Skip Headers
Oracle® Transparent Gateway for DRDA Installation and User's Guide
10g Release 2 (10.2) for UNIX

Part Number B16217-02
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
View PDF

10 Oracle Net

Oracle Net is an Oracle product providing network communication between Oracle applications, Oracle Database, and Oracle Gateways across different systems

This chapter contains the following sections:

Checklists for Oracle Net

This section provides checklists to be used when installing and configuring Oracle Net.

Configuring Oracle Net

The steps to conigure Oracle Net are:

Advanced Security Encryption

Verifying if CHECKSUM and the Export encryption algorithms are used at your site. To set up advanced security encryption are:

Oracle Net Introduction

Oracle Net provides connectivity to the gateway through the use of Protocol Adapters, SQL*Net, and the TNS Listener. Configuration of Oracle Net is backward compatible with past versions of SQL*Net. A new facility called Heterogeneous Services (HS) has been added to both Oracle Net and the gateway to improve the throughput of data. For additional information, refer to Oracle Database Net Services Administrator's Guide, Oracle Database Net Services Reference, and Oracle Database Heterogeneous Connectivity Administrator's Guide.

Oracle Net Overview

Oracle Net is a required Oracle product supporting network communications between Oracle applications, Oracle Database, and Oracle gateways across different CPUs or operating systems. It also supports communication across different Oracle Databases and CPUs providing distributed database and distributed processing capabilities.

Oracle Net also allows applications to connect to multiple Oracle Database or gateways across a network, selecting from a variety of communications protocols and application program interfaces (APIs) to establish a distributed processing and distributed database environment.

A communications protocol is a set of implemented standards or rules governing data transmission across a network. An API is a set of subroutines providing an interface for application processes to the network environment.

Distributed Processing.

Dividing processing between a front-end computer running an application and a back-end computer used by the application is known as distributed processing. Oracle Net enables an Oracle tool or application to connect to a remote computer containing Oracle Database or Oracle Gateway.

Distributed Database

Several databases linked through a network, appearing as a single logical database, are known as a distributed database. An Oracle tool running on a client computer or on Oracle Database running on a host computer can share and obtain information retrieved from other remote Oracle Database. Regardless of the number of database information sources, you might be aware of only one logical database.

Terminology for Oracle Net

The following terms are used to explain the architecture of Oracle Net:

Configuring Oracle Net

The gateway must be defined to the TNS listener, and a service name must be defined for accessing the gateway.

Step 1: Modify listener.ora file

Add an entry for the gateway to the listener.ora file. For example:

(SID_DESC=
          (SID_NAME=sidname)
          (ORACLE_HOME=/oracle/tg4drda/10.2.0)
          (PROGRAM=g4drsrv))

Refer to Appendix B, "Sample Files", for a sample listener.ora file.

Note:

The PROGRAM=g4drsrv parameter is required. It specifies to the listener the name of the gateway executable.

Step 2: Modify tnsnames.ora file

Add a gateway service name to the tnsnames.ora file on the system where your Oracle integrating server resides. Specify the service name in the USING parameter of the database link defined for accessing the gateway from the Oracle Database 10g server.

linkname1 = (DESCRIPTION=
                   (ADDRESS= 
                        (PROTOCOL=IPC)
                        (KEY=ORAIPC))
                   (CONNECT_DATA=(SID=sidname))
                   (HS=)
           )

You can use the IPC protocol only if the Oracle integrating server and the gateway reside on the same computer. If you use the IPC protocol adapter, then add an entry like this to tnsnames.ora:

where:

linkname1  is the name used to define the database link referencing the gateway.

ORAIPC  is the IPC key defined in the listener.ora file for the IPC protocol.

sidname  is your gateway SID, the same SID that you used for the entry in your listener.ora file.

If you are using the TCP/IP protocol adapter, then add the following entry to tnsnames.ora:

linkname2  is the name used to define the database link referencing the gateway.

where:

linkname2 = (DESCRIPTION=
              (ADDRESS=
                 (PROTOCOL=TCP)
                 (PORT=port)
                 (HOST=hostname))
              (CONNECT_DATA=(SID=sidname))
              (HS=)
            )

port  is the TCP/IP port number on which the Oracle listener is listening (default is 1541).

hostname  is the name of your host system.

sidname  is your gateway SID.

Refer to "Sample Oracle Net tnsnames.ora File" for a sample tnsnames.ora file. For more information about configuring Oracle Net, refer to Oracle Database Net Services Administrator's Guide.

Advanced Security Encryption

Oracle Net supports the CHECKSUM command and the Export encryption algorithms. The following sections describe a basic method of verifying this feature if it is used at your site. The easiest way to determine if Advanced Security encryption is attempting to work is to deliberately set wrong configuration parameters and attempt a connection between the server and client. Incorrect parameters cause the connection to fail.

After receiving the expected failure message, set the configuration parameters to the correct settings and try the connection again. Encryption is working properly if you receive no further error messages.

Setting Up Advanced Security Encryption for Test

The following procedures test Advance Security encryption by the above method. The incorrect parameter settings produce error 12660

  1. Step 1: Set Advanced Security Encryption Parameters for the Gateway

  2. Step 2: Set Advanced Security Encryption Parameters for Oracle Server

    Note:

    The international or export version of Advanced Security encryption supports the following encryption types:
    • des40

    • rc4_40

Step 1: Set Advanced Security Encryption Parameters for the Gateway

Edit the Oracle Net configuration file on the host system (gateway system) to add the following parameters and values:

SQLNET.CRYPTO_CHECKSUM_SERVER = REJECTED
SQLNET.ENCRYPTION_SERVER = REJECTED
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER = (SHA1)
SQLNET.ENCRYPTION_TYPES_SERVER = (DES40,RC4_40)
SQLNET.CRYPTO_SEED = "abcdefg123456789"

The value shown for SQLNET.CRYPTO_SEED is only an example. Set it to the value you want. Refer to the Oracle Database Advanced Security Administrator's Guide for more information.

Step 2: Set Advanced Security Encryption Parameters for Oracle Server

Set the advanced security encryption parameters for the Oracle integrating server.

Edit the Oracle Net configuration file on the Oracle integrating server system to add the following parameters:

SQLNET.CRYPTO_CHECKSUM_CLIENT = REQUIRED
SQLNET.ENCRYPTION_CLIENT = REQUIRED
SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT = (SHA1)
SQLNET.ENCRYPTION_TYPES_CLIENT = (DES40,RC4_40)
SQLNET.CRYPTO_SEED = "abcdefg123456789"

The value shown for SQLNET.CRYPTO_SEED is only an example.

Testing Advanced Security Encryptions

After completing Steps 1 and 2 to set up Advanced Security encryption, you are ready to test the operation of the Advanced Security encryption by using the following steps:

  1. Step 1: Connect Gateway and Oracle Integrating Server

  2. Step 2: Reset Configuration Parameters on the Gateway

Step 1: Connect Gateway and Oracle Integrating Server

Use SQL*Plus to logon to the Oracle integrating server. Access the gateway through a database link. You should receive the following error:

ORA-12660: Encryption or crypto-checksumming

Step 2: Reset Configuration Parameters on the Gateway

Change the following Advanced Security encryption parameters on the gateway to:

SQLNET.CRYPTO_CHECKSUM_SERVER = REQUIRED
SQLNET.ENCRYPTION_SERVER = REQUIRED

Attempt the connection between the gateway and the Oracle integrating server again. If no error message is returned and the connection completes, then you can assume Advanced Security encryption is working properly.