Understanding the Oracle Database Connection Methods Used by Data Loss Prevention

book

Article ID: 195876

calendar_today

Updated On:

Products

Data Loss Prevention

Issue/Introduction

You want to understand the various database connection methods used by the DLP Enforce server to connect to its Oracle database.

Resolution

DLP Enforce Services (SymantecDLPManager, SymantecDLPDetectionServerControllerService, SymantecDLPIncidentPersister, SymantecDLPNotifier)

  • Enforce services use a jdbc thin connection, taking the jdbc.dbalias.oracle-thin property's value from Jdbc.properties under:

C:\Program Files\Symantec\DataLossPrevention\EnforceServer\15.7\Protect\config

 

Enforce Migration Utility

  • The Enforce Migration Utility also uses a jdbc thin connection, taken from the jdbc.dbalias.oracle-thin property's value within the Jdbc.properties file found under the currently installed product config folder. For example, migrating from a 14.6 installation, with default paths, the connection string would be loaded from:
    C:\SymantecDLP\Protect\config\Jdbc.properties
    • Note, Enforce Migration Utility runs the URT prechecks as a sub-step, which is why the URT needs to be placed in the migration URT sub-directory.

 

Update Readiness Tool (URT)

  • The URT builds an Easy Connect string from user prompts for the current:
    • database username
    • database user password
    • database service name
      • The service name entered can simply be the TNS Name entry defined in tnsnames.ora for the Enforce database
      • It can also be a full Easy Connect naming token that points to the Enforce database, a simple example would be <servername>/<service_name> such as:

 

Maintenance Packs

  • MPs use an Oracle Easy Connect connection, e.g.

protect/<password>@//192.168.1.174:1521/protect

    • The Easy Connect string is constructed using the Oracle database installation values from
      • The DatabasePassword.properties file:
        C:\Program Files\Symantec\DataLossPrevention\EnforceServer\15.7\Protect\config\DatabasePassword.properties
      • On Windows: the following Registry location: HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Data Loss Prevention\Enforce Server\<ver>\Installation\

      • On Linux:
        • /etc/Symantec/DataLossPrevention/EnforceServer/<ver>/Installation/oracleHost
        • /etc/Symantec/DataLossPrevention/EnforceServer/<ver>/Installation/oraclePort
        • /etc/Symantec/DataLossPrevention/EnforceServer/<ver>/Installation/oracleServiceName

Attachments