Understanding the Oracle Database Connection Methods Used by Data Loss Prevention


Article ID: 195876


Updated On:


Data Loss Prevention


You want to understand the various database connection methods used by the DLP Enforce server to connect to its Oracle database.



DLP Enforce Services

Symantec DLP Detection Server Controller Service
Symantec DLP Incident Persister Service
Symantec DLP Manager Service
Symantec DLP Notifier Service

Enforce services use a JDBC thin connection, taking the jdbc.dbalias.oracle-thin property's value from jdbc.properties under:

  • C:\Program Files\Symantec\DataLossPrevention\EnforceServer\15.x\Protect\config


Enforce Server Migration Utility

The Enforce Server Migration Utility also uses a JDBC thin connection, taken from the jdbc.dbalias.oracle-thin property's value within the jdbc.properties file, found under the currently installed product config folder. For example, migrating from a 14.6 installation, with default paths, the connection string would be loaded from:

Note: The Enforce Server Migration Utility runs the URT pre-checks as a sub-step, which is why the URT needs to be placed in the migration URT sub-directory.


Update Readiness Tool (URT)

The URT builds an Easy Connect string from user prompts for the current:

  • database username
  • database user password
  • database service name
    • The service name entered can simply be the TNS Name entry defined in tnsnames.ora for the Enforce database
    • It can also be a full Easy Connect naming token that points to the Enforce database, a simple example would be <servername>/<service_name> such as:
      • oracleserver/protect
      • See also: https://docs.oracle.com/cd/E18283_01/network.112/e10836/naming.htm


Maintenance Packs

MPs use an Oracle Easy Connect connection, e.g., protect/<password>@//

The Easy Connect string is constructed using the Oracle database installation values from the DatabasePassword.properties file.

On Windows:

  • C:\Program Files\Symantec\DataLossPrevention\EnforceServer\15.x\Protect\config\DatabasePassword.properties

 And also the following Registry location:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Data Loss Prevention\Enforce Server\<ver>\Installation\

On Linux:

  • /etc/Symantec/DataLossPrevention/EnforceServer/<ver>/Installation/oracleHost
  • /etc/Symantec/DataLossPrevention/EnforceServer/<ver>/Installation/oraclePort
  • /etc/Symantec/DataLossPrevention/EnforceServer/<ver>/Installation/oracleServiceName