Oracle Data Security Solution Series ----- Database Vault Installation

Now on the security of the hot topic is what we will find, SOX, Basel II, HIPAA, J-SOX, GLB, privacy laws these important laws that involve reform in accounting occupation supervision, corporate governance, and securities market supervision have gradually become the key considerations of various companies and enterprises, these regulations impose strict requirements on Data Security Management. Oracle Database Vault is a security product born from this application.

Database Vault is an Oracle Enterprise Edition option. Similar to the familiar rac, it helps users effectively control who, when, and what data and applications are accessed, improve businessSecurity. As a powerful active protection tool, Database Vault helps enterprises cope with the challenges currently most stringent regulations by strengthening separation of duties (or even Database administrators, eliminate potential security risks from within the enterprise; prevent unauthorized DBAs from modifying the database structure and access to sensitive data, and use various access control functions, build a dynamic and flexible security system.

After introducing so many Database Vault functions, we should transfer them to practical applications. Since it is a product, let's start with how to install it.

Currently, Database Vault only provides four Database versions for installation, namely 10.2.0.3, 10.2.0.4, and 9.2.0.8. In addition, the 11g Database comes with this product and does not need to be installed separately. This means that if you want to use database vault, you must upgrade the current database to these four versions. Currently, there are many oracle10g databases, so the following installation will take 10.2.0.3 as an example to describe how to install database vault on the linux platform.

OS: Oracle Enterprise Linux 4.0

Database: Oracle EE 10.2.0.3

1. There are some installation requirements for installing database vault. I have installed several platforms and found that these requirements are met if the Oracle database has been installed. No additional check is required.

2. set the corresponding environment variables for the installation user. You must use the same user as the installation database, basically the same as the environment variables for the original installation database. However, there is a small tips, it is better not to set the NLS_LANG environment variable to allow installationSoftwareCheck it by yourself. Otherwise, problems may occur in database vault usage.

3. Check the password file of the Oracle database. If the file does not exist, create one.

4. database control is required for database vault management. If no configuration is available, configure database control first. Check the current database control status on the emctl status dbconsole, if no configuration is available, use the emca command to manually configure it.

5. Check whether oratab is configured in unix or linux environments, similar to the following lines:

Orcl:/ora10g/app/oracle/product/10.2.0/db_2: N

6. check tnsnames. check whether the service name named after the instance is configured in the ora file. If not, use netca to create the service. Because the database vault configuration is required, if not, the dvca Configuration tool fails.

7. Check whether the listener. ora file exists and check whether the listener is normal.

8. check is complete. OK, then we start to stop the database, stop listening, and make sure there is no oracle process. Back up the oracle software directory and directly tar the entire $ ORACLE_BASE directory, this step is very important. Be sure to do it !!!! Don't blame me for the consequences of not doing anything. The installation of database vault cannot be uninstalled. If the installation fails, you must delete the oracle software and use the backup software to restore it and reinstall it !!!!!

9. Then you can start to install oracle database vault. There is a patch to be installed on the aix platform, which is provided in the installation package. Note that this issue is not found on other platforms. Run runInstall to start the graphic installation interface. Enter the following information as prompted:

 

Please note that you can click Product versions to add Simplified Chinese.

Click next to continue the installation and enter the sys user password.

The system prompts you to shut down all processes running on the oracle database before continuing,

>

Check the system requirements. If no error occurs during the check, continue. If an error occurs, adjust it according to the error prompt and try again until it passes.

After check is installed, if all requirements are met, click Next to continue the installation,
Check whether there is a problem in the Summary information. If there is no problem, click the Inastall button to start installation.

After the installation is complete, enter the automatic configuration phase

The URL of the Enterprise Manager Datebase Control is displayed, indicating that the configuration is complete. Click Exit to complete the installation.

Management Interface address of database vault: http: // DB: 5500/dva

If the database vault is installed in the rac environment, run the following command on other nodes to complete database vault Configuration:

$ Dvca-action optionrac-racnode node_name-oh ORACLE_HOME-jdbc_str jdbc: oracle: oci: @ service_name-sys_passwd oracle-ages {en, zh_CN}-silent-nodecrypt

 

If the database requires the SYSDBA permission to log on to the database, create a new password file.

$ Cd/ora10g/app/oracle/product/10.2.0/db_1/dbs
$ Rm orapwcdld1
$ Orapwd file = orapwcdld1 password = oracle nosysdba = n force = y

Now the database vault is installed and ready for use. In the next chapter, I will introduce the modules in the database vault and how to use them.