Quick Start
Prerequisites
Prior to installing CDP :
Download and extract the CDP software.
Modify the properties file.
Set the Oracle database SID.
Create the metadata user and allocate tablespace.
Set the Oracle home environment.
Make sure that the script can be opened by the shell (Linux/UNIX).
Make sure that the DBMS_LOB package is installed and the INGRIAN user has sufficient permissions to use the package.
Make sure that the CDP is installed on the machine where the database server resides. CDP can’t be installed remotely.
Downloading and Extracting CDP File
Download and extract the software.
Note
Copy the package to the Linux/Unix machine and unzip directly. Do not unzip on the Windows machine and then copy the content to the Linux/Unix.
Modifying the Properties File
The ProtectDB.properties file (referred to as “the properties file”) can be used to determine how the client interacts with the Key Manager . A set of parameters can be modified to specify which Key Manager a client connects to, which protocol is used to establish a connection, how frequently logs are rotated, and so on. Some basic configuration information, such as the server IP address, port, and log file are required to install CDP.
The installation script copies the properties file to <ORACLE_HOME>/lib/safenet/ on Linux and <ORACLE_HOME>\bin\ on Windows.
Important Notes
Modifying the
ProtectDB.propertiesfile before installing the CDP for Oracle is not mandatory. The values that are specified on different installer screens are automatically entered in theProtectDB.propertiesfile. Parameters in the properties file can also be specified/modified after the installation.After the installation script is run, any modifications to
ProtectDB.propertiesmust be made to the file in the<ORACLE_HOME>/lib/safenet/directory on Linux and<ORACLE_HOME>\bin\on Windows. Once the installation script is run, the properties file in the extracted directory is ignored.For any changes in the properties file to be effective, the
loadProperties.sh(UNIX/Linux) orloadProperties.bat(Windows) file must be run. Depending on the platform, these files are placed at the following location:On Unix/Linux:
<ORACLE_HOME>/lib/safenet/On Windows:
<ORACLE_HOME>\bin\
Setting the Oracle Database SID
If there are multiple Oracle databases within Oracle home, then ORACLE_SID must be set before running the installation scripts (install.bat (Windows) or install.sh (Linux/UNIX)).
Creating the Metadata User
Before installing CDP, the user, INGRIAN, must exist in the database. If the user doesn't exist ,create one. To create the database user, INGRIAN, and allocate the necessary tablespace, execute the following commands:
sqlplus sys/<oracle-system-user-password> as sysdba
SQL> create user INGRIAN identified by INGRIAN
2 default tablespace users
3 quota unlimited on users;
User created.
SQL> @<full_path>grantPermission.sql INGRIAN
Note
If any error message appears, fix the problem before continuing.
Here, @<full_path>grantPermission.sql INGRIAN grants privileges to the INGRIAN user. <full_path> represents the location of grantPermission.sql. To see the list of those privileges, view the grantpermission.sql file.
Setting the Oracle Home Environment
If the machine where CDP will be installed has multiple Oracle homes, then the ORACLE_HOME environment variable must be set before running the installation scripts (install.bat (Windows) or install.sh (Linux/UNIX)).
Checking the Shell (Linux/UNIX)
The install script assumes that the Bourne shell is installed in the /bin/sh directory . If it is not installed there, modify the script accordingly.
Checking the DBMS_LOB Package
Before installing , make sure that the DBMS_LOB package is installed and the INGRIAN user has sufficient permissions to use the package. This package is required to perform operations on Large Object data types. During installation, the installer checks whether the DBMS_LOB package is installed and the INGRIAN user has sufficient permissions to use the package. If any of these two conditions are not met, the installer stops with an appropriate message.
Installing the DBMS_LOB Package
The DBMS_LOB package is installed with Oracle installation. However, if required, it can be manually installed by using the catproc.sql. This file is stored in the $ORACLE_HOME/rdbms/admin directory. To manually install DBMS_LOB, execute the following statements:
cd $ORACLE_HOME/rdbms/admin
sqlplus sys/<oracle-system-user-password> as sysdba
SQL> @catproc.sql
CDP modes
CDP provides the following modes for installation, uninstallation, and upgradation of the software:
| Mode | Description |
|---|---|
| install | Assumes that CDP is not previously installed on this machine. If an installation exists, then the installation script can’t be run with the install option.In the install mode, the script does the following: — Installs tables, stored procedures, and user defined functions in a schema called INGRIAN. —Generates and loads an Instance ID for this installation. |
| reload | Does everything that the install mode does, except:—The metadata tables are not regenerated — An Instance ID is not generated |
| localonly | Used to install the shared libraries in clustered database environments. |
| uninstall | Uninstalls CDP. Note: CDP can’t be uninstalled until all encrypted columns are unencrypted or all views and triggers are deleted. For more information on unencrypting data, refer to Decrypt a column. |
| uninstall localonly | Uninstalls the CDP localonly installation. Do not use the uninstall option to uninstall the localonly installations. This is because no metadata tables are created during the localonly installations. If the uninstall option is used, other metadata tables (not created during the localonly installation) will get removed. |
Standard Installation of CDP
Standard installation of CDP involves the following:
Selecting the Installation Mode
Running the Installation Script
Selecting the Installation Mode
To install CDP, select the installation mode as install or reload. The various modes are described in the preceding section.
Running the Installation Script
The installation script can be run in install, reload, localonly, uninstall, or uninstall localonly mode. To install CDP, run the script in install mode. To run the installation script in install mode:
Open a command prompt window.
Navigate to the directory where the script is located.
Enter one of the following commands, depending on the operating system:
Windows:
install.bat installUNIX/Linux:
install.sh install
Enter the following information when prompted:
Passwords for the SYS and metadata (INGRIAN) users.
Enter an instance ID or accept the randomly generated default, when prompted. Databases that share the metadata, must use the same instance ID.
Enter Y if installation is performed in Pluggable Database (PDB) for the Oracle user INGRIAN, else N.
Enter the Pluggable Database (PDB) name.
Path to ORACLE_HOME for the installation. (For Windows installation)
Path including the properties file name. Read access to this file is required.
In Unix/Linux, the default path is
<ORACLE_HOME>/lib/safenet/ProtectDB.properties.In Windows, the default path is
<ORACLE_HOME>\bin\ProtectDB.properties.NAE Server IP address and port.
Full path and file name for the log file. Write access to this file is required.
The path entered for the log file must not include symbolic links, and it must specify a file name. On some operating systems, the use of symbolic links causes the CipherTrust Manager to display the following error message: The provider has not yet been installed on this database. You must install the provider before you can map users.
The user schema and the ingrian schema must be in the same Pluggable Database (PDB).
Installing CDP in Localonly Mode
The localonly installation of CDP is suitable for installing only the shared libraries in a clustered or replication environment.
To install CDP in the localonly mode:
Open a command prompt window.
Navigate to the directory where the script is located.
Enter one of the following commands, depending on the operating system.
Windows:
install.bat localonlyUNIX/Linux:
install.sh localonly
Enter the following information when prompted:
Password for the metadata (INGRIAN) user.
Path to ORACLE_HOME for the installation. (For Windows installation)
Path to the properties file. Read access to this file is required.
NAE Server IP address and port.
Full path and file name for the log file. Write access to this file is required.
Installing CDP in Oracle RAC Environment
This section contains the following information regarding the installation of CDP in Oracle RAC environment:
Prerequisites
Installation and Configuration on Oracle RAC Environment
Prerequisites
Before installing CDP in RAC environment, confirm that the Oracle RAC environment is properly configured and is operational. Perform the following system checks:
RAC Status
Cluster Daemons Status
Database Status
Service Status
Listener Status
RAC Status
Check the status of RAC applications by running the following command at the UNIX/Linux shell prompt while logged on as an Oracle user on any node:
[oracle@rac1 ~]$ crs_stat -t
The following sample output is obtained from a two-node cluster with Transparent Application Failover (TAF) service configured on the first node:
Name Type Target State Host
------------------------------------------------------------
ora.DATA.dg ora....up.type ONLINE ONLINE rac1 ora....ER.lsnr ora....er.type ONLINE ONLINE rac1
ora....N1.lsnr ora....er.type ONLINE ONLINE rac1 ora.asm ora.asm.type ONLINE ONLINE rac1
ora.cvu ora.cvu.type ONLINE ONLINE rac1 ora.gsd ora.gsd.type ONLINE ONLINE rac1
ora....network ora....rk.type ONLINE ONLINE rac1 ora.oc4j ora.oc4j.type ONLINE ONLINE rac1
ora.ons ora.ons.type ONLINE ONLINE rac1 ora.orcl11g.db ora....se.type ONLINE ONLINE rac1
ora....can.svc ora....ce.type ONLINE ONLINE rac1 ora....SM1.asm application ONLINE ONLINE rac1
ora....C1.lsnr application ONLINE ONLINE rac1 ora.rac1.gsd application ONLINE ONLINE rac1
ora.rac1.ons application ONLINE ONLINE rac1 ora.rac1.vip ora....t1.type ONLINE ONLINE rac1
ora....SM2.asm application ONLINE ONLINE rac2 ora....C2.lsnr application ONLINE ONLINE rac2
ora.rac2.gsd application ONLINE ONLINE rac2 ora.rac2.ons application ONLINE ONLINE rac2
ora.rac2.vip ora....t1.type ONLINE ONLINE rac2 ora....ry.acfs ora....fs.type ONLINE ONLINE rac1
ora.scan1.vip ora....ip.type ONLINE ONLINE rac1
The status of RAC components can also be checked individually.
Cluster Daemons Status
Run the following commands as an Oracle user on any node:
$ srvctl status nodeapps -n hostname
[oracle@rac1 ~]$ srvctl status nodeapps -n rac1
Sample output:
VIP rac1-vip is running on node: rac1 Network is running on node: rac1
GSD is running on node: rac1
ONS daemon is running on node: rac1
- [oracle@rac1 ~]$ srvctl status nodeapps -n rac2
Sample output:
VIP rac2-vip is running on node: rac2 Network is running on node: rac2
GSD is running on node: rac2
ONS daemon is running on node: rac2
Database Status
Run the following command as an Oracle user on any node:
$ srvctl status database -d dbname
[oracle@rac1 ~]$ srvctl status database -d ORCL
Sample output:
Instance orcl1 is running on node rac1 Instance orcl2 is running on node rac2
Service Status
To check the status of the Transparent Application Fail Over service, if one is configured in the environment, run the following command as an Oracle user on any node:
$ srvctl status service -d dbname -s servicename
[oracle@rac1 ~]$ srvctl status service -d orcl1 -s testscan
Sample output:
Service testscan is running on instance(s) orcl1,orcl2
[oracle@rac1 ~]$ srvctl status service -d orcl1 -s testscan Sample output: Service testscan is running on instance(s) orcl1,orcl2
Listener Status
CDP requires that the listener is configured and running in order to operate. To verify the listener configuration, run the following command as an Oracle user on each node:
$ lsnrctl stat
[oracle@rac1 ~]$ lsnrctl stat
Sample output will shows the current status of the listener.
Confirm that the listener is running on every node.
Installation and Configuration in Oracle RAC Environment
Installation of CDP in Oracle RAC environment requires the following steps:
Preparing the Installation Directory
Installing CDP on the Primary Node
Installing CDP on Other Nodes
Configuring CDP for Oracle
Testing the KeySecure Classic Connection
Configuring SSL and Client Certificates
Preparing the Installation Directory
CDP must be installed on every node of the cluster. The primary node requires the full installation; all other nodes can be installed with the localonly option.
Tip
If the Oracle Cluster File System (OCFS) or another shared storage, such as NFS, is configured in the environment, a path on this storage can be used for the temporary installation directory. This eliminates the need to transfer the installation package to every node.
Download and expand the installation package into an installation directory.
Installing CDP on the Primary Node
For detailed information and procedures required to install CDP, see Preparing for the Installation.
Run the installer on the primary node using the following command:
$ ./install.sh install
Respond to all installer prompts and wait for the installer to complete before performing installations on other nodes.
Installing CDP on Other Nodes
Run the following command to install CDP on all other nodes.
$ ./install.sh localonly
Note
Complete the installation on each node before installing the next one.
This step installs shared libraries required for CDP on nodes other than the primary node.
