Hello World,
Sorry I took so long in posting this summary, I got kinda distracted on
more prioritized projects. );^]
-------------------------------------------
My follow-up questions:
I just came to realize that allowing SQL*Net proxy is a considerable risk,
even if on a private WAN. (Telecomm-line hijackers could issue queries and
updates on my central database server, for instance.) So I came up with 2
solutions:
1] Install "SKIP for PCs" on the remote Win95 clients running the
Developer 2000 for secure, authenticated and authorized SQLNet
transmission. It will of course be screened by Solstice FW-1 3.0 or the
Sunscreen EFS sitting on the main LAN.
2] Install an authenticating SQLNet proxy application that can do S/Key,
or other methods. (Install this on the firewall? Or on the DB server?)
I guess this option would be cheaper, right? (But should I trust the
custom developer of the SQL*Net proxy? (Hehehe !))
Which is better of the above? Anmy similar experiences?
3] Considering:
estimated Ultra-1 firewall/router latency = 1 to 5 ms
WAN bandwidth (via modem) = max. of 38.8 kbps shared for every 3 PCs
download sizes = 80kb image files every 30 min. on every remote PC
Do you think I need less bandwidth-sharing among PCs when I consider the
overhead of all the security features of my private WAN? Like, is my
bandwidth enough for a moderate user response on the remote LANs?
To simply illustrate:
[Oracle DB server] <--> [firewall/router] <--> {dial-up lines} <--+
|
[3x PCs with SKIP running Developer 2000] <--> [router] <--+
-------------------------------------------
My original post was:
> Has anybody tried accessing an Oracle database over private TCP/IP WAN
> links ?
> Specifically, using connections via Developer 2000 clients on
> remote PCs going through Firewall-1 before the main Oracle database
> on the central facility?
>
> Would anybody care to kindly share any experiences? Any pitfalls to
> avoid? Would allowing only the SQL*Net protocol thru the firewall be
> enough to get the job done? Or do we have to have telnet thru also ?
> (Sorry, I'm no database programmer. I'm just your regular hardware type
> of guy.)
-------------------------------------------
In summary, I was told that:
1] Sandro Pereira <spereira @
mandic .
com .
br>
yes i already used this kind of configuration, but the bandwith and line
speed was not enough to hold on all clients connects and perfomance,
remember client/server was developed for _high_speed_ lan/was at least
10Mbits, so after a while i changed from wan client/server to a database
replication which was much better.
To allow connections what you'll need to do is just enable SQL*NET
connections thru tcp/ip port 1521 or whatever port is in your
LISTENER.ORA (BTW this file is located in database server machine and
defines wich tcp/ip port oracle sql*net will use for connections ).
2] Jeffrey Papen <jpapen @
youbet .
com>
I made a custom TCP port 1433 for SQL. This has worked great for me.
3] Keith Smith <Keith .
Smith @
svip .
com>
>From memory, SQL*Net uses a single TCP/IP port. At a guess, just
opening the port for inbound or outbound connections should be enough.
Bear in mind that SQL*Net V1 uses a different port than V2.
Check the /etc/services file on any UNIX machine running Oracle to find
out which ports are used.
-------------------------------------------
Many many thanks to these guys who kindly responded,
Drexx.
"It's a dirty job, but somebody's gotta do it." -- John Wayne
~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
______
/_____/\ DEXTER D. LAGGUI
/_____\\ \ Systems Engineer, CSD-TSR
/_____\ \\ / PHILIPPINE SYSTEMS PRODUCTS INC.
/_____/ \/ / / Penthouse, Corporate Business Center
/_____/ / \//\ 150 Paseo de Roxas Ave., Legaspi Village
\_____\//\ / / Makati City, Philippines
\_____/ / /\ /
\_____/ \\ \ Phone: (++ 63-2) 813-6453 to 55 loc. 222
\_____\ \\ Fax : (++ 63-2) 813-3516
\_____\/ Email: drexx @
pspi .
com .
ph
Pager: (++ 63-2) 1277-33615
~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
----- End Included Message -----
|
|
