You are changing the IP Address on your Oracle server, and want to know how it will affect your DLP installation.
All supported releases of Data Loss Prevention
Relevant versions: ALL
The Oracle database should be OK provided the hostname is being used by the listener rather than a hardcoded IP (a very bad practice!). As long as the hostname resolves to the correct IP, Oracle should be happy.
1. Usually the listener on Oracle is configured with the FQDN of box; you can confirm by checking the listener.ora file:
Sample listener.ora on Oracle:
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = FQDN)(PORT = 1521))
(ADDRESS = (PROTOCOL = IPC)(KEY = PROTECT))
)
2. Oracle uses the net service account, typically “PROTECT”. If using IP, make sure it has the new IP address.
Sample tnsnames.ora:
PROTECT =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = ##.##.#.#)(PORT = 1521))
)
(CONNECT_DATA =
(SERVICE_NAME = PROTECT)
)
)
3. Although some may have rebooted the box, it's not necessary, just restart the listener on the Oracle server. Use either of the following command options
lsnrctl reload
or
lsnrctl stop
lsnrctl start
4. On Oracle box, test the connections with New IP: ensure you can connect as sys as sysdba and also as the DLP "Protect" account. Once you can connect on the Oracle box as “protect” user, the Enforce Server won’t have any problems once IP is changed.
5. On the Enforce Server, the only change is in the jdbc.properties file:
Sample jdbc.properties file on enforce. Note - this is for a single or two-tier installation, therefore Oracle is on same box as Enforce:
# JDBC connection information for the "oracle-thin" connection
jdbc.username.oracle-thin=protect
jdbc.driver.oracle-thin=oracle.jdbc.OracleDriver
# use the P6Spy driver in order to see the SQL generated by OJB
# jdbc.driver.oracle-thin=com.p6spy.engine.spy.P6SpyDriver
jdbc.subprotocol.oracle-thin=oracle:thin
jdbc.dbalias.oracle-thin=@(description=(address=(host=###.###.###.###)(protocol=tcp)(port=1521))(connect_data=(sid=protect)))
If making changes to the above properties file:
Note: the tnsnames.ora file if found on Enforce can be changed as well, however we only use this file with sqlplus for troubleshooting, or during initial installs, upgrades. You can change IP on the Enforce Server in tnsnames.ora file, but there should never be a listener on Enforce or listener.ora file on Enforce - unless Oracle is on same box.
KB on stopping and starting Enforce Server services: Restart DLP Enforce services in the correct order (broadcom.com)
Locations of logs and properties files discussed in this KB: Enforce Server Directory Structure (broadcom.com)
Also, for more details about these connections: Troubleshoot TNSListener (broadcom.com)