Oracle® Database Platform Guide 10g Release 2 (10.2) for Microsoft Windows (x64) Part Number B15688-01 |
|
|
View PDF |
This chapter describes configuration tasks you can perform to increase security and other configuration tasks you must perform before using Oracle interMedia and other Oracle options. Where appropriate, the chapter provides references to other guides for those configuration tasks.
This chapter contains these topics:
Configuring External Job Support for the Scheduler on Windows
Configuring Advanced Replication on Windows
Note: Directory path examples in this chapter follow Optimal Flexible Architecture (OFA) guidelines. If you specified non-OFA compliant directories during installation, then your directory paths will differ. See Appendix B, "Optimal Flexible Architecture", in Oracle Database Installation Guide for Microsoft Windows (x64) for more information. |
By default, all installations of Windows XP Service Pack 2 and higher enable the Windows Firewall to block virtually all TCP network ports to incoming connections. This is also true for Windows Server 2003 Service Pack 1 and higher. As a result, any Oracle products that listen for incoming connections on a TCP port will not receive any of those connection requests, and the clients making those connections will report errors.
Depending upon which Oracle products are installed and how they are used, some postinstallation configuration of the Windows Firewall might be required for the products to be functional on these operating systems.
This section contains these topics:
Table 4-1 lists the Oracle Database 10g Release 1 (10.1) or later executables that listen on TCP ports on Windows. If they are in use and accepting connections from a remote client computer, then Oracle recommends that you add them to the Windows Firewall exceptions list to ensure correct operation. Except as noted, they can be found in ORACLE_HOME
\bin
.
The RMI registry application and daemon executable listed in Table 4-1 are used by Oracle Ultra Search to launch a remote crawler. They must be added to the Windows Firewall exception list if you are using the Ultra Search remote crawler feature, and if the remote crawler is running on a computer with the Windows Firewall enabled.
Note: If multiple Oracle homes are in use, then several firewall exceptions may be needed for the same executable: one for each home from which that executable loads. |
See Also: Oracle Database Oracle Clusterware and Oracle Real Application Clusters Installation Guide for Microsoft Windows for more information on RAC executables requiring Windows Firewall exceptions |
Table 4-1 Oracle Executables Requiring Windows Firewall Exceptions
File Name | Executable Name |
---|---|
|
Oracle Database |
|
Oracle TNS Listener |
|
Oracle Database Control |
|
Java Virtual Machine |
|
Apache Web Server |
|
Oracle Process Manager |
|
RMI registry application |
|
RMI daemon executable |
|
Data Guard Manager |
|
Oracle Services for Microsoft Transaction Server |
|
Oracle Transparent Gateway for SYBASE |
|
Oracle Transparent Gateway for Teradata |
|
Oracle Transparent Gateway for MS-SQL Server |
|
Oracle Transparent Gateway for DRDA |
|
Oracle Procedural Gateway for APPC |
|
Oracle Procedural Gateway for APPC |
|
Oracle Procedural Gateway for Websphere MQ |
|
Oracle Procedural Gateway for Websphere MQ |
|
Generic Connectivity |
|
External Procedures |
|
Oracle Internet Directory LDAP Server |
Postinstallation configuration for the Windows Firewall must be undertaken if all of the following conditions are met:
Oracle server-side components are installed.
These components include the Oracle Database, network listeners, and any Web servers or services.
The computer services connections from other computers over a network.
If no other computers connect to the computer with the Oracle software, then no postinstallation configuration steps are required and the Oracle software will function as expected.
The Windows Firewall is enabled.
If the Windows Firewall is not enabled, then no postinstallation configuration steps are required.
You can configure Windows Firewall by opening specific static TCP ports in the firewall or by creating exceptions for specific executables so that they are able to receive connection requests on any ports they choose. To configure the firewall, choose Control Panel > Windows Firewall > Exceptions or enter netsh firewall add...
at the command line.
Alternatively, Windows will inform you if a foreground application is attempting to listen on a port, and it will ask you if you wish to create an exception for that executable. If you choose to do so, then the effect is the same as creating an exception for the executable either in the Control Panel or from the command line.
If you cannot establish certain connections even after granting exceptions to the executables listed in Table 4-1, then follow these steps to troubleshoot the installation:
Examine Oracle configuration files (such as *.conf
files), the Oracle key in the Windows registry, and network configuration files in ORACLE_HOME
\network\admin
.
Pay particular attention to any executable listed in ORACLE_HOME
\network\admin\listener.ora
in a PROGRAM=
clause. Each of these must be granted an exception in the Windows Firewall, because a connection can be made through the TNS Listener to that executable.
Examine Oracle trace files, log files, and other sources of diagnostic information for details on failed connection attempts. Log and trace files on the database client computer may contain useful error codes or troubleshooting information for failed connection attempts. The Windows Firewall log file on the server may contain useful information as well.
If the preceding troubleshooting steps do not resolve a specific configuration issue on Windows XP Service Pack 2, then provide the output from command netsh firewall show state verbose=enable
to Oracle Support for diagnosis and problem resolution.
See Also:
|
Oracle Database installs with a number of default accounts. Database Configuration Assistant locks and expires most default database accounts upon successful installation. Oracle recommends changing all user passwords immediately after installation.
See Also: Oracle Database Administrator's Guide for more information on default database accounts and passwords |
Oracle recommends that you configure Oracle Database files, directories, and registry settings to allow only authorized database administrators (DBAs) to have full control. If you created a database using Database Configuration Assistant, then no further action is required.
This section describes the permissions automatically set by Oracle Universal Installer and Database Configuration Assistant and the steps to set these permissions manually.
This section contains these topics:
Setting Windows Registry Security
See Also: Your operating system documentation for more information about modifying NTFS file system and Windows registry settings |
Beginning with Oracle9i release 2 (9.2), Oracle Universal Installer and Database Configuration Assistant set file permissions when Oracle Database software is installed.
This section contains these topics:
During Oracle Database installation, by default Oracle Universal Installer installs software in ORACLE_BASE
\
ORACLE_HOME
. Oracle Universal Installer sets the following permissions to this directory, and all files and directories under this directory:
Administrators
- Full Control
System
- Full Control
Authenticated Users
- Read, Execute and List Contents
Important: If these accounts already exist and possess more restrictive permissions, then the most restrictive permissions are retained. If accounts other thanAdministrators , System , and Authenticated Users already exist, then the permissions for these accounts are removed. |
During database configuration, Database Configuration Assistant installs files and directories in the following default locations, where database_name
is the database name or SID:
ORACLE_BASE
\admin\
database_name
(administration file directories)
ORACLE_BASE
\oradata\
database_name
(database file directories)
ORACLE_BASE
\oradata\
database_name
(redo log files and control files)
ORACLE_BASE
\
ORACLE_HOME
\database
(SPFILE
SID
.ORA
)
Database Configuration Assistant sets the following permissions to these directories, and all files and directories under these directories:
Administrators
- Full Control
System
- Full Control
Important: If these accounts already exist and possess more restrictive permissions, then the most restrictive permissions are retained. If accounts other thanAdministrators and System already exist, then the permissions for these accounts are removed. |
To ensure that only authorized users have full file system permissions:
Go to Windows Explorer.
Set the following permissions for each directory or file:
Directory | Group and Permissions |
---|---|
ORACLE_BASE \ ORACLE_HOME |
|
ORACLE_BASE \admin\ database_name |
|
ORACLE_BASE \oradata\ database_name |
|
ORACLE_BASE \ ORACLE_HOME \database\spfile SID .ora |
|
Note: Oracle Database uses the Windows LocalSystem built-in security account. Therefore, file permissions must be granted to theSystem account of the local computer running Oracle Database. |
See Also: Your operating system online help for more information about how to modify NTFS file system and registry settings |
Oracle recommends that you remove write permissions from users who are not Oracle Database DBAs or system administrators in HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE
of the Windows registry.
To remove write permissions:
Open the registry.
Go to HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE
.
Select Permissions from the Security main menu.
The Registry Key Permissions dialog appears.
Remove write permissions from any users who are not Oracle Database DBAs or system administrators. Note that the SYSTEM
account must have Full Control, since this is the account with which Oracle Database runs.
Ensure that user accounts that must run Oracle applications have read privileges.
Choose OK.
This release includes a new database scheduler to provide enterprise scheduling functionality. External jobs performed by the user are started using the OracleJobScheduler
service. This service is disabled by default. In order to use the external jobs functionality, the administrator must set the username and password for the user account under which this service must run and enable the service.
Restricting execution of external jobs to a low-privileged user prevents unauthorized database users from gaining operating system level privileges, but it also places restrictions on the kinds of jobs that can be run. Jobs requiring a higher level of operating system privileges cannot be run by this mechanism.
Performance related components of Oracle interMedia are now packaged on the Companion CD. Although interMedia functions properly without the Companion CD, the following components must be installed from the Companion CD in order to achieve acceptable performance of image processing:
JAccelerator (NCOMP)
Oracle interMedia Image Accelerator
Oracle interMedia includes the following components.
Client
Oracle interMedia Client provides an Oracle Database interMedia Audio, Image, and Video Java interface that lets you use local (client-side) applications to manipulate or modify multimedia data stored in a network-accessible (server-side) database. To use the Java library, set environment variable CLASSPATH
so that it contains the Oracle interMedia library.
Client also provides a simple interMedia Image sample (SimpImg.exe
) that was developed using Microsoft Visual C++. SimpImg.exe
locates and updates images, using interMedia Image in Oracle Database.
Audio
Oracle interMedia Audio manages audio data in multiple file formats in Oracle Database. Types of audio data supported include conversations, songs, and other sounds in popular audio file formats. This makes it possible to integrate audio data with other application-specific object-relational data.
Video
Oracle interMedia Video manages video data in multiple video file formats. This makes it possible to integrate video data with other application-specific object-relational data.
Image
Oracle interMedia Image provides image storage, retrieval, and format conversion capabilities through an object data type (ODT). It also supports image storage, using Binary Large Objects (BLOBs), and references to image data residing in external files (BFILEs).
The Image component of Oracle interMedia also comes with a sample demonstration that shows how an image is extracted from Oracle Database.
Locator
Oracle interMedia Locator enables Oracle Database to support online internet-based geocoding facilities for locator applications and proximity queries.
If you upgrade from an earlier Oracle release to the current release, Oracle interMedia will be upgraded automatically if it is detected. If for some reason you want to upgrade interMedia manually, follow this procedure:
Upgrade the database.
Start SQL*Plus:
C:\> sqlplus /NOLOG
Connect to Oracle Database with account SYSDBA
:
SQL> CONNECT / AS SYSDBA
Run script imdbma.sql
:
SQL> @ORACLE_BASE\ORACLE_HOME\ord\im\admin\imdbma.sql
If the script displays NOT_INSTALLED
, then no prior release of Oracle interMedia was installed on your computer. You must install rather than upgrade Oracle interMedia.
If the script displays INSTALLED
, then the current Oracle interMedia release is already installed on your computer.
If the script displays u0
nnnnn
0.sql
, then Oracle interMedia release nnnnn is currently installed. For example, u0800060.sql
means that Oracle Image Cartridge release 8.0.6.0.0 is currently installed.
Upgrade Oracle interMedia common files:
SQL> @ORACLE_BASE\ORACLE_HOME\ord\admin\u0nnnnn0.sql
Upgrade Oracle interMedia:
SQL> @ORACLE_BASE\ORACLE_HOME\ord\im\admin\u0nnnnn0.sql
Verify the upgrade:
SQL> CONNECT / AS ORDSYS
SQL> @ORACLE_BASE\ORACLE_HOME\ord\im\admin\imchk.sql
If you install Enterprise Edition, then Database Configuration Assistant starts automatically at the end of installation. If you choose any Database Configuration Assistant installation type other than Customized, then interMedia does not require manual configuration. All tasks described in this section are performed automatically.
If you select Customized installation, then Database Configuration Assistant will guide you through configuration of Oracle interMedia.
If you are creating and configuring a database manually, then you can configure Oracle interMedia Audio, Video, Image, and Locator as follows:
Start SQL*Plus:
C:\> sqlplus /NOLOG
Connect to Oracle Database with account SYSDBA
:
SQL> CONNECT / AS SYSDBA
Start the database (if necessary):
SQL> STARTUP
Run script ordinst.sql
:
SQL> @ORACLE_BASE\ORACLE_HOME\ord\admin\ordinst.sql
Run script iminst.sql
:
SQL> @ORACLE_BASE\ORACLE_HOME\ord\im\admin\iminst.sql
Exit SQL*Plus:
SQL> EXIT
Note: If you manually copy your Oracle8ilistener.ora and tnsnames.ora files into your Oracle Database network directory, then you must modify network configuration files tnsnames.ora and listener.ora on your server to enable external routine calls to work and interMedia to function properly. Follow the procedure in Oracle Database Net Services Administrator's Guide. |
To configure Oracle interMedia Audio, Video, and Image demos, follow instructions in readme.txt
files at locations shown in Table 4-2.
Table 4-2 interMedia Demo Instructions
Demo | File Location |
---|---|
Audio |
|
Video |
|
Image |
|
Note: Thesereadme.txt files contain UNIX line breaks. If you simply double-click them, they will open in Notepad by default, and Notepad does not recognize UNIX line breaks. Use write.exe or edit.com instead. |
Directory \img\demo
also contains demo_ordimg.mk
, the makefile to make interMedia Image demos for a Microsoft C compiler. But before you can build and run the demonstration, you must first modify it to adapt it to your environment.
To configure Oracle interMedia Locator demonstrations, go to the following directory:
ORACLE_BASE\ORACLE_HOME\md\demo\geocoder
Sample data that can be loaded into Oracle Database is in nh_cs.sql
. Examples that show use of Locator functionality are in geohttp.sql
and geolocate.sql
. Examples of data indexes created by using Locator are in geoindex.sql
.
Oracle Text enables text queries through SQL and PL/SQL from most Oracle interfaces. By installing Oracle Text with an Oracle Database server, client tools such as SQL*Plus and Pro*C/C++ are able to retrieve and manipulate text in Oracle Database.
Oracle Text manages textual data in concert with traditional data types in Oracle Database. When text is inserted, updated, or deleted, Oracle Text automatically manages the change.
Your Oracle Text postinstallation tasks depend on your situation.
If you install Oracle Text from the CD-ROM and have a previous release of Oracle Text (formerly called interMedia Text) already installed, then see Oracle Text Application Developer's Guide.
If you upgrade your database, then you may be required to configure Oracle Net for external procedures. Otherwise, Oracle Text may not work. In any case other than upgrade, Oracle Net will be configured correctly by default to work with Oracle Text. See Oracle Text Application Developer's Guide and Oracle Text Reference.
If you are indexing formatted documents such as Microsoft Word, then you must set your environment to use the Inso filter before you can index your documentation set. For more information on setting up your environment for Inso filtering, see Oracle Text Reference.
Note: The Inso filter is not supported on Windows XP 64-bit Edition Version 2003 or Windows Server 2003 Datacenter Edition for 64-bit Itanium 2 Systems. |
Finally, if you install Oracle Text from the CD-ROM and do not have a previous release of Oracle Text installed, then Oracle Database is already configured for use with Oracle Text if one of the following is true:
You created the database by using Database Configuration Assistant in standalone mode, and selected Typical database creation type.
The database is a starter database that you created by performing the following sequence of steps:
Select Oracle Database in the Available Products window.
Select Enterprise Edition, Standard Edition, or Personal Edition in the Installation Types window.
Select General Purpose in the Database Configuration window.
See Also: For more information about creating a starter database |
If none of these is true, then you must configure Oracle Database for use with Oracle Text by doing one of the following:
Configuring Oracle Text Using Database Configuration Assistant
To use Database Configuration Assistant to configure Oracle Database for use with Oracle Text at the time you create the database, simply select Oracle Text as the option to configure when prompted.
To configure the database at a later time:
Start Database Configuration Assistant.
Choose Start > Programs > Oracle - HOME_NAME > Configuration and Migration Tools > Database Configuration Assistant.
Select Configure database options in a database.
Select the database to modify when prompted.
Select Oracle Text as the option to configure when prompted.
Configuring Oracle Text Using Command-Line Tools
Manually configuring Oracle Database for use with Oracle Text consists of creating a tablespace for Oracle Text data dictionary tables and then creating username ctxsys
and Oracle Text data dictionary tables.
Start SQL*Plus:
C:\> sqlplus /NOLOG
Connect to Oracle Database with account SYSDBA
:
SQL: CONNECT / AS SYSDBA
Create a tablespace for Oracle Text data dictionary tables:
SQL> CREATE TABLESPACE tablespace_name DATAFILE 'ORACLE_BASE\oradata\db_name\drsys01.dbf' SIZE 80m;
Connect AS
SYSDBA
:
SQL> CONNECT USERNAME/PASSWORD AS SYSDBA
Run script dr0csys.sql
to create username ctxsys
:
SQL> @ORACLE_BASE\ORACLE_HOME\ctx\admin\dr0csys.sql password default_tablespace_name temporary_tablespace_name;
where:
password
is the password that you intend to use for username ctxsys
.
default_tablespace_name
is the default tablespace for Oracle Text data dictionary tables. Set the default tablespace to the value of tablespace_name
in step 3.
temporary_tablespace_name
is the temporary tablespace for Oracle Text data dictionary tables. Set the temporary tablespace to the value of tablespace_name
in step 3.
Connect as ctxsys
:
SQL> CONNECT ctxsys/password
Run script dr0inst.sql
to create and populate Oracle Text data dictionary tables:
SQL> @ORACLE_BASE\ORACLE_HOME\bin\dr0inst.sql;
Run the language-specific default script, where xx
is the language code (for example, us
):
SQL> @ORACLE_BASE\ORACLE_HOME\ctx\admin\defaults\drdefxx.sql;
Exit SQL*Plus:
SQL> EXIT
Oracle Spatial makes storage, retrieval, and manipulation of spatial data easier and more intuitive to users.
One example of spatial data is a road map. A road map is a two-dimensional object that contains points, lines, and polygons representing cities, roads, and political boundaries such as states. A road map represents geographic information. Locations of cities, roads, and political boundaries are projected onto a two-dimensional display or piece of paper, preserving relative positions and relative distances of objects.
If you install Oracle Spatial through Enterprise Edition, then no manual configuration is required. All Oracle Spatial configuration tasks are performed automatically.
If you install both Oracle Spatial and Oracle Database together through Enterprise Edition or Standard Edition Custom installation, then Database Configuration Assistant starts automatically at the end of installation. If you choose Custom installation and select Create new database, then the assistant asks if Oracle Spatial is to be configured automatically.
If you install Oracle Spatial during a separate installation from Enterprise Edition, then you must either start Database Configuration Assistant and select Configure database options in a database or configure Oracle Spatial manually.
To configure Oracle Spatial manually:
Start SQL*Plus at the command prompt:
C:\> sqlplus /NOLOG
Connect to Oracle Database with account SYSDBA
:
SQL> CONNECT / AS SYSDBA
Start the database (if necessary):
SQL> STARTUP
Run script ordinst.sql
:
SQL> @ORACLE_BASE\ORACLE_HOME\ord\admin\ordinst.sql
Connect to the database as user SYSTEM:
SQL> CONNECT SYSTEM/password
Run script mdinst.sql
:
SQL> @ORACLE_BASE\ORACLE_HOME\md\admin\mdinst.sql
Exit SQL*Plus:
SQL> EXIT
Note: Scriptmdinst.sql has a variable %MD_SYS_PASSWORD% that Oracle Universal Installer will instantiate at installation time. Therefore, if you have changed the mdsys user's password, then be sure during a manual installation to remember also to update script mdinst.sql with that password. |
Oracle Database installs replication packages and procedures automatically rather than as a separate manual process. There are many configuration and usage possibilities with Advanced Replication.
This section describes how to manually configure Advanced Replication in Oracle Database. Follow the instructions only if you add Advanced Replication to an installation of Oracle Database that was not previously configured with this feature.
See Also: Oracle Database Advanced Replication for more information about Advanced Replication and for definitions of master sites and materialized view sites |
Configuring Advanced Replication consists of the following steps:
Recommended tablespace and rollback segment requirements for Advanced Replication are shown in Table 4-3.
Table 4-3 Advanced Replication Tablespace/Rollback Segment Requirements
Tablespace/Rollback Segment | Minimum Free Space |
---|---|
SYSTEMFoot 1 |
20 MB |
UNDO TABLESPACE |
10 MB |
RBS |
5 MB |
TEMP |
10 MB |
USERS |
No specific requirement |
If you use Advanced Replication, then certain parameter values must be added to the initialization parameter file, and others must be set to recommended values. Parameter names and values for the master site and materialized view sites are shown in Table 4-4.
Table 4-4 Advanced Replication Initialization Parameters
Parameter Name | Recommended Value | Site |
---|---|---|
|
50 MB |
master |
|
300 seconds |
master |
|
TRUE |
master |
|
4 |
master |
|
Add 9 to current value |
master |
|
master |
|
|
2 |
materialized view |
If you use Advanced Replication and intend to set up a large number of replicated objects, then you are required to monitor the following data dictionary tables with the SQL SELECT
command:
ARGUMENT$
IDL_CHAR$
IDL_UB1$
IDL_UB2$
IDL_SB4$
I_ARGUMENT1
I_SOURCE1I$
SOURCE$
TRIGGER
If necessary, increase storage parameters to accommodate storage requirements of large numbers of replicated objects.