 |
The Largest Online Resource for Oracle Articles, Oracle Tips, Oracle Scripts & Oracle Tools!!
|
|
Author: Jeremy Oracle listener listens for users connecting to the database. It is a small yet important part of Oracle RAC configuration. Most database administrators set listeners by default which may result in wrong configuration. In this article I will give some efficient tips that will help you ensure optimal and secure configuration for your Oracle listener. Oracle Listener Password:By default the Oracle listener comes with no password. However the listener settings can be changed with the lsnrctl. At minimum you should always set password for your listener. $ lsnrctl Admin Restrictions: Make sure you set the ADMIN_RESTRICTIONS for your listener. TNS_ADMIN Directory: The TNS_ADMIN directory should be secured to make your listener secure. Operating system Authentication: Oracle 10g supports operating system authentication for the listener. The listener checks to make sure that you are part of the privileged DBA group and grant you access to change the password, save configuration, stop the listener, etc. Latest Patches:Always install the latest patchset available for your platform. Install the latest Critical Patch Update or any additional required patches. Database Configuration Assistant (DBCA): Do not rely on Database Configuration Assistant (DBCA) to configure the listener when you manually create the LISTENER.ORA file or use NETCA. Always configure the listener explicitly in such cases. It is recommended to run the listener on a non-default port. Automatic Storage Management (ASM) Home: The listener should be configured from ASM home if and only if there is more than one DB home on the machine. Install one copy of Oracle DB software for ASM and another copy for the database itself when you using ASM with Oracle 10g. If there is more than one database home not including ASM then you should run the listener from ASM since the listener is treated as a node-level. The ASM home must be 10.1 and the listener should run from there if you have a 10.1 database and a 10.2 database on the same server. On the other hand if you have only one database home then you can run the listener from there. This will make your listener-related patches go into the database home rather than the ASM home. VIP Addresses:O nly VIP addresses should be used to access databases in a RAC system . The listener listens on all public IP addresses by default. The public non-VIP address should not be used by oracle clients. The listener should be configured to attach to the VIP addresses only as the clients should connect to that IP. You will need to manually edit the LISTENER.ORA file for this purpose if you used NETCA to configure the listener. Comment out the line with the public IP address. [oracle@iss-365-rac01 ~]$ cd $ORACLE_HOME/network/admin [oracle@iss-365-rac01 admin]$ head listener.ora # listener.ora.iss-365-rac01 Network Configuration File: /u01/app/oracle/product/10.2.0/db/network/admin/listener.ora.iss-365-rac01 # Generated by Oracle configuration tools. LISTENER_ISS-365-RAC01 = (DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1)) (ADDRESS = (PROTOCOL = TCP)(HOST = iss-365-rac01-vip)(PORT = 1521)(IP = FIRST)) # (ADDRESS = (PROTOCOL = TCP)(HOST = iss-365-rac01)(PORT = 1521)(IP = FIRST)) ) Oracle 10.2 clusterware contains a default dependency between the VIP and the listener. It will always make sure that the VIP is available before starting the listener. [root@iss-365-rac01 ~]# crs_stat -p ora.iss-365-rac01.LISTENER_ISS-365-RAC01.lsnr|grep REQ REQUIRED_RESOURCES=ora.iss-365-rac01.vip Final Thoughts: To conclude I would say that these basic yet effective guidelines can save lots of your headache by keeping the right people connecting properly and the wrong people out of the way. Read Again!!
More Oracle Articles, Database Articles and DBA Tips 
|
|||
The name Oracle is a trademark of Oracle Corporation. Any other names used on this website may be trademarks of their respective owners