Oracle® Database Vault Installation Guide 10g Release 2 (10.2) for Microsoft Windows (64-Bit) on Intel Itanium Part Number B32486-02 |
|
|
View PDF |
This chapter includes an overview of the major steps required to install Oracle Database Vault into an existing Oracle Database 10g release 2 (10.2.0.3) database. These procedures transform an existing Oracle Database system (including associated applications) into an Oracle Database Vault system. Databases upgraded using the procedures described in this chapter can work almost in the same manner as in earlier releases and, optionally, can leverage new Oracle Database Vault functionality. For a list of changes that Database Vault makes, refer to Appendix D, "Initialization Parameters" and the Oracle Database Vault Administrator's Guide.
Note:
In order to upgrade a pre-10g release 2 Oracle Database to Oracle Database Vault, you first need to upgrade the database to a 10g release 2 (10.2.0.3) database.See Also:
Oracle Database Upgrade Guide, 10g Release2 (10.2) for information about upgrading your Oracle Database to Oracle Database 10g release 2.This chapter covers the following topics:
This section covers the following topics:
Before you plan the upgrade process, become familiar with the features of Oracle Database Vault. The Oracle Database Vault Administrator's Guide discusses the basic features of Oracle Database Vault.
This section describes hardware component and hard disk space requirements.
Table 2–1 discusses the hardware requirements for Oracle Database Vault:
Table 2-1 Hardware Requirements
Requirement | Value |
---|---|
Physical memory (RAM) |
1 GB minimum, 4 GB recommended |
Virtual memory |
Double the amount of RAM |
Disk space |
Total: 4.77 GB See Table 2-2 for details. |
Video adapter |
256 colors |
Processor |
Intel Itanium 2 or later |
This section lists system requirements for Windows platforms that use the NT File System (NTFS) file systems. Oracle recommends installing Oracle components on NTFS.
The NTFS system requirements listed in this section are more accurate than the hard disk values reported by the Oracle Universal Installer Summary window. The Summary window does not include accurate values for disk space, the space required to create a database, or the size of compressed files that are expanded on the hard drive.
The hard disk requirements for Oracle Database components include 32 MB required to install Java Runtime Environment (JRE) and Oracle Universal Installer on the partition where the operating system is installed. If sufficient space is not detected, installation fails and an error message appears.
Table 2-2 Disk Space Requirements for NTFS
Installation Type | TEMP Space | SYSTEM_DRIVE:\Program Files\Oracle | Oracle Home | Data Files * | Total |
---|---|---|---|---|---|
Basic Installation |
125 MB |
100 MB |
3.5 GB |
1.05 GB |
4.77 GB |
Advanced Installation: Enterprise Edition |
125 MB |
100 MB |
3.5 GB ** |
1.05 GB ** |
4.77 GB ** |
Advanced Installation: Standard Edition |
125 MB |
100 MB |
3.5 GB ** |
1.05 GB ** |
4.77 GB ** |
Advanced Installation: Personal Edition |
125 MB |
100 MB |
3.5 GB ** |
1.05 GB ** |
4.77 GB ** |
* Refers to the contents of the admin
, flash_recovery_area
, and oradata
directories in the ORACLE_BASE
directory.
** This size can be higher depending on the installation options selected, such as languages or additional components. If you choose to install Oracle Database with automated backups enabled, include at least 2 GB extra for data file disk space.
To ensure that the system meets these requirements, follow these steps:
Determine the physical RAM size. For a computer using Windows 2003, for example, double-click System in the Windows Control Panel and click the General tab. If the size of the physical RAM installed in the system is less than the required size, then you must install more memory before continuing.
Determine the size of the configured virtual memory (also known as paging file size). For a computer using Windows 2003, for example, double-click System in the Control Panel, click the Advanced tab, and click Settings in the Performance section. Then click the Advanced tab. The virtual memory is listed in the Virtual Memory section.
If necessary, see your operating system documentation for information about how to configure additional virtual memory.
Determine the amount of free disk space on the system. For a computer using Windows 2003, for example, double-click My Computer, right-click the drive where the Oracle software is to be installed, and select Properties.
Determine the amount of disk space available in the temp
directory. This is equivalent to the total amount of free disk space, minus what will be needed for the Oracle software to be installed.
Oracle Database Vault is installed in an existing Oracle home. All software requirements that were met while installing Oracle Database 10g release 2 are sufficient for Oracle Database Vault.
See Also:
Oracle Database Installation Guide for Microsoft Windows (64-Bit) on Intel Itanium for detailed information on the software requirements for installing Oracle DatabaseTable 2-3 lists the software requirements for Oracle Database Vault.
Table 2-3 Software Requirements
Requirement | Value |
---|---|
Processor: Intel Itanium 2 or later Note: Oracle provides 32-bit (x86), 64-bit (Itanium), and 64-bit (x64) versions of Oracle Database for Microsoft Windows. The 64-bit (Itanium) database version, which this installation guide describes, runs on the 64-bit version of Windows on Itanium hardware. For additional information, visit OracleMetaLink at: http://metalink.oracle.com |
|
Oracle Database for 64-bit Windows is supported on the following operating systems:
Windows Multilingual User Interface Pack is supported on Windows 2003. Windows XP is not supported. |
|
The following components are supported with the Windows 2003 Microsoft Platform SDK or later compiler and Intel compiler versions 7.1 and 8.1:
GNU Compiler Collection (GCC), Object Oriented COBOL (OOCOBOL) specifications, and Pro*COBOL are not supported. |
|
The Oracle Net foundation layer uses Oracle protocol support to communicate with the following industry-standard network protocols:
|
|
If you plan to connect to Oracle Database 10g release 2 (10.2) from a release of Oracle Database Client that is earlier than 10g release 2 (10.2), you will not be able to do so if the following conditions exist:
To remedy this problem, upgrade Oracle Database Client by using the latest Oracle Database Family patchset (9.2.0.7, or 10.1.0.4 or later). You can download the patchset from the Patches and Updates section of OracleMetaLink at: http://metalink.oracle.com |
The platform-specific hardware and software requirements included in this installation guide were current at the time this guide was published. However, because new platforms and operating system software versions might be certified after this guide is published, review the certification matrix on the OracleMetaLink Web site for the most up-to-date list of certified hardware platforms and operating system versions. This Web site also provides compatible client and database versions, patches, and workaround information for bugs. The OracleMetaLink Web site is available at:
http://metalink.oracle.com/
You must register online before using OracleMetaLink. After logging in, click Certify & Availability from the left-hand column. From the Product Lifecycle page, click the Certifications button. Other Product Lifecycle options include Product Availability, Desupport Notices, and Alerts.
The following sections provide certification information:
Note:
Ensure that the Telnet service is started on the Windows Services utility.Oracle supports Terminal Services on Windows 2003. Oracle does not support the installation of Oracle components from a remote Terminal Services Client on to a 64-bit Windows server that is running a Terminal Server service. Start all configuration tools from the Terminal Server console (using mstsc/console
) and not from the Terminal Services Client.
You can configure Windows 2003 to use Terminal Services in Remote Desktop for Administration Mode or Terminal Server Mode.
See Also:
The Microsoft Web site for more information about terminal services
The OracleMetaLink Web site for the latest Terminal Server certification information
The following components are not supported:
Oracle Enterprise Manager Grid Control CD
A 64-bit Windows version of Oracle Enterprise Manager Grid Control is not available in this release.
You can execute Oracle Migration Workbench from a 32-bit Windows environment to migrate third-party databases, as supported by release 9.2.0.2.1 or later, to an Oracle Database 10g Release 2 (10.2) database installed on a 64-bit Windows computer.
Oracle Enterprise Integration Gateways, which include the following:
Oracle Procedural Gateway for APPC
Oracle Transparent Gateway for IBM DRDA
Oracle Open Gateways, which include the following:
Oracle Transparent Gateway for Sybase
Oracle Transparent Gateway for Teradata
Oracle Transparent Gateway for Microsoft SQL Server
In order to install Oracle Database Vault, you must be running the Enterprise Edition of Oracle Database 10g release 2 (10.2.0.3). The database should also have Oracle Enterprise Manager Console DB 10.2.0.3.0 installed.
A listener must have been configured for the existing database. Oracle Net Configuration Assistant configures the listener when you first install the database. You can also use Oracle Enterprise Manager to administer listeners.
You must have an existing password file for the database. The password file authentication parameter, REMOTE_LOGIN_PASSWORDFILE
must have been set to EXCLUSIVE
or SHARED
.
You can set the REMOTE_LOGIN_PASSWORDFILE
parameter in the init.ora
file. Use the orapwd
utility to create and manage password files.
See Also:
Oracle Database Administrator's Guide for more information on creating and maintaining a password fileThe following topics discuss applying the 10.2.0.3 patch set and installing the required components:
Before installing Oracle Database Vault, you should ensure that Oracle Enterprise Manager Console DB 10.2.0.3.0 is installed. Oracle Enterprise Manager Console DB is installed using the Oracle Universal Installer (OUI). The following steps summarize installing Oracle Enterprise Manager Console DB:
Run Oracle Universal Installer (OUI) and perform a custom installation to install Oracle Enterprise Manager Console DB 10.2.0.1.0. Add Oracle Enterprise Manager Console DB from the list of available product components.
Apply the Oracle Database release 10.2.0.3 patch set.
Note:
You can configure the database to use Enterprise Manager Database Control by using Database Configuration Assistant (DBCA). However, configuring Enterprise Manager Database Control is not a prerequisite for installing Oracle Database Vault.To install Oracle Database Vault, you need to upgrade the database to Oracle Database release 10.2.0.3. Oracle strongly recommends that you back up your database before performing any upgrade or installation.
See Also:
Oracle Database Backup and Recovery User's Guide for information on database backupsThis section covers the following topics:
Patch Set Overview
The patch set is not a complete software distribution. You must install it in an existing Oracle Database 10g release 2 (10.2.0.1 or 10.2.0.2) installation. You can apply the Oracle Database release 10.2.0.3 patch set to the following Oracle Database 10g release 2 installations:
Oracle Database
Oracle Real Application Clusters
Oracle Database Client
Oracle Database Companion CD
Oracle Clusterware
Oracle Universal Installer Version Requirements
This patch set includes Oracle Universal Installer release 10.2.0.3, which is also installed when you install this patch set. This is to ensure that your Oracle home can be patched in the future. You should not use the Installer from the earlier maintenance release media or Oracle home.
There are two documents related to this release of the Oracle Database patch set:
Oracle Database Patch Set Notes, 10g Release 2 (10.2.0.3) Patch Set 2 for Microsoft Windows (64-Bit) on Intel Itanium
Oracle Database List of Bugs Fixed, 10g Release 2 (10.2.0.3) Patch Set
Both of these documents are included with the patch set. In addition, they are available on the OracleMetalink Web site:
http://metalink.oracle.com
Oracle strongly recommends that you back up your database before performing any upgrade or installation. The ultimate success of your upgrade depends heavily on the design and execution of an appropriate backup strategy. To develop a backup strategy, consider the following questions:
How long can the production database remain inoperable before business consequences become intolerable?
What backup strategy should be used to meet your availability requirements?
Are backups archived in a safe, offsite location?
How quickly can backups be restored (including backups in offsite storage)?
Have recovery procedures been tested successfully?
Your backup strategy should answer all of these questions and include procedures for successfully backing up and recovering your database.
See Also:
Oracle Database Backup and Recovery User's Guide for information on database backupsOracle Clusterware should be running for the Database Vault installer to find the existing Real Application Clusters (RAC) databases. If you have stopped Oracle Clusterware, then you should restart it before running Oracle Universal Installer. Use the following command to start Oracle Clusterware:
C:\> CRS_HOME\bin\crsctl start crs
Note:
You need to run the crsctl start crs
command on all nodes of the cluster.
The crsctl start crs
command also starts the database. You will need to shut down the database before running Oracle Universal Installer.
Stop all processes running in the Oracle home. You must complete this task to enable Oracle Universal Installer to relink certain executables and libraries. For RAC databases, you need to stop the processes on all nodes.
Stop the processes in the following order:
Stop the Enterprise Manager Database Control process, if it is running. Use the following command:
C:\> ORACLE_HOME\bin\emctl stop dbconsole
Stop the iSQL*Plus process, using the following command:
C:\> ORACLE_HOME\bin\isqlplusctl stop
Shut down all database instances running from the Oracle home directory into which Oracle Database Vault is to be installed.
sqlplus SYS "AS SYSOPER" Enter password: SQL> shutdown immediate
Oracle Universal Installer configures and starts a default Oracle Net listener using TCP/IP port 1521. However, if an existing Oracle Net listener process is using the same port or key value, then Oracle Universal Installer can only configure the new listener, it cannot start it. To ensure that the new listener process starts during the installation, you must shut down any existing listeners before starting Oracle Universal Installer.
Use the following command to stop the listener process:
C:\> ORACLE_HOME\bin\lsnrctl stop listenername
Use the following steps to stop Oracle Database services from the Control Panel:
Access your Windows Services dialog.
See Also:
Your operating system documentation for instructionsSelect Oracle
HOME_NAME
TNSListener
. Click Stop to stop this service. You need to perform this step only if you haven't shut down the listener process using the lsnrctl
command.
Select OracleService
SID
and click Stop.
Note:
If you are installing Database Vault for Oracle Real Application Clusters (RAC), then you need to shut down all Oracle processes on all cluster nodes. See Appendix A, "How to Stop Processes in an Existing Oracle Real Application Clusters Database" for more details.You can use the graphical user interface (GUI) provided by Oracle Universal Installer to install Oracle Database. The following steps discuss installing Database Vault using Oracle Universal Installer:
Log on as a member of the Administrators group.
If you are installing on a Primary Domain Controller (PDC) or a Backup Domain Controller (BDC), log on as a member of the Domain Administrators group.
Insert Oracle Database Vault installation media and navigate to the database directory. Alternatively, navigate to the directory where you downloaded or copied the installation files.
Use the same installation media to install Oracle Database Vault on all supported Windows platforms.
In the Specify Installation Details screen, you need to specify the path to the Oracle home that contains the existing Oracle Database. The Destination Path box lists the Oracle home paths of all Oracle Database release 2 (10.2.0.3) Enterprise Edition databases registered with the system.
Select the Oracle home corresponding to the database into which you want to install Oracle Database Vault.
Note:
If an Oracle home does not have an Enterprise Edition of Oracle Database release 10.2.0.3 installed, then it is not displayed. You must ensure that the Oracle home has an Enterprise Edition of Oracle Database release 10.2.0.3 installed.
If an Oracle home does not have Oracle Enterprise Manager Console DB 10.2.0.3.0 installed, then it is not displayed. You must ensure that the Oracle home has Oracle Enterprise Manager Console DB 10.2.0.3.0 installed.
If an Oracle home contains an Automatic Storage Management (ASM) instance, then it is not displayed. You cannot install Oracle Database Vault into an Oracle home that also contains an ASM instance.
If an Oracle home already contains Oracle Database Vault, then it is not displayed. You cannot install Oracle Database Vault into an Oracle home more than once.
Oracle Clusterware should be running for the Database Vault installer to find the existing Real Application Clusters (RAC) databases. Ensure that Oracle Clusterware is running before installing Oracle Database Vault. You can use the crsctl
command to start Oracle Clusterware.
Enter a user name for the Database Vault Owner account in the Database Vault Owner field. The user name can be a minimum of 2 and maximum of 30 characters long.
Enter a password for the Database Vault Owner account in the Database Vault Owner Password field. The password can be a minimum of 8 and a maximum of 30 characters. The password must include at least one alphabet, one digit, and one nonalphanumeric character (symbol). It cannot be the same as the account names for either the Database Vault owner or the Database Vault account manager. It cannot contain any consecutive repeating characters.
Reenter the password in the Confirm Password field.
Select Create a Separate Account Manager if you want to create a separate Account Manager to manage Oracle Database Vault accounts.
In the Database Vault Account Manager field, enter a user name for the Database Vault Account Manager if you have chosen to select the Create a Separate Account Manager check box. The user name can be a minimum of 2 and a maximum of 30 characters.
Enter a password for the Database Vault Account Manager account in the Account Manager Password field. The password can be a minimum of 8 and a maximum of 30 characters. The password must include at least one alphabet, one digit, and one nonalphanumeric character (symbol). It cannot be the same as the account names for either the Database Vault owner or the Database Vault account manager. It cannot contain any consecutive repeating characters.
Reenter the password in the Confirm Password field. Click Next.
The Select Existing Database screen is displayed. A list of all databases running from the selected Oracle home is displayed. Select the database into which you wish to install Oracle Database Vault.
Note:
If the selected Oracle home contains more than one database, then Operating System (OS) authentication is turned off for all the databases in the Oracle home.
Oracle recommends that you install Oracle Database Vault into an Oracle home containing only a single database.
If a database is not listed, then check to make sure that you have followed the instructions under "Check the Database Requirements".
Enter the existing SYS
user password for the selected database in the Existing Database SYS Password field.
Reenter the SYS password in the Confirm Password field. Click Next.
Note:
At this point, the database requirements are validated.You are prompted to shut down all Oracle processes running from the Oracle home before proceeding. Shut down the Oracle processes, if you have not already done so.
See Also:
"Stop Existing Oracle Processes" for more information on stopping existing Oracle processesProduct-specific prerequisite checks are performed. Confirm that all tests have passed. Click Next to continue.
The Summary screen is displayed with the installation details. Verify the details and click Install.
The Installation screen is displayed. After the installation completes, the Database Vault Configuration Assistant (DVCA) is run automatically. DVCA helps configure the Database Vault installation.
When you install a loopback adapter, the loopback adapter assigns a local IP address for your computer. After you install a loopback adapter on your computer, you have at least two network adapters on your computer: your own network adapter and the loopback adapter. Oracle Database needs to have Windows using the loopback adapter as the primary adapter.
The primary adapter is determined by the order in which you installed the adapters: it is the last adapter installed. If you install additional network adapters after you install the loopback adapter, you need to deinstall the loopback adapter and reinstall it.
A loopback adapter is required if:
You are installing on a DHCP computer, or
You are installing on a non-networked computer and plan to connect the computer to a network after installation.
This section covers the following topics:
To check if a loopback adapter is installed on your computer, run the ipconfig /all
command:
SYSTEM_DRIVE:\> ipconfig /all
If there is a loopback adapter installed, you would see a section that lists the values for the loopback adapter. For example:
Ethernet adapter Local Area Connection 2: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Loopback Adapter Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Autoconfiguration IP Address. . . : 169.254.25.129 Subnet Mask . . . . . . . . . . . : 255.255.0.0
Windows 2000 reports on the last network adapter installed. This means that if you install additional network adapters after you install the loopback adapter, you need to remove and reinstall the loopback adapter. The loopback adapter must be the last network adapter installed on the computer.
To install a loopback adapter on Windows 2000:
From the Start menu, select Settings, then Control Panel.
Double-click Add/Remove Hardware to start the Add/Remove Hardware wizard.
In the Welcome window, click Next.
In the Choose a Hardware Task window, select Add/Troubleshoot a device, and click Next.
In the Choose a Hardware Device window, select Add a new device, and click Next.
In the Find New Hardware window, select No, I want to select the hardware from a list, and click Next.
In the Hardware Type window, select Network adapters, and click Next.
In the Select Network Adapter window, do the following:
Manufacturers: Select Microsoft.
Network Adapter: Select Microsoft Loopback Adapter.
Click Next.
In the Start Hardware Installation window, click Next.
In the Completing the Add/Remove Hardware Wizard window, click Finish.
Right-click My Network Places on the desktop and select Properties. This displays the Network and Dial-up Connections control panel.
Right-click the connection that was just created. This is usually "Local Area Connection 2". Select Properties.
On the General tab, select Internet Protocol (TCP/IP), and click Properties.
In the Properties dialog box, click Use the following IP address and do the following:
IP Address: Enter a non-routable IP address for the loopback adapter. Oracle recommends the following non-routable addresses:
192.168.
x
.x
(x
is any value between 0 and 255)
10.10.10.10
Subnet mask: Enter 255.255.255.0
.
Record the values you entered, which you will need later in this procedure.
Leave all other fields empty.
Click OK.
Close the Network Connections window.
Restart the computer.
Add a line to the SYSTEM_DRIVE
:\WINNT\system32\drivers\etc\hosts
file with the following format, right after the localhost
line:
IP_address hostname.domainname hostname
where:
IP_address
is the non-routable IP address you entered in step 14.
hostname
is the name of the computer.
domainname
is the name of the domain.
For example:
10.10.10.10 mycomputer.mydomain.com mycomputer
Check the network configuration:
Open System in the Control Panel, and select the Network Identification tab.
In Full computer name, make sure you see the host name and the domain name, for example, sales.us.mycompany.com
.
Click Properties.
In Computer name, you should see the host name, and in Full computer name, you should see the host name and domain name. Using the previous example, the host name would be sales
and the domain would be us.mycompany.com
.
Click More. In Primary DNS suffix of this computer, the domain name, for example, us.mycompany.com
, should appear.
Exit the System Control Panel.
To install a loopback adapter on Windows 2003 or Windows XP:
Open the Windows Control Panel.
Double-click Add Hardware to start the Add Hardware wizard.
In the Welcome window, click Next.
In the Is the hardware connected? window, select Yes, I have already connected the hardware, and click Next.
In the The following hardware is already installed on your computer window, in the list of installed hardware, select Add a new hardware device, and click Next.
In the The wizard can help you install other hardware window, select Install the hardware that I manually select from a list, and click Next.
From the list of hardware types, select the type of hardware you are installing window, select Network adapters, and click Next.
In the Select Network Adapter window, make the following selections:
Manufacturer: Select Microsoft.
Network Adapter: Select Microsoft Loopback Adapter.
Click Next.
In the The wizard is ready to install your hardware window, click Next.
In the Completing the Add Hardware Wizard window, click Finish.
If you are using Windows 2003, restart your computer.
Right-click My Network Places on the desktop and choose Properties. This displays the Network Connections Control Panel.
Right-click the connection that was just created. This is usually named "Local Area Connection 2". Choose Properties.
On the General tab, select Internet Protocol (TCP/IP), and click Properties.
In the Properties dialog box, click Use the following IP address and do the following:
IP Address: Enter a non-routable IP for the loopback adapter. Oracle recommends the following non-routable addresses:
192.168.
x
.x
(x
is any value between 0 and 255)
10.10.10.10
Subnet mask: Enter 255.255.255.0
.
Record the values you entered, which you will need later in this procedure.
Leave all other fields empty.
Click OK.
Click OK.
Close Network Connections.
Restart the computer.
Add a line to the SYSTEM_DRIVE
:\WINDOWS\system32\drivers\etc\hosts
file with the following format, after the localhost
line:
IP_address hostname.domainname hostname
where:
IP_address
is the non-routable IP address you entered in step 16.
hostname
is the name of the computer.
domainname
is the name of the domain.
For example:
10.10.10.10 mycomputer.mydomain.com mycomputer
Check the network configuration:
Open System in the Control Panel, and select the Computer Name tab. In Full computer name, make sure you see the host name and the domain name, for example, sales.us.mycompany.com
.
Click Change. In Computer name, you should see the hostname, and in Full computer name, you should see the host name and domain name. Using the previous example, the host name would be sales
and the domain would be us.mycompany.com
.
Click More. In Primary DNS suffix of this computer, you should see the domain name, for example, us.mycompany.com
.
To remove a loopback adapter:
Display System in the Windows Control Panel.
In the Hardware tab, click Device Manager.
In the Device Manager window, expand Network adapters. You should see Microsoft Loopback Adapter.
Right-click Microsoft Loopback Adapter and select Uninstall.
Click OK.
This section lists the tasks to perform after you have completed an upgrade of your database. The following topics are discussed:
Make sure you perform a full backup of the production database. See Oracle Database Backup and Recovery User's Guide for details on backing up a database.
Oracle strongly recommends that you change the password for each account after installation. This enables you to effectively implement the strong security provided by Oracle Database Vault.
Note:
If you are creating a database using Database Configuration Assistant, you can unlock accounts after the database is created by clicking Password Management before you exit from Database Configuration Assistant.To unlock and reset user account passwords using SQL*Plus:
Start SQL*Plus and log in using the Database Vault Account Manager account. If you did not create the Database Vault Account Manager account during installation, then you will need to log in using the Database Vault Owner account.
Enter a command similar to the following, where account
is the user account that you want to unlock and password
is the new password:
SQL> ALTER USER account [ IDENTIFIED BY password ] ACCOUNT UNLOCK;
In this example:
The ACCOUNT UNLOCK
clause unlocks the account.
The IDENTIFED BY
password
clause resets the password.
In a default Database Vault installation, the operating system authentication to the database is disabled. In addition, connections to the database using the SYSDBA
privilege (that is, those that use the AS SYSDBA
clause) are disabled. This is a security feature and is implemented to prevent misuse of the SYSDBA
privilege.
If a password file has been created using the orapwd
utility with the nosysdba
flag set to y
(Yes) (the default action of a Database Vault installation), users will not be able to log in to an Oracle Database Vault instance using the SYS
account or any account with SYSDBA
privilege using the AS SYSDBA
clause. You can reenable the ability to connect with the SYSDBA
privilege by re-creating the password file with the nosysdba
flag set to n
(No). You might need to reenable the ability to connect with SYSDBA privileges, if certain products or utilities require it's use.
When you re-create the password file, any accounts other than SYS
that were granted the SYSDBA
or SYSOPER
privileges will have those privileges removed. You will need to regrant the privileges for these accounts after you have re-created the password file.
Use the following syntax to run orapwd
:
C:\> ORACLE_HOME\bin\orapwd file=filename password=password [entries=users] force=y/n nosysdba=y/n
Where:
file
: Name of password file (mandatory)
password
: Password for SYS
(mandatory). Enter at least six alphanumeric characters.
entries
: Maximum number of distinct DBA users
force
: Whether to overwrite the existing file (optional). Enter y
(for yes) or n
(for no)
nosysdba
: Whether to enable or disable the SYS
logon (optional for Oracle Database Vault only). Enter y
(for yes) or n
(for no)
The default is no, so if you omit this flag, the password file will be created enabling SYSDBA
access for Oracle Database Vault instances.
For example:
C:\> oracle\product\10.2.0\db_1\bin\orapwd file=C:\oracle\product\10.2.0\db_1\dbs\orapwORCL password=5hjk99 force=y nosysdba=n
Note:
Do not insert spaces around the equal (=) character.You need to start the listener and database on all RAC nodes other than the one on which the installation is performed. Use the following commands to start the listener and the database:
Note:
You need to enableSYSDBA
connections on all nodes before running these commands. See "Enable or Disable Connections with the SYSDBA Privilege" for more information on enabling SYSDBA
connections.C:\> ORACLE_HOME\bin\lsnrctl start LISTENER_nodename C:\> ORACLE_HOME\bin\srvctl start instance -d sid -i instance_name -c "SYS/password AS SYSDBA"
After installing Database Vault for a Real Application Clusters (RAC) instance, you need to run Database Vault Configuration Assistant (DVCA) with the -action optionrac
switch on all other RAC nodes. This sets instance parameters and disables SYSDBA
operating system authentication.
Note:
Before running DVCA on a remote node, you need to set the correct value for the ORACLE_SID
variable in the ORACLE_HOME
\bin\dvca.bat
file on the remote node. The ORACLE_SID
variable needs to be changed from the local node Oracle System Identifier (SID) to the remote node Oracle System Identifier (SID) on the remote node.
Before running DVCA on a remote node, you need to correct the following Windows registry entry on the remote node:
HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE\KEY_ORACLE_HOME_NAME\ORA_instance_name_PWFILE
The instance_name
in the remote node registry should be the database instance name for the remote node, and not the database instance name for the local node.
The value for this key should be the complete path to the password file on the remote node. For example:
C:\ORACLE\PRODUCT\10.2.0\DB_1\dbs\orapwORCL2
You need to run this command on all RAC nodes other than the node on which the Database Vault installation is performed. This step is required to enable the enhanced security features provided by Oracle Database Vault.
Note:
The listener and database instance should be running on the nodes on which you run DVCA.Use the following syntax to run DVCA:
C:\> ORACLE_HOME\bin\dvca -action optionrac -racnode host_name -oh oracle_home -jdbc_str jdbc_connection_string -sys_passwd sys_password \ [-logfile ./dvca.log] [-silent] [-nodecrypt] [-lockout]
Where:
action
: The action to perform. optionrac
performs the action of updating the instance parameters for the RAC instance and optionally disabling SYSDBA
operating system access for the instance.
racnode
: The host name of the RAC node on which the action is being performed. Do not include the domain name with the host name.
oh
: The Oracle home for the RAC instance.
jdbc_str
: The JDBC connection string used to connect to the database. For example, "jdbc:oracle:oci:@orcl1"
.
sys_password
: The password for the SYS
user.
logfile
: Optionally, specify a log file name and location. You can enter an absolute path or a path that is relative to the location of the $ORACLE_HOME\bin
directory.
silent
: Required if you are not running DVCA in an xterm window.
nodecrypt
: Reads plaintext passwords as passed on the command line.
lockout
: Used to disable SYSDBA
operating system authentication.
Note:
You can reenableSYSDBA
access by re-creating the password file with the nosysdba
flag set to n
(No). The orapwd
utility enables you to do this.Restart Enterprise Manager Database Control by using the following commands:
C:\> ORACLE_HOME\bin\emctl stop dbconsole C:\> ORACLE_HOME\bin\emctl start dbconsole
Note:
Run the above commands on all cluster nodes for a RAC database.Use Oracle Universal Installer (OUI) to remove Oracle software from an Oracle home. The following list summarizes the steps involved:
Log on as a member of the Administrators group.
Shut down all processes running in the Oracle home.
Start Oracle Universal Installer from the Start menu, select Programs, then ORACLE_ HOME_NAME, then Oracle Installation Products, then Oracle Universal Installer. The Welcome screen for Oracle Universal Installer appears.
In the Welcome screen, select Deinstall Products. The Inventory screen appears. This screen lists all the Oracle homes on the system.
Select the Oracle home and the products that you wish to remove. Click Remove.
See Also:
Refer to the Oracle Database Installation Guide for details on removing Oracle softwareNote:
You cannot remove or uninstall the Database Vault option. However, you can disable Oracle Database Vault. Refer to Oracle Database Vault Administrator's Guide for more details.You can also remove the entire Oracle home, as discussed earlier in this section.