You are changing the IP Address on your Oracle server, and want to know how it will affect your DLP installation.

All supported releases of Data Loss Prevention

Relevant versions:  ALL

The Oracle database should be OK provided the hostname is being used by the listener rather than a hardcoded IP (a very bad practice!). As long as the hostname resolves to the correct IP, Oracle should be happy.

1. Usually the listener on Oracle is configured with the FQDN of box; you can confirm by checking the listener.ora file:

• If using FQDN then make sure DNS resolves to the new IP address.
• If IP address is in there make sure new IP address is listed.

Sample listener.ora on Oracle:

LISTENER =
  (DESCRIPTION_LIST =
    (DESCRIPTION =
      (ADDRESS = (PROTOCOL = TCP)(HOST = FQDN)(PORT = 1521))
      (ADDRESS = (PROTOCOL = IPC)(KEY = PROTECT))
    )

2.  Oracle uses the net service account, typically “PROTECT”. If using IP, make sure it has the new IP address.

Sample tnsnames.ora:

PROTECT =
  (DESCRIPTION =
    (ADDRESS_LIST =
      (ADDRESS = (PROTOCOL = TCP)(HOST = ##.##.#.#)(PORT = 1521))
    )
    (CONNECT_DATA =
      (SERVICE_NAME = PROTECT)
    )
  )

3. Although some may have rebooted the box, it's not necessary, just restart the listener on the Oracle server. Use either of the following command options

lsnrctl reload

or

lsnrctl stop
lsnrctl start

4.  On Oracle box, test the connections with New IP: ensure you can connect as sys as sysdba and also as the DLP "Protect" account. Once you can connect on the Oracle box as “protect” user, the Enforce Server won’t have any problems once IP is changed.

5.  On the Enforce Server, the only change is in the jdbc.properties file:

• Change the host=IPaddress to new IP of Oracle.
• If host entry instead has FDQN,  make sure it resolves in DNS from the Enforce Server to the new IP address of the Oracle server.

Sample jdbc.properties file on enforce. Note - this is for a single or two-tier installation, therefore Oracle is on same box as Enforce: 

# JDBC connection information for the "oracle-thin" connection
jdbc.username.oracle-thin=protect
jdbc.driver.oracle-thin=oracle.jdbc.OracleDriver
# use the P6Spy driver in order to see the SQL generated by OJB
# jdbc.driver.oracle-thin=com.p6spy.engine.spy.P6SpyDriver
jdbc.subprotocol.oracle-thin=oracle:thin
jdbc.dbalias.oracle-thin=@(description=(address=(host=###.###.###.###)(protocol=tcp)(port=1521))(connect_data=(sid=protect)))

If making changes to the above properties file:

• Stop the Enforce Server services
• Change the IP in the jdbc.properties
• Restart the Enforce Server services.
• Check the IncidentPersister0.log in debug folder. The most recent entries in the log should tell you if connection to Oracle with new IP is successful or not. 

Note: the tnsnames.ora file if found on Enforce can be changed as well, however we only use this file with sqlplus  for troubleshooting, or during initial installs, upgrades. You can change IP on the Enforce Server in tnsnames.ora file, but there should never be a listener on Enforce or listener.ora file on Enforce - unless Oracle is on same box.

KB on stopping and starting Enforce Server services: Restart DLP Enforce services in the correct order (broadcom.com)

Locations of logs and properties files discussed in this KB: Enforce Server Directory Structure (broadcom.com)

Also, for more details about these connections: Troubleshoot TNSListener (broadcom.com)