Help Center> Database Security Service> Best Practices> Configuring Oracle RAC Cluster Audit
Updated on 2022-11-23 GMT+08:00

Configuring Oracle RAC Cluster Audit

When using DBSS for an Oracle RAC cluster, each node in the cluster is regarded as an independent database and requires an agent to forward network traffic.

Configuration

The maximum number of audited databases depends on the DBSS edition you purchased. Before the configuration, check whether the maximum number of instances supported by the DBSS edition you purchased is greater than or equal to the number of RAC cluster nodes.

Example:

  • If your RAC cluster has no more than three nodes, you are advised to purchase the DBSS basic edition.
  • If your RAC cluster has no more than six nodes, you are advised to purchase the DBSS professional edition.
  • If your RAC cluster has more than six nodes, you are advised to purchase the DBSS advanced edition.
Table 1 DBSS performance and specifications

Version

Maximum Databases

System Resource

Performance

Basic

3

  • CPU: 4 vCPUs
  • Memory: 16 GB
  • Disk: 500 GB
  • Peak QPS: 3,000 queries/second
  • Database load rate: 3.6 million statements/hour
  • Stores 400 million online SQL statements.
  • Stores 5 billion archived SQL statements.

Professional

6

  • CPU: 8 vCPUs
  • Memory: 32 GB
  • Hard disk: 1000 GB
  • Peak QPS: 6,000 queries/second
  • Database load rate: 7.2 million statements/hour
  • Stores 600 million online SQL statements.
  • Stores 10 billion archived SQL statements.

Advanced

30

  • CPU: 16 vCPUs
  • Memory: 64 GB
  • Hard disk: 2000 GB
  • Peak QPS: 30,000 queries/second
  • Database load rate: 10.80 million statements/hour
  • Stores 1.5 billion online SQL statements.
  • Stores 60 billion archived SQL statements.

Configuration Process

To configure the RAC cluster audit, you just need to add a database and an agent.

Prerequisites

  • You have purchased a DBSS instance.
  • You have obtained the Public-IPs and VIPs of all nodes in the cluster.

    Example: The Oracle RAC cluster for which DBSS is to be enabled has three nodes.

Procedure

  1. Log in to the Huawei Cloud management console and choose Database Security Service. Choose Database Audit > Databases. The Databases page is displayed.
  2. In the instance drop-down list, select an instance. In the upper left corner of the database list, click Add Database.
  3. In the dialog box that is displayed, enter the information about the RAC cluster database.

    Example: Add a database to the RAC cluster node RAC-Node-01.
    Figure 1 Adding an Oracle database
    Table 2 Parameters

    Parameter

    Description

    Example Value

    Database Type

    Type of the database to be added, which can be RDS or Self-built database.

    Self-built database

    Type

    Supported database type.
    NOTE:

    If ORACLE is selected, to make the audit settings take effect, restart the applications to be audited and log in to the database again.

    ORACLE

    Name

    Name of the database to be added

    test01

    IP Address

    IP address of the database to be added.

    Set this parameter to the VIP field of the cluster node.

    172.16.0.50

    Port

    Open port of the database to be added.

    The default port number of Oracle databases is 1521.

    1521

    Version

    Supported database version.

    • If Type is set to ORACLE, the following database versions are supported:
      • 11g
      • 12c
      • 19c

    11g

    Instance

    Database instance to be audited.

    NOTE:
    • If the instance name is not specified, all instances in the database will be audited.
    • You can specify up to five instance names and use semicolons (;) to separate the names.

    -

    Character Set

    Supported encoding format of the database character set. The options are as follows:

    • UTF-8
    • GBK

    UTF-8

    OS

    Operating system of the added database. The options are as follows:
    • LINUX64
    • WINDOWS64

    LINUX64

  4. Confirm the information and click OK. The database is added to the node RAC-Node-01.

    Repeat Step 3 to add databases to the node RAC-Node-02 and RAC-Node-03 in sequence. After all databases are added, view the database list, as shown in Figure 2.

    Example: Databases (test01, test02, and test03) have been added to all nodes in the cluster.
    Figure 2 Database list

  5. Locate a database name, and click Add in the Agent column.

    Example: Add an agent to the database test01.
    Figure 3 Adding an agent

  6. In the dialog box that is displayed, enter the information about the agent to be added, as shown in Table 3.

    Example: Add an agent to the node RAC-Node-01.
    Figure 4 Adding an agent
    Table 3 Parameters for adding an agent for the first time

    Parameter

    Description

    Example Value

    Add Mode

    Method of adding an agent. The options are as follows:

    • Select an existing agent
    • Create an agent

    Create an agent

    Installing Node Type

    This parameter is mandatory when Add Mode is set to Create an agent. The options are as follows:

    • Database
    • Application

    Application

    Installing Node IP Address

    This parameter is mandatory if Installing Node Type is set to Application.

    If the agent is added to an RAC cluster node, enter the Public-IP field of the node.

    172.16.0.55

    Audited NIC Name

    Optional. This parameter is configurable when Installing Node Type is set to Application.

    Name of the network interface card (NIC) of the application node to be audited

    test-rac-01

    CPU Threshold (%)

    Optional. This parameter is configurable when Installing Node Type is set to Application.

    CPU threshold of the application node to be audited. The default value is 80.

    NOTICE:

    If the CPU usage of a server exceeds the threshold, the agent on the server will stop running.

    80

    Memory Threshold (%)

    Optional. This parameter is configurable when Installing Node Type is set to Application.

    Memory threshold of the application node to be audited. The default value is 80.

    NOTICE:

    If the memory usage of your server exceeds the threshold, the agent will stop running.

    80

    OS

    Optional. This parameter is configurable when Installing Node Type is set to Application.

    OS of the application node to be audited. The value can be LINUX64 or WINDOWS64.

    LINUX64_X86

  7. Click OK. The agent is added to the node RAC-Node-01.

    Repeat Step 6 to add agents to the node RAC-Node-02 and RAC-Node-03 of the database test01. Expand the details of the database test01 to view all added agents, as shown in Figure 5.

    Example: The agent has been added to all the nodes in the database test01 of the RAC cluster. The agent IDs are as follows: p7U_dIQBUQf7E9XurmjX, rLVIdIQBUQf7E9Xug2iQ, rrVIdIQBUQf7E9Xu3Wja

    Figure 5 Viewing the added agents

  8. Add agents to the databases test02 and test03.

    Locate the database test02, and click Add in the Agent column.

  9. In the dialog box that is displayed, enter the information about the agent to be added, as shown in Table 4.

    Example: Add an agent to the database test02.

    Select the agent that has been added to the database test01 and add it to the database test02.

    Figure 6 Adding an existing agent
    Table 4 Parameters for adding an existing agent

    Parameter

    Description

    Example Value

    Add Mode

    Method of adding an agent. The options are as follows:

    • Select an existing agent
    • Create an agent

    Selecting an existing agent

    Database Name

    Select a database that has added an agent.

    Example: test01

    test01

    AgentID

    Select an agent ID of the selected database.

    Example: Three nodes of the database test01 have added agents. You need to select one agent at a time and add the three agents in sequence.

    p7U_dIQBUQf7E9XurmjX

  10. Click OK. An existing agent is added to the database test02.

    Repeat Step 8 and Step 9 to add the other two agents. After the agents are added, check whether the database test01 and test02 contain the same agents.

    Figure 7 Checking the agent information

  11. Repeat Step 8 to Step 10 to add agents to the database test03. Ensure that the agents of all databases in the RAC cluster are the same.

    Example: After the cluster is deployed, add the the same agents to the databases test01, test02, and test03 and ensure that the number of agents in each database is the same as the number of nodes in the cluster.
    Figure 8 Checking the agent information

  12. After the cluster databases and agents are configured, you can add security group rules, download and install agents, and enable the audit function.

    For details, see Adding a Security Group Rule, Downloading and Installing an Agent, and Enabling Database Audit.