Re: Safe access to just 1 or 2 databases on RAC cluster via VPN?
Date: Fri, 27 May 2016 08:27:08 -0500
Message-ID: <CAFU3ey7JjKPmW908H2DGER+fV9ECpEbiTPuYdSrrSNAQOkLsdw_at_mail.gmail.com>
Have you looked at Oracle Connection Manager?
Andy
On Fri, May 27, 2016 at 7:30 AM, David Mann <dmann99_at_gmail.com> wrote:
>
> I have a customer that is requesting to add IP addresses of all nodes in a
> cluster to their VPN so they can access a subset of databases on the
> cluster.
>
> If they were the only organization that had databases on that cluster I
> wouldn't have an issue - but there are other databases on there that have
> nothing to do with their workflow.
>
> In the past I would usually work to get them on their own isolated machine
> or cluster so the VPN endpoints could be added to their b2b VPN and they
> would only have access to systems which only housed their data. I don't
> have that option in this case.
>
> I was thinking about setting up a listener for them on another port which
> was only configured for their subset of databases... And block access to
> the general scan listener already set up on the cluster. Would this afford
> any protection to attempts to connect to other databases on the cluster? Or
> better to approach this from a firewall configuration standpoint?
>
> --
> Dave Mann
> General Geekery | www.brainio.us
> Database Geekery | www.ba6.us | _at_ba6dotus | http://www.ba6.us/rss.xml
>
-- Andy -- http://www.freelists.org/webpage/oracle-lReceived on Fri May 27 2016 - 15:27:08 CEST