S-TAP includes an A-TAP feature required for Oracle deployments which use encryption.
This task describes activating A-TAP in this Oracle Veritas Clustering nodes.
About this task
This procedure uses typical file paths for a shell installation. The GIM procedure is the same,
but with different paths. For example:
/opt/guardium/modules/ATAP/current/files/bin/guardctl.
Procedure
- Set up A-TAP on all nodes without activation. For example:
/opt/guardium/guard_stap/guardctl --db-user=oracle --db-type=oracle --db-instance=oracle --db-home= /dbarepzdb/oracle/product/11.2.0.4 --db-version=11.2 store-conf
And
/opt/guardium/guard_stap/guardctl --db-instance=oracle authorize-user
-
Stop all Oracle processes. This ensures that
ORACLE_HOME
will still mount on
primary.
- Activate A-TAP on the primary node. For example:
/opt/guardium/guard_stap/guardctl --db-instance=oracle activate
- Copy the guard_tap.ini file from the from active node to all passive
nodes, and change the tap_ip parameters appropriately. Then restart the S-TAP
on the passive nodes.
- Copy the A-TAP executer from the active node to all passive nodes. For example:
scp /opt/guardium/etc/guard/executor/root/* root@server:/opt/guardium/etc/guard/executor/root/
- Restart the Oracle Services and verify that encrypted traffic is captured on the primary
server.