Linux-UNIX: Activating A-TAP for Oracle on a Veritas Cluster
S-TAP includes an A-TAP feature required for Oracle deployments which use encryption. This task describes activating A-TAP in this Oracle Veritas Clustering nodes.
About this task
This procedure uses typical file paths for a shell installation. The GIM procedure is the same, but with different paths. For example: /opt/guardium/modules/ATAP/current/files/bin/guardctl.
- Set up A-TAP on all nodes without activation. For example:
/opt/guardium/guard_stap/guardctl --db-user=oracle --db-type=oracle --db-instance=oracle --db-home= /dbarepzdb/oracle/product/184.108.40.206 --db-version=11.2 store-conf
/opt/guardium/guard_stap/guardctl --db-instance=oracle authorize-user
Stop all Oracle processes. This ensures that
ORACLE_HOMEwill still mount on primary.
- Activate A-TAP on the primary node. For example:
/opt/guardium/guard_stap/guardctl --db-instance=oracle activate
- Copy the guard_tap.ini file from the from active node to all passive nodes, and change the tap_ip parameters appropriately. Then restart the S-TAP on the passive nodes.
- Copy the A-TAP executer from the active node to all passive nodes. For example:
scp /opt/guardium/etc/guard/executor/root/* root@server:/opt/guardium/etc/guard/executor/root/
- Restart the Oracle Services and verify that encrypted traffic is captured on the primary server.