Lesson 10
Configuration Manager Conclusion
This module examined the features of the Configuration Manager and outlined its uses and options. To review:
- CMAN is an alternative to a Oracle Net listener with several additional enhancements.
- Just like a Oracle Net listener, CMAN supports connection pooling and multiple protocol support.
- CMAN introduces a new feature called Network Access Control that enables CMAN to filter incoming requests based upon the source server, and accept or reject connections based upon the origin of the request.
- CMAN is controlled with the CMCTL utility command.
- CMAN parameters are stored in the cman.ora initialization file.
- CMAN consists of two processes: the CMAN gateway (CMGW) and the CMAN administrator (CMADM).
The next module discusses how you can use Oracle Net8 logging and tracing to troubleshoot Net8 connectivity problems.
About cman.ora File
You configure the computer that hosts Oracle Connection Manager by setting parameters in the cman.ora file.
The cman.ora file resides on the computer that hosts Oracle Connection Manager, and is located in the ORACLE_HOME/network/admin directory.
Oracle Connection Manager will not start if the cman.ora file does not exist.
This file includes the following components:
- Listening endpoint
- Access control rule list
- Parameter list
Each Oracle Connection Manager configuration is encapsulated within a single name-value (NV) string, which consists of the preceding components.
One computer can host any number of Oracle Connection Managers, each with its own entry in the cman.ora file.
When defining more than one Oracle Connection Manager in the file, you can assign a default by giving only one a fully qualified host name.
You can specify multiple rules for both client and Oracle Connection Manager Control utility (CMCTL) connections.
The following guidelines apply when making changes:
- You must enter at least one rule for client connections and one rule for CMCTL connections. Omitting a rule results in the rejection of all connections for the rule type omitted.
- Oracle Connection Manager does not support wildcards for partial IP addresses. If ou use a wildcard, then use it in place of a full IP address. The IP address of the client may be, for example, (SRV=*).
- Oracle Connection Manager supports only the /nn notation for subnet addresses. In Example 6-10, in the first rule,
/27 represents a subnet mask that comprises 27 left-most bits.
Only the first 27 bits in the client's IP address are compared with the IP address in the rule.
Oracle Connection Manager supports IPv6 addressing
Example 6-10 shows a cman.ora file that contains a configuration entry for an Oracle Connection Manager called CMAN1.
CMAN1=
(CONFIGURATION=
(ADDRESS=(PROTOCOL=tcp)(HOST=proxysvr)(PORT=1521))
(RULE_LIST=
(RULE=(SRC=192.0.2.32/24)(DST=sales-server)(SRV=*)(ACT=accept)
(ACTION_LIST=(AUT=on)(MCT=120)(MIT=30)))
(RULE=(SRC=192.0.2.32)(DST=proxysvr)(SRV=cmon)(ACT=accept)))
(PARAMETER_LIST=
(MAX_GATEWAY_PROCESSES=8)
(MIN_GATEWAY_PROCESSSES=3)))
Example 6-10 shows the following rules:
- In the first rule in the example, the following parameters are set:
SRC=192.0.2.32/24 is for client connections. It designates the IP address of the client, or source
DST=sales-server designates the destination host name. The ACT parameter specifies the action, that is, accept, reject, or drop.
The ACTION_LIST parameter sets attributes for a connection if it is accepted, enabling you to
- In the second rule, the following parameters are set:
SRC=192.0.2.32 and DST=proxysvr represent the same server, indicating that Oracle Connection Manager and CMCTL must reside on the same computer.
Configuring Connection Manager - Quiz