit) require Java SE version 8 or 11.

Java 8 was deprecated in Oracle AVDF 20.9, and it will be desupported in one of the future releases.

Related Topics

2.3.2 Browser Requirements

Learn about the browser requirements for Oracle Audit Vault and Database Firewall (Oracle AVDF).

Note:

See section Supported Browsers for more information on the supported browsers.

2.3.3 Target Requirements

For targets that are on Oracle Solaris running the LDoms Manager service, svc:/ldoms/ldmd:default, ensure that the target is using LDoms version 3.2.0.1 or later.

2.4 Installing Audit Vault Server on VMware

Important prerequisites for installing Audit Vault Server on VMware.

  • You must set VMX configuration parameter disk.EnableUUID to TRUE. This must be done to enable proper mounting of disks. Without this setting, the Audit Vault Server installation on VMware will fail.
  • You must set your virtual machine to use EFI boot. In some versions of VMware this is done by selecting the VM Options tab, then expanding Boot Options, and then choose EFI in the Firmware field. You must disable secure boot. Do not select the checkbox Enable UEFI secure boot field.

Note:

This EFI boot setting is required only for fresh installation of Audit Vault Server specifically when the disk size is more than 2TB. This setting is not required for upgrade.

2.5 Privileges Required to Install Oracle Audit Vault and Database Firewall

Learn about the privileges required to install Oracle Audit Vault and Database Firewall (Oracle AVDF).

Any user can install Oracle Audit Vault and Database Firewall. You do not need administrative privileges to complete the installation.

2.6 Audit Vault Agent Requirements

Learn about the Audit Vault Agent requirements.

Note:

Starting in Oracle AVDF 20.9, you can use agentless collection instead of the Audit Vault Agent for up to 20 Oracle Database table audit trails. Starting in Oracle AVDF 20.10, you can also use agentless collection for Microsoft SQL Server directory audit trails for .sqlaudit and .xel (extended events). The total number of audit trails for agentless collection should not exceed 20. See Adding Audit Trails with Agentless Collection.

Recommended Prerequisites for Installing Audit Vault Agent

  1. Ensure that you meet the system requirements. See Product Compatibility Matrix.

  2. Ensure that you meet the following Java requirements:

  3. Ensure that the host machine on which the Audit Vault Agent is deployed has at least 512 MB RAM.
  4. Apply the latest security patches for the OpenSSL libraries that are available from the OS vendor for the specific OS version on the host machine.

  5. Ensure that the host machine on which the Audit Vault Agent is deployed has connectivity to the Audit Vault Server.

    In a high availability environment, it must have connectivity to both primary and standby Audit Vault Servers.

  6. Ensure that two Audit Vault Server ports (1521 and 1522 by default) are configured for communication with the Audit Vault Agent.
  7. If you use Network Address Translation (NAT) in the network between the Audit Vault Server and the host machine where the agent is deployed, then ensure that the IP address of the host machine is resolvable from the Audit Vault Server.

  8. Ensure that the user has the required OS permissions to install the agent.

    For directory audit trails, the user must be able to access the audit trail location. See About Deploying the Audit Vault Agent for the OS permissions that are required for installing the agent.

  9. Ensure that the Audit Vault Agent home directory is access protected.

    Only the Agent user should have write or execute permissions on the agent home directory.

  10. Ensure that the Audit Vault Agent host machine system settings are access protected to prevent malicious users from making modification.

  11. Ensure that the system time of the Audit Vault Agent and the target are synchronized.

    They can be in different time zones. The time difference between these two systems (considering time zone conversion) should not exceed two seconds.

Additional Requirements for Starting the Audit Vault Agent as a Service on Windows

For Oracle AVDF 20.4 and earlier releases, comply with one of the following prerequisites:

  • Install the Visual C++ Redistributable for Visual Studio 2012 Update 4 package from Microsoft on the Windows host machine.

    Ensure that the msvcr110.dll file is available in the C:\Windows\System32 directory.

  • If the msvcr110.dll file is not present, then add it to the <Agent Home>/bin and <Agent Home>/bin/mswin-x86-64 directories.

For Oracle AVDF 20.6 and later releases, comply with one of the following prerequisites:

  • Install the Visual C++ Redistributable for Visual Studio 2017 package from Microsoft on the Windows host machine.

    Ensure that the vcruntime140.dll file is available in the C:\Windows\System32 directory.

  • If the vcruntime140.dll file is not present, then add it to the <Agent Home>/bin and <Agent Home>/bin/mswin-x86-64 directories.

Note:

There is a known issue in Oracle AVDF 20.5 for starting Audit Vault Agent as a service on Windows. See Error When Starting Audit Vault Agent as a Service on Windows in Oracle AVDF 20.5 for complete information. This issue is resolved in Oracle AVDF 20.6 and later.

2.7 Host Monitor Agent Requirements

The Host Monitor Agent has different requirements for installation, depending on the platform.

To install the Host Monitor Agent on the Windows platform, follow these requirements:

  • Ensure that the Audit Vault Agent is running on the database server machine.

  • Follow the Npcap installation requirements for your Oracle Audit Vault and Database Firewall (Oracle AVDF) release.

    Host Monitoring on Windows requires Npcap for capturing network traffic.

    • For Oracle AVDF release 20.6 and later, Npcap is automatically installed along with the agent installation.

      Installing Npcap removes any existing installation of Npcap or WinPcap from the Windows host machine.

    • For Oracle AVDF release 20.5, Npcap is automatically downloaded along with the agent software (agent.jar) file.

      Use the Npcap installer file that is available under the Agent_Home\hm directory.

    • For Oracle AVDF release 20.4 and earlier, install Npcap from the avdf20-utility.zip bundle on Oracle Software Delivery Cloud. It is part of the Oracle AVDF installable files. Select the WinPcap-API-compatible option when installing Npcap.

  • Install the latest version of the OpenSSL (1.1.1g or higher) libraries.
  • Ensure that the Windows target machine has the latest update of the Visual C++ Redistributable for Visual Studio 2015 (MSVCRT.dll (*) or later) package from Microsoft installed.

  • If a network firewall is present, allow communication on port range 2050 - 5200.

    This is required for communication between the database server and the Database Firewall.

To install the Host Monitor Agent on a Linux, Unix, AIX, or Solaris platform, follow these requirements:

  • Ensure that the Audit Vault Agent is running on the database server machine.

  • Ensure that the latest version of the following packages from the operating system vendor are installed for the specific operating system version on the database server machine:

    • Libcap (for Linux hosts only)
    • LibPcap
    • OpenSSL

      OpenSSL 1.1.1 and earlier on Windows platforms was deprecated in Oracle AVDF 20.11, and it will be desupported in one of the future releases. To prevent issues, you should move to OpenSSL 3.0.13 or later.

  • Ensure that gmake is installed for AIX database servers.

    For other Unix database server types (Linux, Unix, or Solaris), ensure that make is installed. This is required for the Host Monitor Agent to run successfully.

  • If a network firewall is present, allow communication on port range 2050 - 5200.

    This is required for communication between the database server and the Database Firewall.

  • Ensure that the input output completion ports (IOCP) setting is available for IBM AIX on Power Systems (64-bit).

    It's set to defined by default.

  • Ensure that all directories in the path of the Host Monitor Agent install location have 755 as the permission bits, starting from the root directory.

    This is required because the Host Monitor Agent has to be installed in a root-owned location.

  • Ensure that the Host Monitor Agent is installed by the root user.

Related Topics

See Also:

Enabling and Using Host Monitoring for host monitoring instructions and prerequisites.


Footnote Legend

Footnote 1:

In this guide, 1 GB represents 2 to the 30th power bytes or in decimal notation 1,073,741,824 bytes.