Skip Headers

Oracle9i Net Services Administrator's Guide
Release 2 (9.2)

Part Number A96580-02
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Feedback

Go to previous page Go to next page
View PDF

13
Configuring Oracle Connection Manager

This chapter describes how to configure Oracle Connection Manager features.

This chapter contains these topics:

Oracle Connection Manager Configuration Overview

Oracle Connection Manager is a proxy server, an intermediate server that forwards connection requests to the database server or to other proxy servers. It has three primary functions:

Session multiplexing--You can quickly configure Oracle Connection Manager to funnel multiple client sessions through a network connection to a shared server destination.

Access control--You can use rule-based configuration to filter out certain client requests and accept others.

Protocol conversion--Oracle Connection Manager accepts connection requests in any protocol that Oracle supports.

Configuring Oracle Connection Manager

Configuring Oracle Connection Manager is a three-part process:

  1. Configure the cman.ora file on the Oracle Connection Manager computer. This file specifies listening endpoints for the server, the route path for Oracle Connection Manager, access control rules, and Oracle Connection Manager performance parameters.
  2. Configure clients with the protocol addresses of Oracle Connection Manager and the listener.
  3. (Optional) Configure the database server for session multiplexing.

This section contains these topics:

Configuring the Oracle Connection Manager Computer


Note:

Oracle Net Manager does not support configuration of the cman.ora file, so changes must be made manually.


To configure the Oracle Connection Manager computer, you can define four types of parameters in the cman.ora file:

The cman.ora file is located in the $ORACLE_HOME/network/admin directory on UNIX and in the ORACLE_HOME\network\admin directory on Windows NT. Figure 13-1 shows an example cman.ora file.

Figure 13-1 Example cman.ora File

 CMAN=
 (ADDRESS=(PROTOCOL=tcp)(HOST=proxysvr)(PORT=1630))
 (ADDRESS=(PROTOCOL=tcps)(HOST=144.25.22.217)(PORT=2484))
CMAN_ADMIN=
 (ADDRESS=(PROTOCOL=tcp)(HOST=proxysvr)(PORT=1830))
CMAN_RULES=
 (RULE=(SRC=206.62.226.32/27)(DST=sales-server)(SRV=*)(ACT=accept)))
CMAN_PROFILE=
  (PARAMETER_LIST= 
 (LOG_LEVEL=2)
 (TRACING=on))

Listening Endpoint Lists (CMAN and CMAN_ADMIN)

The listening endpoint list specifies protocol addresses for the gateway and administrative processes. The gateway process, CMGW, uses the CMAN parameter and the administrative process, CMADMIN, uses the CMAN_ADMIN parameter.

Both processes can be configured with multiple protocol addresses. In Figure 13-1, the CMGW process has two protocol addresses. The first address shown is the default listening protocol address of TCP/IP, port 1630:

(ADDRESS=(PROTOCOL=tcp)(HOST=proxysvr)(PORT=1630))

The second is the protocol address of Oracle Connection Manager if TCP/IP with Secure Sockets Layer (SSL) is used:

(ADDRESS=(PROTOCOL=tcps)(HOST=144.25.22.217)(PORT=2484))

Access Control Rule List (CMAN_RULES)

The access control rule list specifies which connections are accepted, rejected, or dropped.

(RULE=(SRC=206.62.226.32/27)(DST=sales-server)(SRV=*)(ACT=accept)

In the previous example, src=206.62.226.32/27 designates the IP address of the client, or source. DST=sales-server designates the destination host name. The abbreviation ACT stands for "action"--that is, accept, reject, or drop.


Note:

Enter at least one rule; otherwise the default option "reject" is overridden and all connections are accepted.


Parameter List (CMAN_PROFILE)

The parameter list set attributes for an Oracle Connection Manager.

See Also:

Oracle9i Net Services Reference Guide for a complete list of parameters and their default and allowed values

Configuring Clients for Oracle Connection Manager

To route clients to the database server through Oracle Connection Manager, configure either the tnsnames.ora file or the directory server with a connect descriptor that specifies protocol addresses of Oracle Connection Manager and the listener. Take note of the following:

Task 1: Configure an Oracle Connection Manager Protocol Address

To configure a protocol address for Oracle Connection Manager:

  1. Start Oracle Net Manager.

    See Also:

    "Starting Oracle Net Manager"

  2. In the navigator pane, expand Directory or Local > Service Naming.
  3. Click plus (+) from the toolbar, or choose Edit > Create.

    The Welcome page of the Net Service Name Wizard appears.

  4. Enter any name in the Net Service Name field.
  5. Click Next.

    The Protocol page appears.

  6. Select the protocol on which Oracle Connection Manager is configured to listen on. By default this protocol is TCP/IP.
  7. Click Next.

    The Protocol Settings page appears.

  8. Enter the appropriate parameter information for the selected protocol in the fields provided. If you are using TCP/IP, the default port to use is 1630.

    See Also:

    Oracle9i Net Services Reference Guide for protocol parameter settings

  9. Click Next.

    The Service page appears.

  10. Select a release, and then enter the name of destination database service.

    If the destination service is and Oracle9i or Oracle8i database, select Oracle8i or later, and enter a service name in the Service Name field. If destination service is an Oracle release 8.0 database, select Oracle8 or Previous, and enter an Oracle System Identifier (SID) for an instance in the Database SID field.

    See Also:

    "About Connect Descriptors" for further information about setting the service name string

  11. Click Next.


    Note:

    Do not click Test, because a connection cannot be tested at this point.


  12. Click Finish to save your configuration and dismiss Net Service Name Wizard.

    The new net service name and the Oracle Connection Manager protocol address is added to the Service Naming folder.

Task 2: Configure a Listener Protocol Address

After the Oracle Connection Manager protocol address is specified, create an address for the listener, so that the Oracle Connection Manager can connect to the server.

To configure the protocol address for the listener:

  1. In the Oracle Net Manager, select the net service name that you created in "Task 1: Configure an Oracle Connection Manager Protocol Address".

    Notice that the Oracle Connection Manager protocol address is displayed in the Address 1 tab:

    Text description of cman1.gif follows.

    Text description of the illustration cman1.gif

  2. In the Address Configuration box, click plus (+).

    A new Address tab displays.

  3. Select a protocol configured for the listener, and then enter the appropriate parameter information for that protocol. If you are using TCP/IP, the default port number to use is 1521:

    Text description of cman2.gif follows.

    Text description of the illustration cman2.gif

    See Also:

    Oracle9i Net Services Reference Guide for further information about protocol addresses and parameters

  4. In the Address Configuration box, click Advanced.

    The Address List Options dialog box appears:

    Text description of cman3.gif follows.

    Text description of the illustration cman3.gif

  5. Select Use each address in order until destination reached, and then click OK.

    This option sets SOURCE_ROUTE=on. It tells the client to connect to the first protocol address, the Oracle Connection Manager, and from the first protocol address to the second protocol address, the listener.

  6. Choose File > Save Network Configuration.


    Note:

    If you specify the addresses of two or more Oracle Connection Managers in the connect descriptor, you can manually include parameters for load balancing and connect-time failover. See the Oracle9i Net Services Reference Guide for examples of how to configure multiple listeners for load balancing and failover.


Figure 13-2 shows a comparison of a typical tnsnames.ora file and a tnsnames.ora file with an entry to use Oracle Connection Manager. Oracle Connection Manager entries are shown in boldface text.

Figure 13-2 tnsnames.ora File with and without Oracle Connection Manager

sales=
   (DESCRIPTION=
      (ADDRESS=
         (PROTOCOL=tcp) 
         (HOST=sales-server) 
         (PORT=1521))
      (CONNECT_DATA=
             (SERVICE_NAME=sales.us.acme.com)))

sales=
   (DESCRIPTION=
      (SOURCE_ROUTE=yes) 
      (ADDRESS=
         (PROTOCOL=tcp) 
         (HOST=cman-server)
         (PORT=1630))
      (ADDRESS=
         (PROTOCOL=tcp) 
         (HOST=sales-server) 
         (PORT=1521))
      (CONNECT_DATA=
         (SERVICE_NAME=sales.us.acme.com))) 
tnsnames.ora File Element Description
SOURCE_ROUTE=yes

This entry creates a source route of protocol addresses through an Oracle Connection Manager to the destination database.

(ADDRESS=
   (PROTOCOL=tcp) 
   (HOST=cman-server)
   (PORT=1630))
(ADDRESS=
   (PROTOCOL=tcp) 
   (HOST=sales-server)
   (PORT=1521))

The first protocol address enables the client to connect to Oracle Connection Manager. From here, the Oracle Connection Manager connects to the database service through a second protocol address.

Figure 13-3 depicts a client using TCP/IP to connect to Oracle Connection Manager, and Oracle Connection Manager using TCP/IP with SSL to connect to a database server.

Figure 13-3 tnsnames.ora File Configured for Protocol Conversion Support

sales=
   (DESCRIPTION=
      (SOURCE_ROUTE=yes) 
      (ADDRESS=
            (PROTOCOL=tcp) 
            (HOST=cman-server) 
            (PORT=1521))
      (ADDRESS=
            (PROTOCOL=tcps) 
            (HOST=sales-server) 
            (PORT=1521))
      (CONNECT_DATA=
            (SERVICE_NAME=sales.com)))

Configuring the Oracle Database Server for Oracle Connection Manager

Configuring the database server involves optionally configuring the server for session multiplexing.

To enable Connection Manager to take advantage of session multiplexing, set the DISPATCHERS parameter in the initialization parameter file with the attributes PROTOCOL and MULTIPLEX.

DISPATCHERS="(PROTOCOL=tcp)(MULTIPLEX=on)"
See Also:

Enabling Oracle Connection Manager Features

This section contains these topics:

The first feature is enabled using the parameter DISPATCHERS in the initialization parameter file, the second and third using the parameters RULE_LIST and CMAN parameters in the cman.ora file.

Enabling Session Multiplexing

Once the attributes PROTOCOL and MULTIPLEX have been added to the parameter DISPATCHERS in the initialization parameter file, enabling session multiplexing is simply a matter of ensuring that MULTIPLEX is set to on or to an equivalent value.

See Also:

"Enabling Session Multiplexing"

You can set different levels of multiplexing, as Table 13-1 shows.

Table 13-1  Session Multiplexing Parameters
Attribute Description

PROTOCOL (PRO or PROT)

The network protocol for which the dispatcher generates a listening endpoint.

MULTIPLEX (MUL or MULT)

Used to enable session multiplexing

If 1, on, yes, true, or both is specified, then multiplexing is enabled for both incoming and outgoing network sessions.

If in is specified, then multiplexing is enabled for incoming network sessions from the client.

If out is specified, then multiplexing is enabled for outgoing network sessions.

If 0, no, off, or false is specified, then multiplexing is disabled for both incoming and outgoing network sessions.


Note:

You can configure the DISPATCHERS parameter using the Database Configuration Assistant.


Enabling Access Control

Oracle Connection Manager includes a feature that enables you to control client access to designated database servers in a TCP/IP environment. By specifying certain filtering rules, you can allow or restrict specific clients access to a database server.

To configure access control:

  1. Manually create a cman.ora file, if one does not already exist.
  2. Add the parameter CMAN_RULES with the following subparameters:
         (CMAN_RULES=
           (RULE_LIST=
            (RULE=(SRC=source_host) 
                  (DST=destination_host) 
                  (SRV=service) 
                  (ACT=accept | reject | drop))))
    
    
  3. Add the following parameters for each rule described in Table 13-2 as needed.
    Table 13-2  Per-Rule Parameters
    Parameter Description

    SRC

    Specify the source host name or IP address of the client.

    DST

    Specify the destination host name or IP address of the database server.

    SRV

    Specify the service name of the Oracle9i or Oracle8i database (obtained from the SERVICE_NAME parameter in the initialization parameter file) or SID value of the pre-release 8.1 database (obtained from the ORACLE_SID environment variable or registry value).

    ACT

    Specify to accept, reject, or drop incoming requests based on the preceding three parameters.

    See Also:

    Oracle9i Net Services Reference Guide for default values and allowed values of Oracle Connection Manager parameters

You can define multiple rules in the RULE_LIST. The action (ACT) in the first matched RULE is applied to the connection request. If no rules are defined, all connections are accepted.

In the following example, client computer client1-pc is denied access to the service sales.us.acme.com, but client 144.25.23.45 is granted access to the service db1.

(RULE_LIST=
  (RULE=(SRC=client1-pc)(DST=sales-server)(SRV=sales.us.acme.com)(ACT=reject))
  (RULE=(SRC=144.25.23.45)(DST=144.25.187.200)(SRV=db1)(ACT=accept)))

Enabling Protocol Conversion Support

Oracle Connection Manager provides support for protocol conversion, enabling clients and a database server configured with different network protocols to communicate with each other. An Oracle Connection Manager can listen on any protocol that Oracle supports.

Without this kind of support, a client that uses Named Pipes cannot connect to a database server that uses TCP/IP. If Oracle Connection Manager is configured for TCP/IP, the client can connect to Oracle Connection Manager using Named Pipes, and Oracle Connection Manager can connect to the database server using TCP/IP.

As the following example shows, the cman.ora must be configured with a protocol address for each protocol that the client uses. Sample addresses for three protocols are shown--TCP/IP, Named Pipes, and TCP/IP with SSL.

(CMAN=
  (ADDRESS=(PROTOCOL=tcp)(HOST=proxysvr1)(PORT=1630)))
  (ADDRESS=(PROTOCOL=nmp)(SERVER=proxysvr_pc)(PIPE=cmanpipe)))
  (ADDRESS=(PROTOCOL=tcps)(HOST=144.25.22.217)(PORT=2484)))

By default, Oracle Connection Manager accepts client connection requests at the following default protocol address:

CMAN=(ADDRESS=(PROTOCOL=tcp)(HOST=anyhost)(PORT=1630))

To configure protocol conversion:

  1. Manually create a cman.ora file, if one does not already exist.
  2. Add protocol addresses for each of the protocols that the client uses in the CMAN parameter:
    CMAN=
     (ADDRESS=(protocol_address_information))
     (ADDRESS=(protocol_address_information))
    
See Also:

Oracle9i Net Services Reference Guide for further information about protocol addresses and parameters