search cancel

Understanding the Oracle Database Connection Methods Used by Data Loss Prevention

book

Article ID: 195876

calendar_today

Updated On:

Products

Data Loss Prevention

Issue/Introduction

You want to understand the various database connection methods used by the DLP Enforce server to connect to its Oracle database.

Resolution

 

DLP Enforce Services

Symantec DLP Detection Server Controller Service
Symantec DLP Incident Persister Service
Symantec DLP Manager Service
Symantec DLP Notifier Service

Enforce services use a JDBC thin connection, taking the jdbc.dbalias.oracle-thin property's value from jdbc.properties under:

  • C:\Program Files\Symantec\DataLossPrevention\EnforceServer\15.x\Protect\config

 

Enforce Server Migration Utility

The Enforce Server Migration Utility also uses a JDBC thin connection, taken from the jdbc.dbalias.oracle-thin property's value within the jdbc.properties file, found under the currently installed product config folder. For example, migrating from a 14.6 installation, with default paths, the connection string would be loaded from:
C:\SymantecDLP\Protect\config\Jdbc.properties

Note: The Enforce Server Migration Utility runs the URT pre-checks as a sub-step, which is why the URT needs to be placed in the migration URT sub-directory.

 

Update Readiness Tool (URT)

The URT builds an Easy Connect string from user prompts for the current:

  • database username
  • database user password
  • database service name
    • The service name entered can simply be the TNS Name entry defined in tnsnames.ora for the Enforce database
    • It can also be a full Easy Connect naming token that points to the Enforce database, a simple example would be <servername>/<service_name> such as:
      • oracleserver/protect
      • See also: https://docs.oracle.com/cd/E18283_01/network.112/e10836/naming.htm
  •  

 

Maintenance Packs

MPs use an Oracle Easy Connect connection, e.g., protect/<password>@//192.168.1.174:1521/protect

The Easy Connect string is constructed using the Oracle database installation values from the DatabasePassword.properties file.

On Windows:

  • C:\Program Files\Symantec\DataLossPrevention\EnforceServer\15.x\Protect\config\DatabasePassword.properties

 And also the following Registry location:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Data Loss Prevention\Enforce Server\<ver>\Installation\

On Linux:

  • /etc/Symantec/DataLossPrevention/EnforceServer/<ver>/Installation/oracleHost
  • /etc/Symantec/DataLossPrevention/EnforceServer/<ver>/Installation/oraclePort
  • /etc/Symantec/DataLossPrevention/EnforceServer/<ver>/Installation/oracleServiceName

Attachments