9.1 Connection Manager Benefits

Team-Fly    

 
Oracle Net8 Configuration and Troubleshooting
By Jonathan Gennick, Hugo Toledo
Table of Contents
Chapter 9.  Connection Manager


Connection Manager implements three features known as connection concentration, multi-protocol support, and access control, which provide the following benefits:

Connection concentration

Combines many client connections into just one network connection to the database instance. This allows you to support more inbound connections to a database service than your server could support directly.

Multi-protocol support

Allows clients to connect to database servers even when the client is using a network protocol that is different from that used by the server. This enables you to more easily support clients in heterogeneous environments.

Access control

Allows you to control access to database services based on a combination of attributes that include the source host, the destination host, and the database service name . This only applies to TCP/IP environments.

If you need one of these features in your environment, and you are running the Enterprise Edition of Oracle, then you should take a serious look at Connection Manager. However, if you do not specifically need one of these features, don't feel you need to implement Connection Manager just because it's there.

9.1.1 Connection Concentration

Connection concentration allows many clients to share one network connection to a database instance. To understand this feature better, look at Figure 9.1, which illustrates a typical Oracle Net8 environment.

Figure 9.1. Oracle clients, each with its own connection to the database instance
figs/n8c_0901.gif

In Figure 9.1, you can see that each client has its own network connection to the database server. This works fine on most platforms if you have just a few hundred clients, but if the number of clients becomes extremely large, you will eventually reach a point where the number of connections is larger than your server can reasonably handle. Connection Manager can alleviate such a situation by serving as an intermediary between a group of clients and the server, as shown in Figure 9.2. Each client opens a network connection to Connection Manager, but Connection Manager only opens one network connection to the database server.

Figure 9.2. Connection concentration allows many clients to share one network connection to the database server
figs/n8c_0902.gif

In Figure 9.2, you have a situation where each Connection Manager instance supports 500 clients for a total of 2000 clients. However, these 2000 clients are being supported using just four network connections to the database server. The overhead of managing all those network connections has essentially been lifted from the one database server and distributed among the four Connection Manager instances.

The scenario shown in Figure 9.2 only makes sense if each instance of Connection Manager is running on a separate machine. The whole point is to have fewer network connections to the database server. Running an instance of Connection Manager on the database server itself is not a way to achieve that goal.

The connections path that Connection Manager maintains for each client connected to a server is known as a relay . The term relay is used because Connection Manager receives transmissions from the client and relays them to the server. The reverse occurs with transmissions from the serverthose are relayed to the appropriate client.

In order to take advantage of connection concentration, you must be running multi-threaded server (MTS) on the database server. Only MTS connections can be concentrated. In addition, MTS on the database server must be configured to support multiplexing. The details of doing that are described later in this chapter in Section 9.3.

9.1.2 Multi-Protocol Support

Multi-protocol support lets you use Connection Manager as a protocol conversion service allowing clients using one network protocol to connect to a database server using a different network protocol. Figure 9.3 shows Connection Manager being used to enable clients running SPX to connect to a database server over TCP/IP. Notice that connection concentration can be applied even when converting between protocols.

Figure 9.3. Connection Manager can be used as a bridge between different network protocols.
figs/n8c_0903.gif

When Connection Manager is used like this, the machine running Connection Manager needs to support both protocols. In Figure 9.3, the Connection Manager machine must therefore support both SPX and TCP/IP. The clients in Figure 9.3, however, only need SPX, and the database server only needs TCP/IP.

As with connection concentration, each multi-protocol connection made through Connection Manager is referred to as a relay .

9.1.3 Network Address Translation

Connection Manager's ability to stand between a client and a server connection has another advantage in environments where connections are made from outside a firewall to a database server that is inside a firewall. To initiate a Net8 connection, a client typically contacts a Net8 listener. If MTS is used, the listener selects a dispatcher and passes the dispatcher's address back to the client. Thus, the client is said to be redirected to the MTS dispatcher. The process is similar for dedicated server connections, except that the redirect is to a dedicated server process.

Redirection can cause problems when a firewall is used, particularly when the firewall does address translation between a company's internal network and the outside world. In such a case, the address returned by the listener when it redirects the client is an internal network address. Because the client is outside the firewall, that internal address is meaningless. Figure 9.4 illustrates this sequence of events.

Figure 9.4. Network address translation can cause problems for Net8 connections
figs/n8c_0904.gif

How can Connection Manager help in a situation like this? Connection Manager does not redirect client connections, so the network address that a client uses to connect through Connection Manager remains stable. The redirect still occurs, but it is the connection between Connection Manager and the listener that is redirected. That doesn't affect the connection between Connection Manager and the client. As long as Connection Manager is inside the firewall, it will recognize the internal address used for the redirect, and the redirect will be successful. Figure 9.5 illustrates this scenario.

Figure 9.5. Connection Manager solves the network address translation problem
figs/n8c_0905.gif

Remember that for Connection Manager to help in a situation like this, it needs to be inside the firewall. When a client connects, the address list that it supplies must contain at least two addresses. The first address must be that of the Connection Manager instance, and it must be the external address because of the network address translation that takes place between the client and the Connection Manager. The second address is the one used by Connection Manager to connect to the listener, and it must be the internal network address. The second address must be internal because both Connection Manager and the listener are on the inside of the firewallno address translation occurs between the two.

9.1.4 Access Control

Connection Manager can be configured to prevent certain types of database connections from occurring. This feature is only available when TCP/IP is the only protocol being used. Connection Manager's default behavior is to allow all connections, but you can put filtering rules in place that restrict connections based on any combination of the following three attributes:

  • Source host

  • Destination host

  • Database service

Figure 9.6 shows a sample scenario in which access to a database is restricted by IP address so that it has to come from a specific PC.

Figure 9.6. Connection Manager can be configured to reject connections from all but a select list of clients
figs/n8c_0906.gif

For the scenario shown in Figure 9.6 to provide any real security, the clients would need to be configured with static IP addresses, and users would need to be blocked from changing their IP addresses.


Team-Fly    
Top


Oracle Net8 Configuration and Troubleshooting
Oracle Net8 Configuration and Troubleshooting
ISBN: 1565927532
EAN: 2147483647
Year: 2000
Pages: 120

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net