|
Home > Archive > Oracle Server > May 2005 > Failsafe & Active Directory
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Failsafe & Active Directory
|
|
| William 2005-05-24, 11:23 am |
| Hi,
I would like to know the minimum permissions required to use failsafe in an
Active Directory environment.
Is there any documentation available describing how Failsafe is reliant on
security or other mechanisms e.g. DNS in Active Directory?
Thanks,
William
| |
| bdbafh@gmail.com 2005-05-24, 11:23 am |
| William,
Failsafe was an Oracle 7.3 feature, IIRC.
Perhaps you should research the topic of "Dataguard" instead.
What version of the Oracle Database Server software are you dealing
with?
-bdbafh
| |
| StefanKapitza 2005-05-25, 3:23 am |
|
William wrote:
> Hi,
>
> I would like to know the minimum permissions required to use failsafe in an
> Active Directory environment.
>
> Is there any documentation available describing how Failsafe is reliant on
> security or other mechanisms e.g. DNS in Active Directory?
>
>
> Thanks,
>
> William
hello,
failsafe builds on top of the cluster, so it's an extension to mcs to
simplify the configuration. IIRC you need an Domain Admin Account.
As it replaces the servernames with ip's in your Oracle Installation,
i assume it doesnt trust the dns (IMO).
regards
s.kapitza
| |
| Holger Baer 2005-05-25, 3:23 am |
| bdbafh@gmail.com wrote:
> William,
>
> Failsafe was an Oracle 7.3 feature, IIRC.
> Perhaps you should research the topic of "Dataguard" instead.
>
> What version of the Oracle Database Server software are you dealing
> with?
>
> -bdbafh
>
As wrong as can be.
FailSafe is the product that makes Oracle compatible to the Microsoft
Cluster Technology, which is a Share Nothing architecture. Basically
what it does is provide an interface to the MS Cluster Service API,
and it allows to failover the database to another node in the cluster
if the node can not be reached.
Holger
| |
| Holger Baer 2005-05-25, 3:23 am |
| William wrote:
> Hi,
>
> I would like to know the minimum permissions required to use failsafe in an
> Active Directory environment.
>
> Is there any documentation available describing how Failsafe is reliant on
> security or other mechanisms e.g. DNS in Active Directory?
>
>
> Thanks,
>
> William
>
>
I always found the installation manual sufficient that comes with the software. ;-)
You need
a) an AD User that is administrator on all nodes in the cluster that are going
to host oracle
b) the same or another user running the Oracleservices for MSCS wich is given the
right to run as a service.
Nothing fancy, really.
Are you facing any specific problems? You might also want to know this:
http://groups.google.de/group/comp....58a688
6c
HTH
Holger
| |
| William 2005-05-25, 7:23 am |
|
"Holger Baer" <holger.baer@science-computing.de> wrote in message
news:d71c9g$svo$1@ne
ws.BelWue.DE...
> William wrote:
>
> I always found the installation manual sufficient that comes with the
> software. ;-)
>
> You need
> a) an AD User that is administrator on all nodes in the cluster that are
> going
> to host oracle
> b) the same or another user running the Oracleservices for MSCS wich is
> given the
> right to run as a service.
>
> Nothing fancy, really.
>
> Are you facing any specific problems? You might also want to know this:
>
> http://groups.google.de/group/comp....58a688
6c
>
> HTH
> Holger
Thanks for your reply Holger, in the end I managed to find some
documentation on the Oracle website and it would appear that your response
was correct with this document.
From Oracle document:
"In the Oracle Services for MSCS Account/Password dialog box, enter the
domain, user name, and password of a user account that has Administrator
privileges. This is the account that Oracle Services for MSCS will be using
to access this cluster. Oracle Services for MSCS runs as a Windows service
(called OracleMSCSServices) under a user account that must be a domain user
account (not the system account) that has Administrator privileges on all
nodes of this cluster. The account must be the same on all nodes of this
cluster, or you will receive an error message when you attempt to connect to
a cluster using Oracle Fail Safe Manager. You enter the information in the
form Domain\Username, as shown in Figure 2-9, or if you are using Windows
2000, you can enter a user principal name in the form Username@DnsDomainNa
me
in the Domain\Username box. "
So it would appear there is no reliance on Active Directory although a
Domain User account is required. The acccount should have local
administrator access on all nodes, this will in turn allow the
Oracleservices for MSCS the right to run as a service.
Thanks,
William
| |
| Holger Baer 2005-05-25, 7:23 am |
| William wrote:
>
>
> Thanks for your reply Holger, in the end I managed to find some
> documentation on the Oracle website and it would appear that your response
> was correct with this document.
>
>
> From Oracle document:
> "In the Oracle Services for MSCS Account/Password dialog box, enter the
> domain, user name, and password of a user account that has Administrator
> privileges. This is the account that Oracle Services for MSCS will be using
> to access this cluster. Oracle Services for MSCS runs as a Windows service
> (called OracleMSCSServices) under a user account that must be a domain user
> account (not the system account) that has Administrator privileges on all
> nodes of this cluster. The account must be the same on all nodes of this
> cluster, or you will receive an error message when you attempt to connect to
> a cluster using Oracle Fail Safe Manager. You enter the information in the
> form Domain\Username, as shown in Figure 2-9, or if you are using Windows
> 2000, you can enter a user principal name in the form Username@DnsDomainNa
me
> in the Domain\Username box. "
> So it would appear there is no reliance on Active Directory although a
> Domain User account is required. The acccount should have local
> administrator access on all nodes, this will in turn allow the
> Oracleservices for MSCS the right to run as a service.
>
>
>
> Thanks,
>
> William
>
>
As a small addition: Make sure that the domain user is listed explicitely
in the local administrators group on the nodes in the cluster - I had some
nasty effects when on one node the domain user was explicitely listed, on
an other node implicitely through a domain group.
Cheers,
Holger
| |
| William 2005-05-25, 7:23 am |
|
"Holger Baer" <holger.baer@science-computing.de> wrote in message
news:d71l9j$g3t$1@ne
ws.BelWue.DE...
> William wrote:
>
> As a small addition: Make sure that the domain user is listed explicitely
> in the local administrators group on the nodes in the cluster - I had some
> nasty effects when on one node the domain user was explicitely listed, on
> an other node implicitely through a domain group.
>
> Cheers,
> Holger
Ahh, interesting. I will bear that in mind. Thanks again :-)
|
|
|
|
|