Skip Headers
Oracle® Database Vault Installation Guide
10g Release 2 (10.2) for Microsoft Windows (64-Bit) on Intel Itanium

Part Number B32486-02
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
View PDF

2 Installing Oracle Database Vault as an Option

This chapter includes an overview of the major steps required to install Oracle Database Vault into an existing Oracle Database 10g release 2 (10.2.0.3) database. These procedures transform an existing Oracle Database system (including associated applications) into an Oracle Database Vault system. Databases upgraded using the procedures described in this chapter can work almost in the same manner as in earlier releases and, optionally, can leverage new Oracle Database Vault functionality. For a list of changes that Database Vault makes, refer to Appendix D, "Initialization Parameters" and the Oracle Database Vault Administrator's Guide.

Note:

In order to upgrade a pre-10g release 2 Oracle Database to Oracle Database Vault, you first need to upgrade the database to a 10g release 2 (10.2.0.3) database.

See Also:

Oracle Database Upgrade Guide, 10g Release2 (10.2) for information about upgrading your Oracle Database to Oracle Database 10g release 2.

This chapter covers the following topics:

2.1 Preinstallation and Installation Tasks

This section covers the following topics:

2.1.1 Become Familiar with the Features of Oracle Database Vault

Before you plan the upgrade process, become familiar with the features of Oracle Database Vault. The Oracle Database Vault Administrator's Guide discusses the basic features of Oracle Database Vault.

2.1.2 Check the Hardware Requirements

This section describes hardware component and hard disk space requirements.

2.1.2.1 Hardware Component Requirements

Table 2–1 discusses the hardware requirements for Oracle Database Vault:

Table 2-1 Hardware Requirements

Requirement Value

Physical memory (RAM)

1 GB minimum, 4 GB recommended

Virtual memory

Double the amount of RAM

Disk space

Total: 4.77 GB

See Table 2-2 for details.

Video adapter

256 colors

Processor

Intel Itanium 2 or later


2.1.2.2 Hard Disk Space Requirements

This section lists system requirements for Windows platforms that use the NT File System (NTFS) file systems. Oracle recommends installing Oracle components on NTFS.

The NTFS system requirements listed in this section are more accurate than the hard disk values reported by the Oracle Universal Installer Summary window. The Summary window does not include accurate values for disk space, the space required to create a database, or the size of compressed files that are expanded on the hard drive.

The hard disk requirements for Oracle Database components include 32 MB required to install Java Runtime Environment (JRE) and Oracle Universal Installer on the partition where the operating system is installed. If sufficient space is not detected, installation fails and an error message appears.

Table 2-2 Disk Space Requirements for NTFS

Installation Type TEMP Space SYSTEM_DRIVE:\Program Files\Oracle Oracle Home Data Files * Total

Basic Installation

125 MB

100 MB

3.5 GB

1.05 GB

4.77 GB

Advanced Installation: Enterprise Edition

125 MB

100 MB

3.5 GB **

1.05 GB **

4.77 GB **

Advanced Installation: Standard Edition

125 MB

100 MB

3.5 GB **

1.05 GB **

4.77 GB **

Advanced Installation: Personal Edition

125 MB

100 MB

3.5 GB **

1.05 GB **

4.77 GB **


* Refers to the contents of the admin, flash_recovery_area, and oradata directories in the ORACLE_BASE directory.

** This size can be higher depending on the installation options selected, such as languages or additional components. If you choose to install Oracle Database with automated backups enabled, include at least 2 GB extra for data file disk space.

2.1.2.3 Verifying Hardware Requirements

To ensure that the system meets these requirements, follow these steps:

  1. Determine the physical RAM size. For a computer using Windows 2003, for example, double-click System in the Windows Control Panel and click the General tab. If the size of the physical RAM installed in the system is less than the required size, then you must install more memory before continuing.

  2. Determine the size of the configured virtual memory (also known as paging file size). For a computer using Windows 2003, for example, double-click System in the Control Panel, click the Advanced tab, and click Settings in the Performance section. Then click the Advanced tab. The virtual memory is listed in the Virtual Memory section.

    If necessary, see your operating system documentation for information about how to configure additional virtual memory.

  3. Determine the amount of free disk space on the system. For a computer using Windows 2003, for example, double-click My Computer, right-click the drive where the Oracle software is to be installed, and select Properties.

  4. Determine the amount of disk space available in the temp directory. This is equivalent to the total amount of free disk space, minus what will be needed for the Oracle software to be installed.

2.1.3 Check the Software Requirements

Oracle Database Vault is installed in an existing Oracle home. All software requirements that were met while installing Oracle Database 10g release 2 are sufficient for Oracle Database Vault.

See Also:

Oracle Database Installation Guide for Microsoft Windows (64-Bit) on Intel Itanium for detailed information on the software requirements for installing Oracle Database

Table 2-3 lists the software requirements for Oracle Database Vault.

Table 2-3 Software Requirements

Requirement Value

System Architecture

Processor: Intel Itanium 2 or later

Note: Oracle provides 32-bit (x86), 64-bit (Itanium), and 64-bit (x64) versions of Oracle Database for Microsoft Windows. The 64-bit (Itanium) database version, which this installation guide describes, runs on the 64-bit version of Windows on Itanium hardware. For additional information, visit OracleMetaLink at:

http://metalink.oracle.com

Operating System

Oracle Database for 64-bit Windows is supported on the following operating systems:

  • Windows Server 2003 Datacenter Edition for 64-bit Itanium 2 Systems

  • Windows Server 2003 Enterprise Edition for 64-bit Itanium 2 Systems

Windows Multilingual User Interface Pack is supported on Windows 2003.

Windows XP is not supported.

Compiler

The following components are supported with the Windows 2003 Microsoft Platform SDK or later compiler and Intel compiler versions 7.1 and 8.1:

  • Oracle C++ Call Interface

  • Oracle Call Interface

  • External callouts

  • PL/SQL native compilation

  • Pro*C

  • XDK

GNU Compiler Collection (GCC), Object Oriented COBOL (OOCOBOL) specifications, and Pro*COBOL are not supported.

Network Protocol

The Oracle Net foundation layer uses Oracle protocol support to communicate with the following industry-standard network protocols:

  • TCP/IP

  • TCP/IP with SSL

  • Named Pipes

Oracle Database Client

If you plan to connect to Oracle Database 10g release 2 (10.2) from a release of Oracle Database Client that is earlier than 10g release 2 (10.2), you will not be able to do so if the following conditions exist:

  • Oracle Database Client is running on the same computer as Oracle Database 10g release 2 (10.2).

  • Microsoft Windows Terminal Services is not running on the same computer as Oracle Database Client. Typically, Terminal Services is installed and configured with Microsoft Windows 2003.

  • Oracle Database Client is version 9.2.0.6, or 10.1–10.1.0.3.

  • Oracle Database Client is not running as Administrator.

To remedy this problem, upgrade Oracle Database Client by using the latest Oracle Database Family patchset (9.2.0.7, or 10.1.0.4 or later). You can download the patchset from the Patches and Updates section of OracleMetaLink at:

http://metalink.oracle.com

2.1.4 Oracle Database Hardware and Software Certification

The platform-specific hardware and software requirements included in this installation guide were current at the time this guide was published. However, because new platforms and operating system software versions might be certified after this guide is published, review the certification matrix on the OracleMetaLink Web site for the most up-to-date list of certified hardware platforms and operating system versions. This Web site also provides compatible client and database versions, patches, and workaround information for bugs. The OracleMetaLink Web site is available at:

http://metalink.oracle.com/

You must register online before using OracleMetaLink. After logging in, click Certify & Availability from the left-hand column. From the Product Lifecycle page, click the Certifications button. Other Product Lifecycle options include Product Availability, Desupport Notices, and Alerts.

The following sections provide certification information:

2.1.4.1 Windows Telnet Services Support

Note:

Ensure that the Telnet service is started on the Windows Services utility.

2.1.4.2 Windows Terminal Services and Remote Desktop Support

Oracle supports Terminal Services on Windows 2003. Oracle does not support the installation of Oracle components from a remote Terminal Services Client on to a 64-bit Windows server that is running a Terminal Server service. Start all configuration tools from the Terminal Server console (using mstsc/console) and not from the Terminal Services Client.

You can configure Windows 2003 to use Terminal Services in Remote Desktop for Administration Mode or Terminal Server Mode.

See Also:

2.1.4.3 Windows Support

The following components are not supported:

  • GNU Compiler Collection (GCC)

  • Oracle Database Extensions for .NET

  • Oracle Procedural Gateway

  • Oracle Transparent Gateway

  • Business Components for Java (BC4J)

  • DCE and CyberSafe Adapter Support

  • Entrust PKI Support

  • Generic Connectivity

  • Java Server Pages

  • nCipher Accelerator Support

  • Oracle Data Provider for .NET

  • Oracle Enterprise Manager Grid Control CD

    A 64-bit Windows version of Oracle Enterprise Manager Grid Control is not available in this release.

  • Oracle Enterprise Manager Java Console

  • Oracle Messaging Gateway

  • Oracle Migration Workbench

    You can execute Oracle Migration Workbench from a 32-bit Windows environment to migrate third-party databases, as supported by release 9.2.0.2.1 or later, to an Oracle Database 10g Release 2 (10.2) database installed on a 64-bit Windows computer.

  • Oracle Objects for OLE

  • Oracle Workflow Builder

  • Pro*COBOL

  • Oracle Database Extensions for .NET

  • Oracle Enterprise Integration Gateways, which include the following:

    • Oracle Procedural Gateway for APPC

    • Oracle Transparent Gateway for IBM DRDA

  • Oracle Open Gateways, which include the following:

    • Oracle Transparent Gateway for Sybase

    • Oracle Transparent Gateway for Teradata

    • Oracle Transparent Gateway for Microsoft SQL Server

2.1.4.4 Web Browser Support

Microsoft Internet Explorer 6.0 Web browser is supported.

2.1.5 Check the Database Requirements

In order to install Oracle Database Vault, you must be running the Enterprise Edition of Oracle Database 10g release 2 (10.2.0.3). The database should also have Oracle Enterprise Manager Console DB 10.2.0.3.0 installed.

A listener must have been configured for the existing database. Oracle Net Configuration Assistant configures the listener when you first install the database. You can also use Oracle Enterprise Manager to administer listeners.

You must have an existing password file for the database. The password file authentication parameter, REMOTE_LOGIN_PASSWORDFILE must have been set to EXCLUSIVE or SHARED.

You can set the REMOTE_LOGIN_PASSWORDFILE parameter in the init.ora file. Use the orapwd utility to create and manage password files.

See Also:

Oracle Database Administrator's Guide for more information on creating and maintaining a password file

The following topics discuss applying the 10.2.0.3 patch set and installing the required components:

2.1.5.1 Install Oracle Enterprise Manager Console DB

Before installing Oracle Database Vault, you should ensure that Oracle Enterprise Manager Console DB 10.2.0.3.0 is installed. Oracle Enterprise Manager Console DB is installed using the Oracle Universal Installer (OUI). The following steps summarize installing Oracle Enterprise Manager Console DB:

  1. Run Oracle Universal Installer (OUI) and perform a custom installation to install Oracle Enterprise Manager Console DB 10.2.0.1.0. Add Oracle Enterprise Manager Console DB from the list of available product components.

  2. Apply the Oracle Database release 10.2.0.3 patch set.

Note:

You can configure the database to use Enterprise Manager Database Control by using Database Configuration Assistant (DBCA). However, configuring Enterprise Manager Database Control is not a prerequisite for installing Oracle Database Vault.

2.1.5.2 Apply Oracle Database Release 10.2.0.3 Patch Set

To install Oracle Database Vault, you need to upgrade the database to Oracle Database release 10.2.0.3. Oracle strongly recommends that you back up your database before performing any upgrade or installation.

See Also:

Oracle Database Backup and Recovery User's Guide for information on database backups

This section covers the following topics:

Patch Set Overview

The patch set is not a complete software distribution. You must install it in an existing Oracle Database 10g release 2 (10.2.0.1 or 10.2.0.2) installation. You can apply the Oracle Database release 10.2.0.3 patch set to the following Oracle Database 10g release 2 installations:

  • Oracle Database

  • Oracle Real Application Clusters

  • Oracle Database Client

  • Oracle Database Companion CD

  • Oracle Clusterware

Oracle Universal Installer Version Requirements

This patch set includes Oracle Universal Installer release 10.2.0.3, which is also installed when you install this patch set. This is to ensure that your Oracle home can be patched in the future. You should not use the Installer from the earlier maintenance release media or Oracle home.

Patch Set Documentation

There are two documents related to this release of the Oracle Database patch set:

  • Oracle Database Patch Set Notes, 10g Release 2 (10.2.0.3) Patch Set 2 for Microsoft Windows (64-Bit) on Intel Itanium

  • Oracle Database List of Bugs Fixed, 10g Release 2 (10.2.0.3) Patch Set

Both of these documents are included with the patch set. In addition, they are available on the OracleMetalink Web site:

http://metalink.oracle.com

2.1.6 Prepare a Backup Strategy

Oracle strongly recommends that you back up your database before performing any upgrade or installation. The ultimate success of your upgrade depends heavily on the design and execution of an appropriate backup strategy. To develop a backup strategy, consider the following questions:

  • How long can the production database remain inoperable before business consequences become intolerable?

  • What backup strategy should be used to meet your availability requirements?

  • Are backups archived in a safe, offsite location?

  • How quickly can backups be restored (including backups in offsite storage)?

  • Have recovery procedures been tested successfully?

Your backup strategy should answer all of these questions and include procedures for successfully backing up and recovering your database.

See Also:

Oracle Database Backup and Recovery User's Guide for information on database backups

2.1.7 Verify That Oracle Clusterware Is Running (RAC Only)

Oracle Clusterware should be running for the Database Vault installer to find the existing Real Application Clusters (RAC) databases. If you have stopped Oracle Clusterware, then you should restart it before running Oracle Universal Installer. Use the following command to start Oracle Clusterware:

C:\> CRS_HOME\bin\crsctl start crs

Note:

  • You need to run the crsctl start crs command on all nodes of the cluster.

  • The crsctl start crs command also starts the database. You will need to shut down the database before running Oracle Universal Installer.

2.1.8 Stop Existing Oracle Processes

Stop all processes running in the Oracle home. You must complete this task to enable Oracle Universal Installer to relink certain executables and libraries. For RAC databases, you need to stop the processes on all nodes.

Stop the processes in the following order:

  1. Stop the Enterprise Manager Database Control Process

  2. Stop the iSQL*Plus Process

  3. Shut Down All Database Instances

  4. Stop Existing Listeners

  5. Stop Oracle Services

2.1.8.1 Stop the Enterprise Manager Database Control Process

Stop the Enterprise Manager Database Control process, if it is running. Use the following command:

C:\> ORACLE_HOME\bin\emctl stop dbconsole

2.1.8.2 Stop the iSQL*Plus Process

Stop the iSQL*Plus process, using the following command:

C:\> ORACLE_HOME\bin\isqlplusctl stop

2.1.8.3 Shut Down All Database Instances

Shut down all database instances running from the Oracle home directory into which Oracle Database Vault is to be installed.

sqlplus SYS "AS SYSOPER"
Enter password:
SQL> shutdown immediate

2.1.8.4 Stop Existing Listeners

Oracle Universal Installer configures and starts a default Oracle Net listener using TCP/IP port 1521. However, if an existing Oracle Net listener process is using the same port or key value, then Oracle Universal Installer can only configure the new listener, it cannot start it. To ensure that the new listener process starts during the installation, you must shut down any existing listeners before starting Oracle Universal Installer.

Use the following command to stop the listener process:

C:\> ORACLE_HOME\bin\lsnrctl stop listenername

2.1.8.5 Stop Oracle Services

Use the following steps to stop Oracle Database services from the Control Panel:

  1. Access your Windows Services dialog.

    See Also:

    Your operating system documentation for instructions
  2. Select OracleHOME_NAMETNSListener. Click Stop to stop this service. You need to perform this step only if you haven't shut down the listener process using the lsnrctl command.

  3. Select OracleServiceSID and click Stop.

Note:

If you are installing Database Vault for Oracle Real Application Clusters (RAC), then you need to shut down all Oracle processes on all cluster nodes. See Appendix A, "How to Stop Processes in an Existing Oracle Real Application Clusters Database" for more details.

2.1.9 Run Oracle Universal Installer to Install

You can use the graphical user interface (GUI) provided by Oracle Universal Installer to install Oracle Database. The following steps discuss installing Database Vault using Oracle Universal Installer:

  1. Log on as a member of the Administrators group.

    If you are installing on a Primary Domain Controller (PDC) or a Backup Domain Controller (BDC), log on as a member of the Domain Administrators group.

  2. Insert Oracle Database Vault installation media and navigate to the database directory. Alternatively, navigate to the directory where you downloaded or copied the installation files.

    Use the same installation media to install Oracle Database Vault on all supported Windows platforms.

  3. Double-click setup.exe to start Oracle Universal Installer.

  4. In the Specify Installation Details screen, you need to specify the path to the Oracle home that contains the existing Oracle Database. The Destination Path box lists the Oracle home paths of all Oracle Database release 2 (10.2.0.3) Enterprise Edition databases registered with the system.

    Select the Oracle home corresponding to the database into which you want to install Oracle Database Vault.

    Note:

    • If an Oracle home does not have an Enterprise Edition of Oracle Database release 10.2.0.3 installed, then it is not displayed. You must ensure that the Oracle home has an Enterprise Edition of Oracle Database release 10.2.0.3 installed.

    • If an Oracle home does not have Oracle Enterprise Manager Console DB 10.2.0.3.0 installed, then it is not displayed. You must ensure that the Oracle home has Oracle Enterprise Manager Console DB 10.2.0.3.0 installed.

    • If an Oracle home contains an Automatic Storage Management (ASM) instance, then it is not displayed. You cannot install Oracle Database Vault into an Oracle home that also contains an ASM instance.

    • If an Oracle home already contains Oracle Database Vault, then it is not displayed. You cannot install Oracle Database Vault into an Oracle home more than once.

    • Oracle Clusterware should be running for the Database Vault installer to find the existing Real Application Clusters (RAC) databases. Ensure that Oracle Clusterware is running before installing Oracle Database Vault. You can use the crsctl command to start Oracle Clusterware.

  5. Enter a user name for the Database Vault Owner account in the Database Vault Owner field. The user name can be a minimum of 2 and maximum of 30 characters long.

  6. Enter a password for the Database Vault Owner account in the Database Vault Owner Password field. The password can be a minimum of 8 and a maximum of 30 characters. The password must include at least one alphabet, one digit, and one nonalphanumeric character (symbol). It cannot be the same as the account names for either the Database Vault owner or the Database Vault account manager. It cannot contain any consecutive repeating characters.

  7. Reenter the password in the Confirm Password field.

  8. Select Create a Separate Account Manager if you want to create a separate Account Manager to manage Oracle Database Vault accounts.

  9. In the Database Vault Account Manager field, enter a user name for the Database Vault Account Manager if you have chosen to select the Create a Separate Account Manager check box. The user name can be a minimum of 2 and a maximum of 30 characters.

  10. Enter a password for the Database Vault Account Manager account in the Account Manager Password field. The password can be a minimum of 8 and a maximum of 30 characters. The password must include at least one alphabet, one digit, and one nonalphanumeric character (symbol). It cannot be the same as the account names for either the Database Vault owner or the Database Vault account manager. It cannot contain any consecutive repeating characters.

  11. Reenter the password in the Confirm Password field. Click Next.

  12. The Select Existing Database screen is displayed. A list of all databases running from the selected Oracle home is displayed. Select the database into which you wish to install Oracle Database Vault.

    Note:

    • If the selected Oracle home contains more than one database, then Operating System (OS) authentication is turned off for all the databases in the Oracle home.

    • Oracle recommends that you install Oracle Database Vault into an Oracle home containing only a single database.

    • If a database is not listed, then check to make sure that you have followed the instructions under "Check the Database Requirements".

  13. Enter the existing SYS user password for the selected database in the Existing Database SYS Password field.

  14. Reenter the SYS password in the Confirm Password field. Click Next.

    Note:

    At this point, the database requirements are validated.
  15. You are prompted to shut down all Oracle processes running from the Oracle home before proceeding. Shut down the Oracle processes, if you have not already done so.

    See Also:

    "Stop Existing Oracle Processes" for more information on stopping existing Oracle processes
  16. Product-specific prerequisite checks are performed. Confirm that all tests have passed. Click Next to continue.

  17. The Summary screen is displayed with the installation details. Verify the details and click Install.

  18. The Installation screen is displayed. After the installation completes, the Database Vault Configuration Assistant (DVCA) is run automatically. DVCA helps configure the Database Vault installation.

2.2 Installing a Loopback Adapter

When you install a loopback adapter, the loopback adapter assigns a local IP address for your computer. After you install a loopback adapter on your computer, you have at least two network adapters on your computer: your own network adapter and the loopback adapter. Oracle Database needs to have Windows using the loopback adapter as the primary adapter.

The primary adapter is determined by the order in which you installed the adapters: it is the last adapter installed. If you install additional network adapters after you install the loopback adapter, you need to deinstall the loopback adapter and reinstall it.

A loopback adapter is required if:

This section covers the following topics:

2.2.1 Checking if a Loopback Adapter Is Installed on Your Computer

To check if a loopback adapter is installed on your computer, run the ipconfig /all command:

SYSTEM_DRIVE:\> ipconfig /all

If there is a loopback adapter installed, you would see a section that lists the values for the loopback adapter. For example:

Ethernet adapter Local Area Connection 2:
  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Microsoft Loopback Adapter
  Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50
  DHCP Enabled. . . . . . . . . . . : Yes
  Autoconfiguration Enabled . . . . : Yes
  Autoconfiguration IP Address. . . : 169.254.25.129
  Subnet Mask . . . . . . . . . . . : 255.255.0.0

2.2.2 Installing a Loopback Adapter on Windows 2000

Windows 2000 reports on the last network adapter installed. This means that if you install additional network adapters after you install the loopback adapter, you need to remove and reinstall the loopback adapter. The loopback adapter must be the last network adapter installed on the computer.

To install a loopback adapter on Windows 2000:

  1. From the Start menu, select Settings, then Control Panel.

  2. Double-click Add/Remove Hardware to start the Add/Remove Hardware wizard.

  3. In the Welcome window, click Next.

  4. In the Choose a Hardware Task window, select Add/Troubleshoot a device, and click Next.

  5. In the Choose a Hardware Device window, select Add a new device, and click Next.

  6. In the Find New Hardware window, select No, I want to select the hardware from a list, and click Next.

  7. In the Hardware Type window, select Network adapters, and click Next.

  8. In the Select Network Adapter window, do the following:

    1. Manufacturers: Select Microsoft.

    2. Network Adapter: Select Microsoft Loopback Adapter.

    3. Click Next.

  9. In the Start Hardware Installation window, click Next.

  10. In the Completing the Add/Remove Hardware Wizard window, click Finish.

  11. Right-click My Network Places on the desktop and select Properties. This displays the Network and Dial-up Connections control panel.

  12. Right-click the connection that was just created. This is usually "Local Area Connection 2". Select Properties.

  13. On the General tab, select Internet Protocol (TCP/IP), and click Properties.

  14. In the Properties dialog box, click Use the following IP address and do the following:

    1. IP Address: Enter a non-routable IP address for the loopback adapter. Oracle recommends the following non-routable addresses:

      • 192.168.x.x (x is any value between 0 and 255)

      • 10.10.10.10

    2. Subnet mask: Enter 255.255.255.0.

    3. Record the values you entered, which you will need later in this procedure.

    4. Leave all other fields empty.

    5. Click OK.

  15. Close the Network Connections window.

  16. Restart the computer.

  17. Add a line to the SYSTEM_DRIVE:\WINNT\system32\drivers\etc\hosts file with the following format, right after the localhost line:

    IP_address   hostname.domainname   hostname
    
    

    where:

    • IP_address is the non-routable IP address you entered in step 14.

    • hostname is the name of the computer.

    • domainname is the name of the domain.

    For example:

    10.10.10.10   mycomputer.mydomain.com   mycomputer
    
    
  18. Check the network configuration:

    1. Open System in the Control Panel, and select the Network Identification tab.

      In Full computer name, make sure you see the host name and the domain name, for example, sales.us.mycompany.com.

    2. Click Properties.

      In Computer name, you should see the host name, and in Full computer name, you should see the host name and domain name. Using the previous example, the host name would be sales and the domain would be us.mycompany.com.

    3. Click More. In Primary DNS suffix of this computer, the domain name, for example, us.mycompany.com, should appear.

    4. Exit the System Control Panel.

2.2.3 Installing a Loopback Adapter on Windows 2003 or Windows XP

To install a loopback adapter on Windows 2003 or Windows XP:

  1. Open the Windows Control Panel.

  2. Double-click Add Hardware to start the Add Hardware wizard.

  3. In the Welcome window, click Next.

  4. In the Is the hardware connected? window, select Yes, I have already connected the hardware, and click Next.

  5. In the The following hardware is already installed on your computer window, in the list of installed hardware, select Add a new hardware device, and click Next.

  6. In the The wizard can help you install other hardware window, select Install the hardware that I manually select from a list, and click Next.

  7. From the list of hardware types, select the type of hardware you are installing window, select Network adapters, and click Next.

  8. In the Select Network Adapter window, make the following selections:

    • Manufacturer: Select Microsoft.

    • Network Adapter: Select Microsoft Loopback Adapter.

  9. Click Next.

  10. In the The wizard is ready to install your hardware window, click Next.

  11. In the Completing the Add Hardware Wizard window, click Finish.

  12. If you are using Windows 2003, restart your computer.

  13. Right-click My Network Places on the desktop and choose Properties. This displays the Network Connections Control Panel.

  14. Right-click the connection that was just created. This is usually named "Local Area Connection 2". Choose Properties.

  15. On the General tab, select Internet Protocol (TCP/IP), and click Properties.

  16. In the Properties dialog box, click Use the following IP address and do the following:

    1. IP Address: Enter a non-routable IP for the loopback adapter. Oracle recommends the following non-routable addresses:

      • 192.168.x.x (x is any value between 0 and 255)

      • 10.10.10.10

    2. Subnet mask: Enter 255.255.255.0.

    3. Record the values you entered, which you will need later in this procedure.

    4. Leave all other fields empty.

    5. Click OK.

  17. Click OK.

  18. Close Network Connections.

  19. Restart the computer.

  20. Add a line to the SYSTEM_DRIVE:\WINDOWS\system32\drivers\etc\hosts file with the following format, after the localhost line:

    IP_address   hostname.domainname   hostname
    
    

    where:

    • IP_address is the non-routable IP address you entered in step 16.

    • hostname is the name of the computer.

    • domainname is the name of the domain.

    For example:

    10.10.10.10   mycomputer.mydomain.com   mycomputer
    
    
  21. Check the network configuration:

    1. Open System in the Control Panel, and select the Computer Name tab. In Full computer name, make sure you see the host name and the domain name, for example, sales.us.mycompany.com.

    2. Click Change. In Computer name, you should see the hostname, and in Full computer name, you should see the host name and domain name. Using the previous example, the host name would be sales and the domain would be us.mycompany.com.

    3. Click More. In Primary DNS suffix of this computer, you should see the domain name, for example, us.mycompany.com.

2.2.4 Removing a Loopback Adapter

To remove a loopback adapter:

  1. Display System in the Windows Control Panel.

  2. In the Hardware tab, click Device Manager.

  3. In the Device Manager window, expand Network adapters. You should see Microsoft Loopback Adapter.

  4. Right-click Microsoft Loopback Adapter and select Uninstall.

  5. Click OK.

2.3 Postinstallation Tasks

This section lists the tasks to perform after you have completed an upgrade of your database. The following topics are discussed:

2.3.1 Back Up the Database

Make sure you perform a full backup of the production database. See Oracle Database Backup and Recovery User's Guide for details on backing up a database.

2.3.2 Change Passwords for Oracle-Supplied Accounts

Oracle strongly recommends that you change the password for each account after installation. This enables you to effectively implement the strong security provided by Oracle Database Vault.

Note:

If you are creating a database using Database Configuration Assistant, you can unlock accounts after the database is created by clicking Password Management before you exit from Database Configuration Assistant.

2.3.2.1 Using SQL*Plus to Unlock Accounts and Reset Passwords

To unlock and reset user account passwords using SQL*Plus:

  1. Start SQL*Plus and log in using the Database Vault Account Manager account. If you did not create the Database Vault Account Manager account during installation, then you will need to log in using the Database Vault Owner account.

  2. Enter a command similar to the following, where account is the user account that you want to unlock and password is the new password:

    SQL> ALTER USER account [ IDENTIFIED BY password ] ACCOUNT UNLOCK;
    
    

    In this example:

    • The ACCOUNT UNLOCK clause unlocks the account.

    • The IDENTIFED BY password clause resets the password.

    Note:

    If you unlock an account but do not reset the password, then the password remains expired. The first time someone connects as that user, they must change the user's password.

    To permit unauthenticated access to your data through HTTP, unlock the ANONYMOUS user account.

2.3.3 Enable or Disable Connections with the SYSDBA Privilege

In a default Database Vault installation, the operating system authentication to the database is disabled. In addition, connections to the database using the SYSDBA privilege (that is, those that use the AS SYSDBA clause) are disabled. This is a security feature and is implemented to prevent misuse of the SYSDBA privilege.

If a password file has been created using the orapwd utility with the nosysdba flag set to y (Yes) (the default action of a Database Vault installation), users will not be able to log in to an Oracle Database Vault instance using the SYS account or any account with SYSDBA privilege using the AS SYSDBA clause. You can reenable the ability to connect with the SYSDBA privilege by re-creating the password file with the nosysdba flag set to n (No). You might need to reenable the ability to connect with SYSDBA privileges, if certain products or utilities require it's use.

When you re-create the password file, any accounts other than SYS that were granted the SYSDBA or SYSOPER privileges will have those privileges removed. You will need to regrant the privileges for these accounts after you have re-created the password file.

Use the following syntax to run orapwd:

C:\> ORACLE_HOME\bin\orapwd file=filename password=password [entries=users] force=y/n nosysdba=y/n

Where:

  • file: Name of password file (mandatory)

  • password: Password for SYS (mandatory). Enter at least six alphanumeric characters.

  • entries: Maximum number of distinct DBA users

  • force: Whether to overwrite the existing file (optional). Enter y (for yes) or n (for no)

  • nosysdba: Whether to enable or disable the SYS logon (optional for Oracle Database Vault only). Enter y (for yes) or n (for no)

    The default is no, so if you omit this flag, the password file will be created enabling SYSDBA access for Oracle Database Vault instances.

For example:

C:\> oracle\product\10.2.0\db_1\bin\orapwd file=C:\oracle\product\10.2.0\db_1\dbs\orapwORCL password=5hjk99 force=y nosysdba=n

Note:

Do not insert spaces around the equal (=) character.

See Also:

Oracle Database Administrator's Guide for more information on using the orapwd utility.

2.3.4 Start the Listener and Database on Other Nodes (RAC Only)

You need to start the listener and database on all RAC nodes other than the one on which the installation is performed. Use the following commands to start the listener and the database:

Note:

You need to enable SYSDBA connections on all nodes before running these commands. See "Enable or Disable Connections with the SYSDBA Privilege" for more information on enabling SYSDBA connections.
C:\> ORACLE_HOME\bin\lsnrctl start LISTENER_nodename
C:\> ORACLE_HOME\bin\srvctl start instance -d sid -i instance_name -c "SYS/password AS SYSDBA"

Note:

You must use the Server Control (srvctl) utility to start and stop Oracle Database Vault RAC instances. Do not use SQL*Plus to start and stop RAC instances. You need to enable SYSDBA connections before you can use the srvctl command.

2.3.5 Run DVCA to Set Instance Parameters and Lock Out SYSDBA Sessions (RAC Only)

After installing Database Vault for a Real Application Clusters (RAC) instance, you need to run Database Vault Configuration Assistant (DVCA) with the -action optionrac switch on all other RAC nodes. This sets instance parameters and disables SYSDBA operating system authentication.

Note:

  • Before running DVCA on a remote node, you need to set the correct value for the ORACLE_SID variable in the ORACLE_HOME\bin\dvca.bat file on the remote node. The ORACLE_SID variable needs to be changed from the local node Oracle System Identifier (SID) to the remote node Oracle System Identifier (SID) on the remote node.

  • Before running DVCA on a remote node, you need to correct the following Windows registry entry on the remote node:

    HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE\KEY_ORACLE_HOME_NAME\ORA_instance_name_PWFILE
    
    

    The instance_name in the remote node registry should be the database instance name for the remote node, and not the database instance name for the local node.

    The value for this key should be the complete path to the password file on the remote node. For example:

    C:\ORACLE\PRODUCT\10.2.0\DB_1\dbs\orapwORCL2
    

You need to run this command on all RAC nodes other than the node on which the Database Vault installation is performed. This step is required to enable the enhanced security features provided by Oracle Database Vault.

Note:

The listener and database instance should be running on the nodes on which you run DVCA.

Use the following syntax to run DVCA:

C:\> ORACLE_HOME\bin\dvca -action optionrac -racnode host_name -oh oracle_home -jdbc_str jdbc_connection_string -sys_passwd sys_password \
[-logfile ./dvca.log] [-silent] [-nodecrypt] [-lockout]

Where:

  • action: The action to perform. optionrac performs the action of updating the instance parameters for the RAC instance and optionally disabling SYSDBA operating system access for the instance.

  • racnode: The host name of the RAC node on which the action is being performed. Do not include the domain name with the host name.

  • oh: The Oracle home for the RAC instance.

  • jdbc_str: The JDBC connection string used to connect to the database. For example, "jdbc:oracle:oci:@orcl1".

  • sys_password: The password for the SYS user.

  • logfile: Optionally, specify a log file name and location. You can enter an absolute path or a path that is relative to the location of the $ORACLE_HOME\bin directory.

  • silent: Required if you are not running DVCA in an xterm window.

  • nodecrypt: Reads plaintext passwords as passed on the command line.

  • lockout: Used to disable SYSDBA operating system authentication.

Note:

You can reenable SYSDBA access by re-creating the password file with the nosysdba flag set to n (No). The orapwd utility enables you to do this.

2.3.6 Restart Enterprise Manager Database Control

Restart Enterprise Manager Database Control by using the following commands:

C:\> ORACLE_HOME\bin\emctl stop dbconsole
C:\> ORACLE_HOME\bin\emctl start dbconsole

Note:

Run the above commands on all cluster nodes for a RAC database.

2.4 Removing Oracle Software

Use Oracle Universal Installer (OUI) to remove Oracle software from an Oracle home. The following list summarizes the steps involved:

  1. Log on as a member of the Administrators group.

  2. Shut down all processes running in the Oracle home.

  3. Start Oracle Universal Installer from the Start menu, select Programs, then ORACLE_ HOME_NAME, then Oracle Installation Products, then Oracle Universal Installer. The Welcome screen for Oracle Universal Installer appears.

  4. In the Welcome screen, select Deinstall Products. The Inventory screen appears. This screen lists all the Oracle homes on the system.

  5. Select the Oracle home and the products that you wish to remove. Click Remove.

See Also:

Refer to the Oracle Database Installation Guide for details on removing Oracle software

Note:

You cannot remove or uninstall the Database Vault option. However, you can disable Oracle Database Vault. Refer to Oracle Database Vault Administrator's Guide for more details.

You can also remove the entire Oracle home, as discussed earlier in this section.