9m ago
20 Views
2 Downloads
2.16 MB
26 Pages
Report/dmca
Preview/Download
Tags: Takoda institute of higher education, College of dupage nursing program, Hunter nursing program

Transcription

Oracle Audit Vault and Database Firewall 20Upgrade TipsNov 2020

Topics1Upgrade Paths to AVDF202Pre-Upgrade Checklist3Upgrade Checklist4Post-Upgrade Checklist2Copyright 2020, Oracle and/or its affiliates. All rights reserved.

Upgrade Paths to AVDF203Copyright 2020, Oracle and/or its affiliates. All rights reserved.

Upgrading from AVDF 12.2 to AVDF 20 (Latest RU)AVDF 12.2 to AVDF 20 latest RU Must start from at least AVDF 12.2 bundle patch 9AVDF 20AVDF 12.2BP9 orhigherIf your current version 12.2 BP9, then you mustfirst update to either BP9 or above prior to theupgradeAVDF 12.2 BP8 orbelowAVDF 12.2 BP9Mandatory AVDF BP9 Pre-upgrade Patch(Doc ID 2457374.1)4Copyright 2020, Oracle and/or its affiliates. All rights reserved.AVDF 20

Pre-Upgrade Checklist5Copyright 2020, Oracle and/or its affiliates. All rights reserved.

#1 Using Host Monitor on Windows Platform ?You most probably are at AVDF 12.2 BP10 or below, or at AVDF 12.2 BP13While AVDF12.2 is still configured: Stop the audit trails and the Audit Vault Agent on Windows host machine Configure host monitor on Windows host following instructions in Section Start the Audit Vault Agent and audit trails on the Windows host machine The Host Monitor is now powered by Npcap during runtime Log Service Request if network trail collection is not upCopyright 2020, Oracle and/or its affiliates. All rights reserved.

#2 Using Transaction Log Collection ?While AVDF12.2 is still configured: Install and deploy Oracle GoldenGate following instructions in section Log Service Request if Integrated Extract XML files are not receiving the redo log data Ignore the duplicate records observed for a brief duration as indicated in the sectionNote:Post the AVDF upgrade, you will delete and recreate the transaction log audit trails pointing to theIntegrated Extract XML file location. Since the XML files will already be receiving redo log data, redodata will not be lost.Copyright 2020, Oracle and/or its affiliates. All rights reserved.

#3 What is your Firmware Boot Option – Legacy BIOS / UEFI ? While AVDF12.2 is still configured, check the boot disk size If boot disk 2 TB and firmware boot option is in Legacy BIOS mode, there are two options: Option#1 : Reconfigure the boot disk to be less than 2TB, with no changes to boot mode-Take full backup of AVDF applianceShutdown the applianceChoose a server that has at least one hard disk which is less than 2 TBSystem is still configured to boot in legacy BIOS modeInstall the same bundle patch version of Audit Vault Server in 12.2 releaseRestore from the backup Option#2: Change the firmware boot option to UEFI-Take full backup of AVDF applianceShutdown the applianceConfigure the system to boot in UEFI mode, while still keeping the boot disk 2TBInstall the same bundle patch version of Audit Vault Server in 12.2 releaseRestore from the backup Refer to sectionCopyright 2020, Oracle and/or its affiliates. All rights reserved.UEFI bootoption is thepreferred choice

#4 Is there enough space in Boot Partition ? While AVDF12.2 is still configured, check the boot partition space Boot partition should have at least 500 MB before the upgrade process can begin If partition space 500MB-Take L0 Full backup of AVDF applianceShutdown the applianceInstall the same bundle patch version of Audit Vault Server in 12.2 releaseRestore from the backup Refer to sectionCopyright 2020, Oracle and/or its affiliates. All rights reserved.

#5 Compatible Java Version on Agent hosts ? While AVDF12.2 is still configured Check and ensure Java version is 1.8 or above on all agent hosts If any agent hosts are using Java versions 1.8, reconfigure them Stop the audit trails Stop the agent Update Java on the agent host Re-start the agent Re-start the audit trails Ensure the audit trails are up and runningCopyright 2020, Oracle and/or its affiliates. All rights reserved.

#6 Configure AVS Database Parameters for Scalability Refer to Sizing spreadsheet in MOS note 2092683.1 for sizing the following AVS Database parametersin AVDF12.2 Bounce the 12.2 AVS appliancepost the configuration Ensure AVS 12.2 is up and running MUST prior to upgrading to AVDF20for large scale enterprise deploymentsCopyright 2020, Oracle and/or its affiliates. All rights reserved.

#7 Re-evaluate Sizing of AVS and DBFW Appliance Refer to sizing spreadsheet in MOS note 2092683.1 for re-evaluating the AVS and DBFW serverconfiguration prior to AVDF20 upgrade Start AVDF20 on the recommendedsizing configuration Reach out to Product Management forany help with review /validation of thesizing spreadsheetCopyright 2020, Oracle and/or its affiliates. All rights reserved.

Upgrade Checklist13Copyright 2020, Oracle and/or its affiliates. All rights reserved.

Step 1: Take Backup Take backup prior to performing any upgrade Regardless of the upgrade paths (and multiple hops if you are upgrading from releases prior to12.2 BP9), perform a single backup operation prior to performing the first upgrade. Always recommended to do full back of the AVDF appliance Ensure the backup is operational by restoring and validating If AV Server is installed on a virtual machine (for example VM on Oracle VM or VMWare), it isrecommended to take a VM snapshot before starting the upgrade process Refer to section14Copyright 2020, Oracle and/or its affiliates. All rights reserved.

Step 2: Ensure the Pre-Upgrade RPM is executed successfully Install and execute the pre-upgrade RPM. Ensure pre-upgrade RPM checks are successful Refer to the section15Copyright 2020, Oracle and/or its affiliates. All rights reserved.

Step 3: Upgrade the Audit Vault Server Stop all the audit trails Transfer the upgrade iso and start the upgrade process following the section If the Audit Vault Server is configured in High Availability pair, Upgrade the standby AVS first, followed by primary AVS upgrade Follow the steps in the section16Copyright 2020, Oracle and/or its affiliates. All rights reserved.

Step 4: Upgrade the Database Firewall Server Stop all the monitoring points Transfer the upgrade iso and start the upgrade process following the section If the Database Firewall Server is configured in High Availability pair, Upgrade the standby DBFW first, followed by primary DBFW upgrade Follow the steps in the section17Copyright 2020, Oracle and/or its affiliates. All rights reserved.

Step 5: Automatic upgrade of Audit Vault Agents and Host Monitor Agents and Host Monitors are automatically upgraded when you upgrade the Audit Vault Server Send update signal will be sent to all agents which are up and running to auto-update During the Audit Vault Agent auto-update process, its status will be UNREACHABLE for a while. Itmay take as much as 45 minutes to return to RUNNING state.18Copyright 2020, Oracle and/or its affiliates. All rights reserved.

Post Upgrade Checklist19Copyright 2020, Oracle and/or its affiliates. All rights reserved.

Step 1: Apply the patch to remove Deprecated Ciphers Ensure all Audit vault Agents are upgraded to 20 and Host Monitor Agents are in Installed state Apply the patch Deprecated-Cipher-Removal.zip to remove deprecated ciphers post upgrade Refer to the section20Copyright 2020, Oracle and/or its affiliates. All rights reserved.

Step 2: Confirming the success of Audit Vault Upgrade The Audit Vault Server console can be launched without any issues. Successful log in to Audit Vault Server console as administrator and auditor without any issues. The home page of the Audit Vault Server console displays the correct version SSH connection to the Audit Vault Server is successful without any errors. Check the following items as administrator in Settings- System main page- Check the Uptime on the main page.- Check the status of Database Firewall log collection is up.-Check the status of Background Job is up.- Check the High Availability Status.21Copyright 2020, Oracle and/or its affiliates. All rights reserved.

Step 3: Confirming the success of Database Firewall UpgradeLog in to the Audit Vault Server console as administrator. -Click Database Firewalls tab.-The main page contains a list of Database Firewall instances. The status must be Up.-The Version should indicate release 20.-Click on a specific Database Firewall instance under the Name field.-Click Health Indicators under the Diagnostics section. All the health indicators must have agreen mark.-Ensure all the monitoring points are up in the Database Firewall Monitoring tab-Ignore the blank NIC interface field on the monitoring point configuration as themonitoring point is functional if it is Up. The UI issue will stand addressed in near RU release22Copyright 2020, Oracle and/or its affiliates. All rights reserved.

Step 4: Confirming the success of Audit Vault agent /Host monitor23 Log in to the Audit Vault Server console as administrator. Click Agents tab. The status of the Agents must be RUNNING. Check the version in the Agent Details column. It should indicate release 20. Check the Host Monitor version. It should indicate release 20.Copyright 2020, Oracle and/or its affiliates. All rights reserved.

Step 5: Miscellaneous Post-Upgrade Tasks Enable automated archiving Refer to the following section in AVDF Install Guide for other post upgrade tasks Refer to the list of known issues/workaround:24Copyright 2020, Oracle and/or its affiliates. All rights reserved.

Step 6: What functionality is carried over to AVDF 20 following the Upgrade ? All the configurations done on 12.2 AVDF appliance that are saved in AVSYS database, including- Policies provisioned (Audit policies, Alert policies, Firewall policies) Note the nomenclature changes in AVDF20 for user-defined firewall policy rules in section Note that Unified Audit policies in the Oracle database target can be retrieved and provisioned fromAVDF console. Refer section- Data retention policies- Registered targets, and corresponding audit trails and monitoring points All customizations done on 12.2 AVDF appliance that are saved in AVSYS database, including- Any custom reports created- Any custom collectors configured with audit collection plug-ins25Copyright 2020, Oracle and/or its affiliates. All rights reserved.

Stop the audit trails and the Audit Vault Agent on Windows host machine Configure host monitor on Windows host following instructions in Section Start the Audit Vault Agent and audit trails on the Windows host machine The Host Monitor is now powered by Npcap during runtime Log Service Request if network trail collection is .

Related Books

Oracle Database Security

Oracle Database Security

Oracle Audit Vault Oracle FLEXCUBE Universal Banking .

Oracle Audit Vault Oracle FLEXCUBE Universal Banking .

Lepide Data Security Platform

Lepide Data Security Platform

Database Administrator’s Guide - Oracle

Database Administrator’s Guide - Oracle

Hadoop on FreeBSD with ZFS

Hadoop on FreeBSD with ZFS

DBA Administrative Best Practices - Oracle

DBA Administrative Best Practices - Oracle

Database Security Guide - Oracle

Database Security Guide - Oracle

May 2001 Part No. A90347-02 - sdsc.edu

May 2001 Part No. A90347-02 - sdsc.edu

Oracle Unbreakable Cluster v. 12c - HrOUG

Oracle Unbreakable Cluster v. 12c - HrOUG

2015-10-01 Oracle Database - White Paper v6 JB - Insight NL

2015-10-01 Oracle Database - White Paper v6 JB - Insight NL

Oracle Database 19c Easy Connect Plus - Software

Oracle Database 19c Easy Connect Plus - Software

PopularTags

Recent Views