The listener receives client connections and evaluates against a set of rules whether to deny or allow access. If it allows access, then the listener forwards a request to a gateway process, selecting the one with the fewest connections. The CMGW process, in turn, forwards the request to another Oracle Connection Manager or directly to the database server, relaying data until the connection terminates. If a connection to the server already exists, then the gateway multiplexes, or funnels, its connections through the existing connection. CMADMIN monitors the state of the gateway processes and the listener, shutting down or starting up processes as needed. In addition, it registers the location and load of the gateway processes with the listener, and it answers requests from the Oracle Connection Manager Control utility.
The diagram in the slide shows an example of how the Oracle Connection Manager controls connections. After receiving the three valid client connections, the gateway process multiplexes them through a single network protocol connection to the database. The fourth connection is denied when it is evaluated against the set of rules.
Through the specification of filtering rules, you can allow or restrict client access to a server based on the following criteria:
•Source host names or IP addresses for clients
•Destination host names or IP addresses for servers
•Destination database service names
•Client use of Oracle Advanced Security
Access control filtering is specified through the CMAN_RULES parameter in the cman.ora file.
Oracle Connection Manager can be configured to grant or deny client access to a particular database service or a computer. By specifying filtering rules, you can allow or restrict specific client access to a server.
Recent Comments