Linux-UNIX: Oracle Connection Manager configuration to monitor encrypted traffic

You can use the Oracle Connection Manager to monitor encrypted traffic, without A-TAP.

Before you begin

  • S-TAP 10.x or higher is installed in the Oracle database server.
  • Oracle Connection Manager v18.3 is installed and configured for SSL.

About this task

The Oracle Connection Manager is a proxy server that forwards connection requests to databases or other proxy servers. It operates on the session level. It usually resides on a computer separate from the database server and client computers. It is a custom installation option on the Clientdisk. The primary functions of Oracle Connection Manager are:
  • Access control: to use rule-based configuration to filter user-specified client requests and accept others.
  • Session multiplexing: to funnel multiple client sessions through a network connection to a shared server destination.
  • Hardening security: can be setup as proxy server between public and trusted network.
The public (open external) network includes the web client, firewalls, and application server. The trusted (private internal) network is non-routable and exists only between the connection manager and database server. It is recommended for OCM that most actual database services, like the database listener and administrative applications like Oracle Grid Control, should be configured to run on the private network where they cannot be subjected to random port scans.

Configure the OCM in one of these models: