[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 355
  • Last Modified:

Ports&Traffic _Orcle_Admin_Dev

Can someone tell me what are the traffic and port requirements you would need if you have to connect externally to another company network to adminster and develop on their 11g database using TOAD or SQL DEVELOPER, SQL navigator SQL*plus, or OEM, etc.

Let us say they give you VPN client and access to connect to their network. Do you need them to open the firewall for TCP/IP on port 1521, HTTP (80 and 443), UDP, SSH (port 22), etc.
0
sam15
Asked:
sam15
  • 7
  • 6
2 Solutions
 
slightwv (䄆 Netminder) Commented:
If you are vpn'd then you should be good to go.

At a high level oracle requests a connection on the listener port, 1521 is default but should be changed in production.

It then opens a random high port from 1021 to 65536 (give or take 1). Hands off the connection and uses the new port for the entire connection.

There are a couple of ways around that range but it is defined at the database level and I would not suggest them just for port reduction.
0
 
sam15Author Commented:
do you mean you do not ask them for any ports if you have VPN? Do not you need a full tunnel VPN too.

so all oracle needs is port 1521 and TCP/IP traffic.

no need for UDP, RDP, SSH, etc.
0
 
slightwv (䄆 Netminder) Commented:
>>so all oracle needs is port 1521 a

This is the default for the listener only.  You then need all the high ports for the connection.

>>Do not you need a full tunnel VPN too.

I'm not a network guy.  I know for me, when I connect from home, it is like I am setting at my desk so I don't need anything special to get to my databases.

Maybe that is handled by the network staff.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
sam15Author Commented:
so you do remote DB administration using your VPN client?
I am sure they must have setting something for your IP or machine.

What is the kind of traffic oracle uses? is it Oracle*Net over tcp/ip.

DO i also need to request all oprts 1021 to 65536  open. we always connect using 1521. Never asked for these otehr ports.
0
 
slightwv (䄆 Netminder) Commented:
I only vpn from home during off hours.

It should be all tcp/ip.  Can't think of any udp.

I cannot say what ports to request.  I can only say how Oracle does connections between the client and server.

How the vpn is setup and what you need depends on your config.

If you are a dba and administer databases, are you not familiar with how Oracle networking works?
0
 
sam15Author Commented:
i amore of a developer moving into the dba field. But i beleive connections are the same.
It uses SQL*NET or ORacle*net but that protocol is running over tcp/ip.

Since 11g has browser based OEM cant you do it via HTTP or is the database only accessible from internal for HTTP.
0
 
slightwv (䄆 Netminder) Commented:
You probably don't want to expose Grid Control/dbConsole outside an internal network for the obvious security reasons.

I mentioned before that I believe all Oracle communications are done over tcp/ip.

Best case, RDP into a machine that can connect to 'OEM' through a browser.

If you can be set up through the VPN to RDP into a local machine you should be good to go.

Granted RDP is probably the least secure of all options, it sure beats opening ip all those ports.  My opinion but I'm not a network/security guru.
0
 
sam15Author Commented:
Remote desktop over VPN is very slow. Not sure if it is our network or that is normal.
I sometimes run outlook or MS Office using RDP on my machine at awork and have to wait a long time for it to run,
0
 
slightwv (䄆 Netminder) Commented:
You need a pretty fast network to use remote desktop.

You can try to access the web based Grid Control/dbConsole from the VPN connection.

Basically you need to decide what access you need and from where.  Then determine what changes need to be made.

sqlplus from your remote machine requires more changes than accessing a website on a database server.  

Do you need a command line access to the database server?
Do you need the ability to reboot the database server?
etc...


Once you define all that you weigh the need against the security holes it might open up then a compromise is reached.
0
 
sam15Author Commented:
yes, i need command line access to db server.
to reboot, i dont think you can do that unless you are in front of machine. that is not a remote functionality at all.
0
 
slightwv (䄆 Netminder) Commented:
>>to reboot, i dont think you can do that unless you are in front of machine

Sure you can reboot remotely.  The problem comes when it doesn't restart properly and you need to access the console.

I reboot servers in the data center from my desk all the time.  I wait a while and if they do not respond then I need to go check on them.

Besides, if you think a reboot cannot be done remotely and you need to reboot, then this whole question is mute:  You would not be able to do remote administration.
0
 
sam15Author Commented:
I meant pressing the ON/oFF switch.

You must be rebooting using a command prompt or windows/restart.

your statement is als ofor windows server.  I am nto sure if you can do the same for solaris or linux server.
0
 
slightwv (䄆 Netminder) Commented:
>>I meant pressing the ON/oFF switch.

This refers to a cold-boot as opposed to a warm-boot.  Typically the generic term 'reboot' refers to a warm-boot not hitting the power button.

>>your statement is als ofor windows server.

Which statement?

>>  I am nto sure if you can do the same for solaris or linux server.

Any server.  I have warm-booted all OS' from a remote connection.
0
 
QlemoC++ DeveloperCommented:
You are mixing up things here, as you have different requirements.

For Oracle, you only need the listener port open (1521/tcp by default). Oracle 10g and up do not give out a different tcp destination port when connecting anymore, so that is sufficient. For the default config of Oracle 9i and prior, which is to provide a unique destination port, the firewall needs to be SQL*Net-aware to extract the necessary info.

For Linux admin, you need probably SSH, for Windows RDP, to get remote control. But that is in no way related to Oracle. And of course you are not able to cold-boot that way.

0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 7
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now