Linux-UNIX: Activating A-TAP for Oracle on a Veritas Cluster

S-TAP includes an A-TAP feature required for Oracle deployments which use encryption. This task describes activating A-TAP in this Oracle Veritas Clustering nodes.

About this task

This procedure uses typical file paths for a shell installation. The GIM procedure is the same, but with different paths. For example: /opt/guardium/modules/ATAP/current/files/bin/guardctl.

Procedure

  1. Set up A-TAP on all nodes without activation. For example:
    /opt/guardium/guard_stap/guardctl --db-user=oracle --db-type=oracle --db-instance=oracle --db-home= /dbarepzdb/oracle/product/11.2.0.4 --db-version=11.2 store-conf
    And
    /opt/guardium/guard_stap/guardctl --db-instance=oracle authorize-user
  2. Stop all Oracle processes. This ensures that ORACLE_HOME will still mount on primary.
  3. Activate A-TAP on the primary node. For example:
    /opt/guardium/guard_stap/guardctl --db-instance=oracle activate
  4. Copy the guard_tap.ini file from the from active node to all passive nodes, and change the tap_ip parameters appropriately. Then restart the S-TAP on the passive nodes.
  5. Copy the A-TAP executer from the active node to all passive nodes. For example:
    scp /opt/guardium/etc/guard/executor/root/* root@server:/opt/guardium/etc/guard/executor/root/
  6. Restart the Oracle Services and verify that encrypted traffic is captured on the primary server.