Presentation is loading. Please wait.

Presentation is loading. Please wait.

5 Copyright © 2006, Oracle. All rights reserved. Securing Grid Control.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "5 Copyright © 2006, Oracle. All rights reserved. Securing Grid Control."— Presentation transcript:

1 5 Copyright © 2006, Oracle. All rights reserved. Securing Grid Control

2 Copyright © 2006, Oracle. All rights reserved. 5 - 2 Objectives After completing this lesson, you should be able to: Describe the security options available for Oracle Management Service and Oracle Management Agent Configure Grid Control for use with proxy servers and through firewalls Authenticate Grid Control administrators using Single Sign-On Configure Grid Control for use with Enterprise User Security

3 Copyright © 2006, Oracle. All rights reserved. 5 - 3 Grid Control Security Grid Control security has two primary goals: Ensuring secure transfer of data between Grid Control components Denying unauthorized users access to Grid Control monitoring data and administrative controls

4 Copyright © 2006, Oracle. All rights reserved. 5 - 4 Securing Grid Control Enterprise Manager Framework Security provides safe and secure communication between the Grid Control components through: Working with security features of Oracle HTTP Server Implementing HTTPS and Public Key Infrastructure (PKI) components for communications between Oracle Management Service ( OMS) and Oracle Management Agents Using Oracle Advanced Security for communications between OMS and the Management Repository

5 Copyright © 2006, Oracle. All rights reserved. 5 - 5 Grid Control Security Framework Grid Control Security Framework provides secure (encrypted) communication between Grid Control components: Agent OMS OMS Repository OHS Web Cache OC4J EM OMS Encrypted channel Encrypted channel

6 Copyright © 2006, Oracle. All rights reserved. 5 - 6 Verify that Oracle Management Agents Are Secure

7 Copyright © 2006, Oracle. All rights reserved. 5 - 7 Managing Agent Registration Passwords Use Grid Control to: Change agent registration passwords Create or remove additional registration passwords

8 Copyright © 2006, Oracle. All rights reserved. 5 - 8 Refusing Nonsecure Uploads Configure OMS to refuse unencrypted uploads. 1.Stop all OMS services. 2.Configure OMS to refuse uploads via HTTP. 3.Start all OMS services. $ emctl secure lock

9 Copyright © 2006, Oracle. All rights reserved. 5 - 9

10 Copyright © 2006, Oracle. All rights reserved. 5 - 10 Securing OMS–Repository Communication To secure communication between the OMS and repository, enable the Oracle Advanced Security Option (ASO) for: 1.Repository 2.OMS 3.Agent monitoring the repository database

11 Copyright © 2006, Oracle. All rights reserved. 5 - 11 Enabling ASO for the Repository Modify ORACLE_HOME/network/admin/sqlnet.ora to request encryption: SQLNET.ENCRYPTION_SERVER SQLNET.CRYPTO_SEED OMR SQLNET.ENCRYPTION_SERVER=REQUESTED SQLNET.CRYPTO_SEED="abcdefg123456789"

12 Copyright © 2006, Oracle. All rights reserved. 5 - 12 Enabling ASO for Each OMS ASO for the OMS is configured through entries in OMS_HOME/sysman/config/emoms.properties. Stop and restart the OMS to implement the new parameters. oracle.sysman.emRep.dbConn.enableEncryption=TRUE oracle.net.encryption_types_client=(DES40C) oracle.net.encryption_client=REQUESTED

13 Copyright © 2006, Oracle. All rights reserved. 5 - 13 Enabling ASO for the Agent Create AGENT_HOME/network/admin/sqlnet.ora as a text file with the following entry: SQLNET.CRYPTO_SEED SQLNET.CRYPTO_SEED="abcdefg123456789"

14 Copyright © 2006, Oracle. All rights reserved. 5 - 14 Securing Application Server Control Stand-alone Application Server Control console may also be configured for secure operation: Stop the stand-alone console: – emctl stop iasconsole Secure the stand-alone console: – emctl secure em Start the stand-alone console: – emctl start iasconsole

15 Copyright © 2006, Oracle. All rights reserved. 5 - 15 Enabling Enterprise Manager Security Framework To enable Enterprise Manager Security Framework, the components must be configured in a specific order: 1.Secure the OMS (done by default in Grid Control R2). 2.For each Oracle Management Agent, stop it, secure it, and restart it: emctl stop agent emctl secure agent emctl start agent 3.When all agents are secure, lock the OMS: emctl secure lock

16 Copyright © 2006, Oracle. All rights reserved. 5 - 16 Configuring Enterprise Manager for Firewalls Before configuring your firewall, consider the following: It should be the last phase of the Enterprise Manager deployment. For existing firewalls, open default Enterprise Manager communication ports until the installation and configuration processes are complete. If enabling Enterprise Manager Framework Security, do not secure the agents until you confirm that HTTP and HTTPS traffic between the agent and Management Repository works. After confirming that the OMS and Oracle Management Agents can communicate, complete the transition into secure mode and change firewall configuration as necessary.

17 Copyright © 2006, Oracle. All rights reserved. 5 - 17 Firewall Configuration for Grid Control Components Firewalls between the browser and the Grid Control console Oracle Management Agent protected by a firewall Management Service protected by a firewall Firewalls between the Management Service and the Management Repository Firewalls between Grid Control and a managed database target Firewalls used with multiple Management Services Firewalls to allow ICMP and UDP traffic for beacons Firewalls when managing Oracle Application Server

18 Copyright © 2006, Oracle. All rights reserved. 5 - 18

19 Copyright © 2006, Oracle. All rights reserved. 5 - 19 Configuring the Agent for Proxy Communication To configure the agent so that it communicates via a proxy server, perform the following steps: 1.Stop the Oracle Management Agent. 2.Add proxy information to AGENT_HOME/sysman/config/emd.properties : – REPOSITORY_PROXYHOST – REPOSITORY_PROXYPORT 3.Start the Oracle Management Agent. Proxy server

20 Copyright © 2006, Oracle. All rights reserved. 5 - 20 Configuring the OMS for Proxy Communication To configure the OMS so that it communicates via a proxy server, perform the following steps: 1.Stop the OMS. 2.Add proxy information to OMS_HOME/sysman/config/emoms.properties. 3.Start the OMS. OHS Web Cache OC4J EM OMSProxy server

21 Copyright © 2006, Oracle. All rights reserved. 5 - 21 Authenticating Grid Control Administrators Grid Control administrators are: Authenticated as repository database users Created and managed through the Grid Control console If desired, administrators may be created, managed, and authenticated via Oracle Single Sign-On.

22 Copyright © 2006, Oracle. All rights reserved. 5 - 22 Oracle Single Sign-On Single Sign-On (SSO) is a component of Oracle Application Server that enables users to log in to Web applications by using a single username and password. Configuring Grid Control to use Single Sign-On is a two-step process: 1.Configure the OMS to use SSO. 2.Add Grid Control users.

23 Copyright © 2006, Oracle. All rights reserved. 5 - 23 Configuring the OMS for SSO To configure the OMS to use SSO, perform the following steps: 1.Stop the OMS. 2.Reconfigure the OMS to use SSO. 3.Start the OMS. emctl config sso - –host - –port - –sid - –pass - –das OHS Web Cache OC4J EM OMS

24 Copyright © 2006, Oracle. All rights reserved. 5 - 24 Enterprise User Security With Enterprise User Security, database users are authenticated through a centralized directory. Instead of storing management credentials for each target database, the OMS may be configured to use Enterprise User Security. Oracle Internet Directory Grid Control

25 Copyright © 2006, Oracle. All rights reserved. 5 - 25 Configuring the OMS for Enterprise User Security To configure an OMS for use with Enterprise User Security, perform the following steps: 1.Stop all OMS services. 2.Edit emoms.properties to enable Enterprise User Security. 3.Start OMS services. OHS Web Cache OC4J EM OMS

26 Copyright © 2006, Oracle. All rights reserved. 5 - 26 Summary In this lesson, you should have learned how to: Describe the security options available for Oracle Management Service and Oracle Management Agent Configure Grid Control for use with proxy servers and through firewalls Authenticate Grid Control administrators using Single Sign-On Configure Grid Control for use with Enterprise User Security

Download ppt "5 Copyright © 2006, Oracle. All rights reserved. Securing Grid Control."

Similar presentations

Chapter 20 Oracle Secure Backup.

Chapter 20 Oracle Secure Backup.
4 Copyright © 2005, Oracle. All rights reserved. Managing the Oracle Instance.

4 Copyright © 2005, Oracle. All rights reserved. Managing the Oracle Instance.
4 Copyright © 2006, Oracle. All rights reserved. Deploying the Oracle Management Agent.

4 Copyright © 2006, Oracle. All rights reserved. Deploying the Oracle Management Agent.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 13: Administering Web Resources.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 13: Administering Web Resources.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Novell iChain ® 2.x Configuration Using the Web Server Accelerator Wizard Cary Andrews Senior Software Engineer Novell, Inc.

Novell iChain ® 2.x Configuration Using the Web Server Accelerator Wizard Cary Andrews Senior Software Engineer Novell, Inc.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.

Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.
EM 12c Cloud Control Architecture.

EM 12c Cloud Control Architecture.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
SETUP AND CONFIGURATIONS WEBLOGIC SERVER. 1.Weblogic Installation 2.Creating domain through configuration wizard 3.Creating domain using existing template.

SETUP AND CONFIGURATIONS WEBLOGIC SERVER. 1.Weblogic Installation 2.Creating domain through configuration wizard 3.Creating domain using existing template.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
Configuring Active Directory Certificate Services Lesson 13.

Configuring Active Directory Certificate Services Lesson 13.
Public Key Infrastructure from the Most Trusted Name in e-Security.

Public Key Infrastructure from the Most Trusted Name in e-Security.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd

Edwin Sarmiento Microsoft MVP – Windows Server System Senior Systems Engineer/Database Administrator Fujitsu Asia Pte Ltd
Session 11: Security with ASP.NET

Session 11: Security with ASP.NET

Similar presentations

Ads by Google