sunhux
asked on
Suggestions to secure connections to Oracle ASR (ie externally)
https://docs.oracle.com/cd/E37710_01/install.41/e18475/ch3_asr_assets.htm#ASRUD138
Above is the link explaining & below are the background
I'm looking for ways to best secure the connections from our Solaris servers/assets to Oracle
& attached are the firewall rules Oracle requests to permit.
Q1:
Does Oracle ASR offers tunneling or site to site VPN to them for this service?
Q2:
For outgoing connections, we plan to make our Solaris servers go out via a proxy to
Oracle : is this going to make it more secure or the practice with other customers?
Q3:
I suppose for incoming connections, people don't normally make them go thru
proxy. Is there any way to secure this or it's just via firewall NAT?
Q4:
Should we dedicate a specific NIC / LAN port on the Sun servers (say Backup LAN's
port) for this purpose or it doesn't matter?
Q5:
is there any way to capture detailed connection logs or traffic logs with Oracle for this setup?
Any other ways to secure this?
Background
==========
We want to setup and configure the Oracle Auto Service Request [ ASR ] for SUN server hardware . We seek your approval to implement it and open the required port to talk to outside world (Oracle).
Auto Service Request is a feature that automates the Support Services process by using fault event telemetry from your qualified Oracle hardware products to initiate a service request. The software infrastructure detects faults at your site and forwards the telemetry data to systems at Oracle for analysis and service request generation. This software-only solution enables you to self-provision and configure the software to enable ASR on your ASR-capable products. Auto Service Request is included with Oracle Premier Support for Systems and Hardware Warranty contracts.
All of the systems that compose the Auto Service Request infrastructure have been built to provide confidentiality, integrity and availability of data. The Auto Service Request security strategy has been designed with multiple layers of encryption, authorization, access controls and data security, to ensure that organizational data is protected. There are several ASR implementations for various Oracle products. Attached white paper refers specifically to the ASR Manager software which implements ASR for Oracle servers and engineered systems.
I have planned to do the POC with the few development machines first in development environment. ASR-Manger setup in ABCbank environment will listen for the fault alerts from the internal Oracle Solaris servers and send an alert to Oracle to log the Case with them immediately. It will help us to shorten the case logging time and improve the vendor response/resolution time. There will be only one way communication (from ABCbank ASR-manger to Oracle ASR Infrastructure ) in this process and very limited data will be send to them .
attached is the list of ports need to be opened for this one-way communication between ABCbank ASR-Manager and Oracle ASR backend Infrastructure .
OrASR_Fwports.docx
Above is the link explaining & below are the background
I'm looking for ways to best secure the connections from our Solaris servers/assets to Oracle
& attached are the firewall rules Oracle requests to permit.
Q1:
Does Oracle ASR offers tunneling or site to site VPN to them for this service?
Q2:
For outgoing connections, we plan to make our Solaris servers go out via a proxy to
Oracle : is this going to make it more secure or the practice with other customers?
Q3:
I suppose for incoming connections, people don't normally make them go thru
proxy. Is there any way to secure this or it's just via firewall NAT?
Q4:
Should we dedicate a specific NIC / LAN port on the Sun servers (say Backup LAN's
port) for this purpose or it doesn't matter?
Q5:
is there any way to capture detailed connection logs or traffic logs with Oracle for this setup?
Any other ways to secure this?
Background
==========
We want to setup and configure the Oracle Auto Service Request [ ASR ] for SUN server hardware . We seek your approval to implement it and open the required port to talk to outside world (Oracle).
Auto Service Request is a feature that automates the Support Services process by using fault event telemetry from your qualified Oracle hardware products to initiate a service request. The software infrastructure detects faults at your site and forwards the telemetry data to systems at Oracle for analysis and service request generation. This software-only solution enables you to self-provision and configure the software to enable ASR on your ASR-capable products. Auto Service Request is included with Oracle Premier Support for Systems and Hardware Warranty contracts.
All of the systems that compose the Auto Service Request infrastructure have been built to provide confidentiality, integrity and availability of data. The Auto Service Request security strategy has been designed with multiple layers of encryption, authorization, access controls and data security, to ensure that organizational data is protected. There are several ASR implementations for various Oracle products. Attached white paper refers specifically to the ASR Manager software which implements ASR for Oracle servers and engineered systems.
I have planned to do the POC with the few development machines first in development environment. ASR-Manger setup in ABCbank environment will listen for the fault alerts from the internal Oracle Solaris servers and send an alert to Oracle to log the Case with them immediately. It will help us to shorten the case logging time and improve the vendor response/resolution time. There will be only one way communication (from ABCbank ASR-manger to Oracle ASR Infrastructure ) in this process and very limited data will be send to them .
attached is the list of ports need to be opened for this one-way communication between ABCbank ASR-Manager and Oracle ASR backend Infrastructure .
OrASR_Fwports.docx
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Network Management
Network Management involves issues that are independent of specific hardware or software, including email policies, upgrade planning, backup scheduling and working with managed service providers for Desktop-As-A-Service (DaaS), Software-As-A-Service (SaaS) and the like through the use of tools, coupled with manufacturer standards, best practice guidelines, policies and procedures plus all other relevant documentation. Network management also includes monitoring, alerting and reporting, management reporting, planning for device or service updates, the backup of configurations, the setting of key performance indicators and measures (KPIs/KPMs), associated service level agreements and problem records as part of the IT Service Management (ITSM) framework.
14K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
ASKER
Should we dedicate a specific NIC / LAN port on the Sun servers (say Backup LAN's
port) for this purpose or it doesn't matter?
Not for the purpose of routing but if the dedicated NIC can be firewalled (eg: Linux has iptables),
then we can further guard it. Not too sure if Solaris 11 has equivalent of iptables