Configure TCP/IP with SSL/TLS for Sharding – GSM OCI Mode
(Doc ID 2881390.1)
Last updated on JANUARY 17, 2023
Applies to:
Oracle Database - Enterprise Edition - Version 19.11.0.0.0 and laterInformation in this document applies to any platform.
Goal
CONFIGURATION OF TCP/IP WITH SSL/TLS FOR SHARDING (GSM OCI MODE)
The GSM interface cli (GDSCTL) uses thin driver (by default) and GSM uses ANO encryption (default) for secure connection.
To implement TLS v1.2, we can't have double encryption stacks, thus, ANO must be disabled.
The below procedure is the workaround by using OCI thick driver.
Native Network Encryption for Sharding Connections
PRI +----------+ +----------+ +----------+ +----------+ +----------+
CDB | gsm1 | | cdbcat | | cdb1 | | cdb2 | | cdb3 |
PDB | | | cat | | sh1 | | sh2 | | sh3 |
HOST | host1 | | host2 | | host3 | | host4 | | host5 |
R:DC1 +----------+ +----------+ +----------+ +----------+ +----------+
| | |
v v v
ADG +----------+ +-----------+ +----------+ +----------+
CDB | gsm2 | | cdb11 | | cdb12 | | cdb13 |
PDB | | | sh1 | | sh2 | | sh3 |
HOST | host6 | | host7 | | host8 | | host9 |
R:DC2 +----------+ +-----------+ +----------+ +----------+
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Goal |
| Native Network Encryption for Sharding Connections |
| Solution |
| Prerequisites and Assumptions |
| Setup Wallet and Certificate |
| 1.Create Wallet on GSM and all hosts |
| 2.Create Wallet on GSM Client |
| 3.Exchange Certificates |
| 4.Network Configuration |
| 5.Client Connectivity |
| References |