SlideShare ist ein Scribd-Unternehmen logo

From my PC to Oracle remote database

Kirill Loifman
Kirill Loifman

Best practices on Oracle remote database connection technics including remote database connection setup, firewall tunneling, public key (SSH RSA) Linux authentication, secure password store, proxy authentication and other undocumented security tips. !!! All Demos on http://www.youtube.com/dadbman !!!

Software
1 von 28
LIVE ADVENTURE - FROM MY PC TO ORACLE REMOTE DATABASE Kirill Loifman dadbm.com Germany
2 WHO IS KIRILL LOIFMAN • Working with Oracle since 1996 • Full-time DBA expirience on Unix AIX, OpenVMS, Tru64, HP-UX, Linux • Database architect at adidas • OCP DBA 9i,10g,11g,.. • Blogger, speaker & a father • Contacts www: dadbm.com Twitter: @loifmkir Google.com/+Dadbm Facebook, LinkedIn, Xing …
3 DOAG ABOUT ME IN CONFERENCE BROCHURE
End-User / Windows Client Oracle database 11gR2 on Linux Host name: dadbm-host Host name virtual: dadbm-vip DB name: orcl Port: 1521 4 OUR JOURNEY SCENARIO Our GOALs: • Establish remote connection from Client PC to Remote Oracle database via Firewall • Connect to any database user without password • Simplify further database connection attempts • Explore a few security points along the way
5 WHAT WE NEED TO ACHIEVE OUR GOAL • Oracle database -> Yes • Network interface • Firewall ports to be opened -> can bypass this • Oracle listener -> Yes • Oracle Client installable -> optional • Oracle client utilitty -> Yes • Oracle database user -> Can trick with this • Oracle user password -> Can simplify this • tnsnames.ora -> optional …. • …
6 CONFIGURE DATABASE SIDE • Ins tall Oracle binaries • Startup Oracle database • Configure Oracle listener, or maybe NOT configure... • Static vs Dynamic listener registration • Tool Set (Linux): OUI (runInstaller), dbca, SQL*Plus (sqlplus), lsnrctl, netmgr, …
7 CONFIGURE CLIENT SIDE • W hich Oracle client to use • Oracle OCI Client / Instant Client vs JDBC thing client • Client tool set (Windows) • ping tnsping telnet Putty OUI SQL*Plus, regedit • Install Oracle Client properly (OUI) • http://www.dadbm.com/how-to-install-oracle-11gr2-64-bit-client-on-windows-7/ • http://www.dadbm.com/oracle-11gr2-client-installation-on-windows-7-troubleshooting/ • Identify and configure your Oracle Client environment => …
8 CONFIGURE CLIENT SIDE - CONTINUE • Ide ntify / configure your Oracle environment • ORACLE_HOME • OUI; SQL*Plus; “set” if set as OS environment variable • C:oracleproduct11.2.0client_1 • TNS_ADMIN (optional) • “set” if set as OS environment variable • C:oracleproduct11.2.0client_1networkadmin • NLS_LANG • regedit (might not be accessable) -> SQL*Plus • Create a connection string in %TNS_ADMIN%tnsnames.ora • orcl=(description=(address=(protocol=tcp)(host=dadbm-vip)( port=1521))(connect_data=(service_name=orcl))))
9 DATABASE POTENTIAL CONNECTION WAYS sqlplus user/pass@orcl # tnsnames.ora sqlplus user/pass@'(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=dadbm-vip)( 1521=1521))(CONNECT_DATA=(SERVICE_NAME=orcl)))' sqlplus user@'(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=dadbm-vip)( HOST=1521))(CONNECT_DATA=(SID=orcl)))' sqlplus user/pass@//dadbm-vip:1521/orcl # EZCONNECT (sqlnet.ora) sqlplus user@'//dadbm-vip:1521/orcl' # without password sqlplus user@'//dadbm-vip/orcl' # default port jdbc:oracle:thin:@dadbm-vip:1521/orcl # custom JDBC url jdbc:oracle:thin:user@dadbm-vip:1521:orcl jdbc:oracle:oci:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=dadbm-vip)( 1521=1521))(CONNECT_DATA=(SERVICE_NAME=orcl)))
10 FIREWALL ISSUE • 1 st Problem – tnsping does NOT respond • ping <dadbm-host-ip> -> ping works! • tnsping orcl -> timed out • telnet <dadbm-vip> 1521 -> Connect failed => Potential issue with Firewall => Need a solution! - Proper solution -> Ask Security to open a DB listener port in Firewall Source IP Source Zone Destination IP Destination Zone Destination Port <Client PC IP> LAN/WAN <dadbm-vip> DMZ 1521 - Adventure solution -> Firewall Tunneling
11 FIREWALL TUNNELING • A dventure solution steps • SSH port 22 is usually open in Firewalls by default • Request a Linux user on database host • Use Putty Firewall Tunneling feature - Menu Connection -> SSH -> Tunnels - Add a Tunnel with Source port „8822“ to Destination „dadbm-vip:1521“ • Adjust DB connection string on the client as following: orcl=(description=(address=(protocol=tcp)(host=127.0.0.1) (port=8822))(connect_data=(service_name=orcl)))
12 FIREWALL TUNNELING – CONTINUE SSH Server Local clients can access the remote DB server by connecting to <mycomputer>:8822
13 DATABASE CONNECTION TEST – STEP1 1) P ing your host and database listener ping dadbm-host telnet 127.0.0.1 8822 tnsping (description=(address=(protocol=tcp)(host=127.0.0.1)(port=8822)) (connect_data=(service_name=orcl))) tnsping orcl tnsping 127.0.0.1:8822/orcl DEMO 2…
14 DATABASE USER REQUIRED • S olutions against missing database user  - Proper solution -> Ask DBAs to create a user - Adventure solutions -> See Demo
15 DATABASE CONNECTION TEST – STEP2 2) E stablish a database connection sqlplus dadbm@orcl as sysdba sqlplus dadbm@orcl sqlplus dadbm@'(description=(address=(protocol=tcp)(host=127.0.0.1)(port =8822))(connect_data=(service_name=orcl)))' sqlplus dadbm@'//127.0.0.1:8822/orcl' jdbc:oracle:thin:@127.0.0.1:8822/orcl jdbc:oracle:oci:@127.0.0.1:8822/orcl DEMO 3…
16 DATABASE CONNECTION TROUBLESHOOTING • Following connection errors may arise ORA-12154: TNS:could not resolve the connect identifier specified ORA-12198: TNS:could not find path to destination ORA-12203: TNS:unable to connect to destination ORA-12533: TNS:illegal ADDRESS parameters TNS-12541: TNS:no listener … • Use a following post on dadbm.com to troubleshoot http://www.dadbm.com/how-to-troubleshoot-oracle-remote-database-connection/
17 AVOID DB PASSWORD USING SECURE PASSWORD STORE 1) Configure Oracle Client environment for Oracle Wallet • tnsnames.ora file orcl = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 127.0.0.1)(PORT = 8822)) (CONNECT_DATA = (SERVICE_NAME = orcl)) ) • sqlnet.ora file WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = C:oracleproduct11.2.0client_1networkadmin)) ) SQLNET.WALLET_OVERRIDE = TRUE
18 SECURE PASSWORD STORE - CONTINUE 2) Create a wallet on the client mkstore -wrl <wallet_location> -create mkstore -wrl %TNS_ADMIN% -create Enter password: <= Choose wallet password and remember it Enter password again: Directory of C:oracleproduct11.2.0client_1networkadmin 12-Jun-14 12:39 3,589 cwallet.sso # Auto login wallet file 12-Jun-14 12:39 3,512 ewallet.p12 # PKCS#12 wallet file 12-Jun-14 12:26 644 sqlnet.ora 04-Jun-14 22:49 15,237 tnsnames.ora
19 SECURE PASSWORD STORE - CONTINUE 3) Create database connection credentials in the wallet mkstore -wrl %TNS_ADMIN% -createCredential <alias> <user> <passwd> mkstore -wrl %TNS_ADMIN% -createCredential orcl dadbm ora4u Enter password: <= Wallet password 4) Managing External Password Store Credentials mkstore -wrl %TNS_ADMIN% -listCredential mkstore -wrl %TNS_ADMIN% -createCredential orcl1 dadbm9 pass mkstore -wrl %TNS_ADMIN% -modifyCredential orcl1 dadbm9 newpassword mkstore -wrl %TNS_ADMIN% -deleteCredential orcl1
20 SECURE PASSWORD STORE - CONTINUE 5) Connect to a database without a password sqlplus /@orcl 6) Notes • DB does not know about your secure password store and vice versa • <DB alias> is unique in Wallet -> for different user create another alias • Wallet can be generated somewhere else and copied to you client • Extended Wallet management with orapki utility • More details in MOS DOC ID 340559.1 DEMO 4…
CONNECT TO ANOTHER USER WITHOUT A PASSWORD Footer 14/03/2012 21 • Adventure solution => Enable Proxy Authentication 1) Use dadbm as proxy user and create more proxy clients: grant connect,resource to dadbm1 identified by adJIk3909sdfj; grant connect,resource to dadbm2 identified by g7fk3kZfdhl05; alter user dadbm1 grant connect through dadbm; 2) Connect to a database with proxy user and secure password store sqlplus proxy_user[proxy_client]@orcl sqlplus [dadbm1]@orcl sqlplus /@orcl or SQL>conn [dadbm1]@orcl alter session set current_schema=dadbm2;
22 ENABLE PROXY AUTHENTICATION - CONTINUE 3) Check who you are select sys_context('USERENV','PROXY_USER') PROXY_USER, sys_context('USERENV','SESSION_USER') SESSION_USER, sys_context('USERENV','CURRENT_SCHEMA') CURRENT_SCHEMA from dual; PROXY_USER SESSION_USER CURRENT_SCHEMA -------------------- -------------------- -------------------- DADBM DADBM1 DADBM2 4) More information select * from dba_proxies; select * from proxy_roles;
23 SIMPLIFY CONNECTION TO DATABASE • Create 2 files sql.bat and proxy.sql on the client # sql.bat SET LOCAL=%1 sqlplus /@%LOCAL% %2 # proxy.sql set verify off alter user &&1 grant connect through dadbm; connect [&&1]@&_CONNECT_IDENTIFIER show user • Ask for extra grant to my user dadbm: grant alter user to dadbm; • Connect to any TNS alias using sql.bat and to any DB user with proxy.sql sql orcl DADBM@orcl+>@proxy dadbm1 USER is "DADBM1" DADBM1@orcl+> DEMO 5…
24 SIMPLIFY CONNECTION TO LINUX BOX • D o we need a user password to connect to a Linux box? • Setup Public-key (SSH RSA) authentication • Use Putty tool set • puttygen.exe -> Generate SSH2-RSA keys • pscp.exe -> transfer Public key to Linux server • putty.exe -> Authenticate with Private key file • putty_auth_agent.bat -> enter keypass just once -> Establish Linux connection withOUT password DEMO 6…
25 LIVE ADVENTURE EXERCISE SUMMARY • Setting up the database and server connections this way will simplify the day-to-day tasks of DBAs and developers. • But think about security! That was just a playground! • Firewall tunneling and Secure Password Store are supported by other tools • Get your servers listed using other fancy GUIs • MTPutty • MRemoteNG • MobaXTerm • …
26 EXTEND YOUR TOOL SET
27 Wir machen Deutschlands Daten sicher(er)! Eine Community für DBAs, die aktiv die Daten Ihrer Datenbanksysteme schützen wollen oder müssen. Wir erarbeiten sinnvolle Konzepte und tauschen unser Wissen aus. https://blogs.oracle.com/SecurityDE/entry/db_sec urity_community_wurde_gegr%C3%BCndet Email to join: carsten.muetzlitz@oracle.com
??? THANK YOU! Kirill Loifman www.dadbm.com

Empfohlen

Reduce planned database down time with Oracle technology
Reduce planned database down time with Oracle technologyReduce planned database down time with Oracle technology
Reduce planned database down time with Oracle technology
Kirill Loifman
 
Oracle database high availability solutions
Oracle database high availability solutionsOracle database high availability solutions
Oracle database high availability solutions
Kirill Loifman
 
Oracle 12c PDB insights
Oracle 12c PDB insightsOracle 12c PDB insights
Oracle 12c PDB insights
Kirill Loifman
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
 

Empfohlen

Reduce planned database down time with Oracle technology
Reduce planned database down time with Oracle technologyReduce planned database down time with Oracle technology
Reduce planned database down time with Oracle technology
Kirill Loifman
 
Oracle database high availability solutions
Oracle database high availability solutionsOracle database high availability solutions
Oracle database high availability solutions
Kirill Loifman
 
Oracle 12c PDB insights
Oracle 12c PDB insightsOracle 12c PDB insights
Oracle 12c PDB insights
Kirill Loifman
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
Jittipong Loespradit
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
masabamasaba
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
WSO2
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
lanshi9
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
OnePlan Solutions
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
WSO2
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
masabamasaba
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
masabamasaba
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
Willy Marroquin (WillyDevNET)
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
masabamasaba
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
masabamasaba
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
masabamasaba
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
SelfMade bd
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
Shane Coughlan
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
masabamasaba
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
masabamasaba
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
Skeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
Neil Kimberley
 

Weitere ähnliche Inhalte

Kürzlich hochgeladen

Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
OnePlan Solutions
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
masabamasaba
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
masabamasaba
 

Kürzlich hochgeladen (20)

Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 

Empfohlen

Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Applitools
 

Empfohlen (20)

Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
 

From my PC to Oracle remote database

  • 1. LIVE ADVENTURE - FROM MY PC TO ORACLE REMOTE DATABASE Kirill Loifman dadbm.com Germany
  • 2. 2 WHO IS KIRILL LOIFMAN • Working with Oracle since 1996 • Full-time DBA expirience on Unix AIX, OpenVMS, Tru64, HP-UX, Linux • Database architect at adidas • OCP DBA 9i,10g,11g,.. • Blogger, speaker & a father • Contacts www: dadbm.com Twitter: @loifmkir Google.com/+Dadbm Facebook, LinkedIn, Xing …
  • 3. 3 DOAG ABOUT ME IN CONFERENCE BROCHURE
  • 4. End-User / Windows Client Oracle database 11gR2 on Linux Host name: dadbm-host Host name virtual: dadbm-vip DB name: orcl Port: 1521 4 OUR JOURNEY SCENARIO Our GOALs: • Establish remote connection from Client PC to Remote Oracle database via Firewall • Connect to any database user without password • Simplify further database connection attempts • Explore a few security points along the way
  • 5. 5 WHAT WE NEED TO ACHIEVE OUR GOAL • Oracle database -> Yes • Network interface • Firewall ports to be opened -> can bypass this • Oracle listener -> Yes • Oracle Client installable -> optional • Oracle client utilitty -> Yes • Oracle database user -> Can trick with this • Oracle user password -> Can simplify this • tnsnames.ora -> optional …. • …
  • 6. 6 CONFIGURE DATABASE SIDE • Ins tall Oracle binaries • Startup Oracle database • Configure Oracle listener, or maybe NOT configure... • Static vs Dynamic listener registration • Tool Set (Linux): OUI (runInstaller), dbca, SQL*Plus (sqlplus), lsnrctl, netmgr, …
  • 7. 7 CONFIGURE CLIENT SIDE • W hich Oracle client to use • Oracle OCI Client / Instant Client vs JDBC thing client • Client tool set (Windows) • ping tnsping telnet Putty OUI SQL*Plus, regedit • Install Oracle Client properly (OUI) • http://www.dadbm.com/how-to-install-oracle-11gr2-64-bit-client-on-windows-7/ • http://www.dadbm.com/oracle-11gr2-client-installation-on-windows-7-troubleshooting/ • Identify and configure your Oracle Client environment => …
  • 8. 8 CONFIGURE CLIENT SIDE - CONTINUE • Ide ntify / configure your Oracle environment • ORACLE_HOME • OUI; SQL*Plus; “set” if set as OS environment variable • C:oracleproduct11.2.0client_1 • TNS_ADMIN (optional) • “set” if set as OS environment variable • C:oracleproduct11.2.0client_1networkadmin • NLS_LANG • regedit (might not be accessable) -> SQL*Plus • Create a connection string in %TNS_ADMIN%tnsnames.ora • orcl=(description=(address=(protocol=tcp)(host=dadbm-vip)( port=1521))(connect_data=(service_name=orcl))))
  • 9. 9 DATABASE POTENTIAL CONNECTION WAYS sqlplus user/pass@orcl # tnsnames.ora sqlplus user/pass@'(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=dadbm-vip)( 1521=1521))(CONNECT_DATA=(SERVICE_NAME=orcl)))' sqlplus user@'(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=dadbm-vip)( HOST=1521))(CONNECT_DATA=(SID=orcl)))' sqlplus user/pass@//dadbm-vip:1521/orcl # EZCONNECT (sqlnet.ora) sqlplus user@'//dadbm-vip:1521/orcl' # without password sqlplus user@'//dadbm-vip/orcl' # default port jdbc:oracle:thin:@dadbm-vip:1521/orcl # custom JDBC url jdbc:oracle:thin:user@dadbm-vip:1521:orcl jdbc:oracle:oci:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=dadbm-vip)( 1521=1521))(CONNECT_DATA=(SERVICE_NAME=orcl)))
  • 10. 10 FIREWALL ISSUE • 1 st Problem – tnsping does NOT respond • ping <dadbm-host-ip> -> ping works! • tnsping orcl -> timed out • telnet <dadbm-vip> 1521 -> Connect failed => Potential issue with Firewall => Need a solution! - Proper solution -> Ask Security to open a DB listener port in Firewall Source IP Source Zone Destination IP Destination Zone Destination Port <Client PC IP> LAN/WAN <dadbm-vip> DMZ 1521 - Adventure solution -> Firewall Tunneling
  • 11. 11 FIREWALL TUNNELING • A dventure solution steps • SSH port 22 is usually open in Firewalls by default • Request a Linux user on database host • Use Putty Firewall Tunneling feature - Menu Connection -> SSH -> Tunnels - Add a Tunnel with Source port „8822“ to Destination „dadbm-vip:1521“ • Adjust DB connection string on the client as following: orcl=(description=(address=(protocol=tcp)(host=127.0.0.1) (port=8822))(connect_data=(service_name=orcl)))
  • 12. 12 FIREWALL TUNNELING – CONTINUE SSH Server Local clients can access the remote DB server by connecting to <mycomputer>:8822
  • 13. 13 DATABASE CONNECTION TEST – STEP1 1) P ing your host and database listener ping dadbm-host telnet 127.0.0.1 8822 tnsping (description=(address=(protocol=tcp)(host=127.0.0.1)(port=8822)) (connect_data=(service_name=orcl))) tnsping orcl tnsping 127.0.0.1:8822/orcl DEMO 2…
  • 14. 14 DATABASE USER REQUIRED • S olutions against missing database user  - Proper solution -> Ask DBAs to create a user - Adventure solutions -> See Demo
  • 15. 15 DATABASE CONNECTION TEST – STEP2 2) E stablish a database connection sqlplus dadbm@orcl as sysdba sqlplus dadbm@orcl sqlplus dadbm@'(description=(address=(protocol=tcp)(host=127.0.0.1)(port =8822))(connect_data=(service_name=orcl)))' sqlplus dadbm@'//127.0.0.1:8822/orcl' jdbc:oracle:thin:@127.0.0.1:8822/orcl jdbc:oracle:oci:@127.0.0.1:8822/orcl DEMO 3…
  • 16. 16 DATABASE CONNECTION TROUBLESHOOTING • Following connection errors may arise ORA-12154: TNS:could not resolve the connect identifier specified ORA-12198: TNS:could not find path to destination ORA-12203: TNS:unable to connect to destination ORA-12533: TNS:illegal ADDRESS parameters TNS-12541: TNS:no listener … • Use a following post on dadbm.com to troubleshoot http://www.dadbm.com/how-to-troubleshoot-oracle-remote-database-connection/
  • 17. 17 AVOID DB PASSWORD USING SECURE PASSWORD STORE 1) Configure Oracle Client environment for Oracle Wallet • tnsnames.ora file orcl = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 127.0.0.1)(PORT = 8822)) (CONNECT_DATA = (SERVICE_NAME = orcl)) ) • sqlnet.ora file WALLET_LOCATION = (SOURCE = (METHOD = FILE) (METHOD_DATA = (DIRECTORY = C:oracleproduct11.2.0client_1networkadmin)) ) SQLNET.WALLET_OVERRIDE = TRUE
  • 18. 18 SECURE PASSWORD STORE - CONTINUE 2) Create a wallet on the client mkstore -wrl <wallet_location> -create mkstore -wrl %TNS_ADMIN% -create Enter password: <= Choose wallet password and remember it Enter password again: Directory of C:oracleproduct11.2.0client_1networkadmin 12-Jun-14 12:39 3,589 cwallet.sso # Auto login wallet file 12-Jun-14 12:39 3,512 ewallet.p12 # PKCS#12 wallet file 12-Jun-14 12:26 644 sqlnet.ora 04-Jun-14 22:49 15,237 tnsnames.ora
  • 19. 19 SECURE PASSWORD STORE - CONTINUE 3) Create database connection credentials in the wallet mkstore -wrl %TNS_ADMIN% -createCredential <alias> <user> <passwd> mkstore -wrl %TNS_ADMIN% -createCredential orcl dadbm ora4u Enter password: <= Wallet password 4) Managing External Password Store Credentials mkstore -wrl %TNS_ADMIN% -listCredential mkstore -wrl %TNS_ADMIN% -createCredential orcl1 dadbm9 pass mkstore -wrl %TNS_ADMIN% -modifyCredential orcl1 dadbm9 newpassword mkstore -wrl %TNS_ADMIN% -deleteCredential orcl1
  • 20. 20 SECURE PASSWORD STORE - CONTINUE 5) Connect to a database without a password sqlplus /@orcl 6) Notes • DB does not know about your secure password store and vice versa • <DB alias> is unique in Wallet -> for different user create another alias • Wallet can be generated somewhere else and copied to you client • Extended Wallet management with orapki utility • More details in MOS DOC ID 340559.1 DEMO 4…
  • 21. CONNECT TO ANOTHER USER WITHOUT A PASSWORD Footer 14/03/2012 21 • Adventure solution => Enable Proxy Authentication 1) Use dadbm as proxy user and create more proxy clients: grant connect,resource to dadbm1 identified by adJIk3909sdfj; grant connect,resource to dadbm2 identified by g7fk3kZfdhl05; alter user dadbm1 grant connect through dadbm; 2) Connect to a database with proxy user and secure password store sqlplus proxy_user[proxy_client]@orcl sqlplus [dadbm1]@orcl sqlplus /@orcl or SQL>conn [dadbm1]@orcl alter session set current_schema=dadbm2;
  • 22. 22 ENABLE PROXY AUTHENTICATION - CONTINUE 3) Check who you are select sys_context('USERENV','PROXY_USER') PROXY_USER, sys_context('USERENV','SESSION_USER') SESSION_USER, sys_context('USERENV','CURRENT_SCHEMA') CURRENT_SCHEMA from dual; PROXY_USER SESSION_USER CURRENT_SCHEMA -------------------- -------------------- -------------------- DADBM DADBM1 DADBM2 4) More information select * from dba_proxies; select * from proxy_roles;
  • 23. 23 SIMPLIFY CONNECTION TO DATABASE • Create 2 files sql.bat and proxy.sql on the client # sql.bat SET LOCAL=%1 sqlplus /@%LOCAL% %2 # proxy.sql set verify off alter user &&1 grant connect through dadbm; connect [&&1]@&_CONNECT_IDENTIFIER show user • Ask for extra grant to my user dadbm: grant alter user to dadbm; • Connect to any TNS alias using sql.bat and to any DB user with proxy.sql sql orcl DADBM@orcl+>@proxy dadbm1 USER is "DADBM1" DADBM1@orcl+> DEMO 5…
  • 24. 24 SIMPLIFY CONNECTION TO LINUX BOX • D o we need a user password to connect to a Linux box? • Setup Public-key (SSH RSA) authentication • Use Putty tool set • puttygen.exe -> Generate SSH2-RSA keys • pscp.exe -> transfer Public key to Linux server • putty.exe -> Authenticate with Private key file • putty_auth_agent.bat -> enter keypass just once -> Establish Linux connection withOUT password DEMO 6…
  • 25. 25 LIVE ADVENTURE EXERCISE SUMMARY • Setting up the database and server connections this way will simplify the day-to-day tasks of DBAs and developers. • But think about security! That was just a playground! • Firewall tunneling and Secure Password Store are supported by other tools • Get your servers listed using other fancy GUIs • MTPutty • MRemoteNG • MobaXTerm • …
  • 26. 26 EXTEND YOUR TOOL SET
  • 27. 27 Wir machen Deutschlands Daten sicher(er)! Eine Community für DBAs, die aktiv die Daten Ihrer Datenbanksysteme schützen wollen oder müssen. Wir erarbeiten sinnvolle Konzepte und tauschen unser Wissen aus. https://blogs.oracle.com/SecurityDE/entry/db_sec urity_community_wurde_gegr%C3%BCndet Email to join: carsten.muetzlitz@oracle.com
  • 28. ??? THANK YOU! Kirill Loifman www.dadbm.com