C Securing Oracle Traffic Director Deployment. Oracle 11g Release 1

Add to My manuals
308 Pages

Oracle Traffic Director 11g Release 1 is a software solution designed for load balancing, content switching, and web acceleration. It helps distribute traffic across multiple servers, ensuring high availability and optimal performance for your web applications. With advanced features like origin server health checking and dynamic discovery, Oracle Traffic Director automatically manages server pools and ensures that user requests are directed to the most suitable server.

advertisement

C Securing Oracle Traffic Director Deployment. Oracle 11g Release 1 | Manualzz

C

Securing Oracle Traffic Director

Deployment

This appendix provides information about the steps that you can take to secure your

Oracle Traffic Director deployment.

For information about securing access to the Oracle Traffic Director administration

server and enabling SSL/TLS, see Managing Security

.

Securing Oracle Traffic Director

The following are some of the steps that you can perform to secure Oracle Traffic

Director in your environment:

• Configure your system firewall to ensure that:

– Oracle Traffic Director server instance ports are accessible for external traffic.

The default port is 8989. For information about how to find port information for various instances, see

Viewing a List of Administration Nodes

.

– Oracle Traffic Director administration port is only accessible for internal traffic.

– Oracle Traffic Director administration node can communicate with the administration server.

• Alternatively you could ensure that Oracle Traffic Director administration nodes can only listen on private interfaces such as bond0

, which is not available to external traffic. For more information, see

Managing Administration Nodes .

• Ensure Oracle Traffic Director server instance is running as nonroot

and not listening on all interfaces. For information about starting Oracle Traffic Director

instances, see Starting_ Stopping_ and Restarting Oracle Traffic Director Instances

.

Note:

For each Oracle Traffic Director configuration that you instantiate on an administration node, a subdirectory named net-config_name

is created in the

INSTANCE_HOME

subdirectory.

• Ensure that sufficient file descriptors are available. For more information, see

Tuning the File Descriptor Limit .

• Ensure that appropriate network level protections are taken care. For more information, see http://www.oracle.com/technetwork/articles/servers-storageadmin/secure-linux-env-1841089.html.

Securing Oracle Traffic Director Deployment C-1

Securing Oracle Traffic Director

In addition, you should consider hardening your system. For information about hardening an Oracle Linux system, see http://www.oracle.com/technetwork/ articles/servers-storage-admin/tips-harden-oracle-linux-1695888.html.

C-2 Oracle Traffic Director Administrator's Guide

advertisement

Key Features

  • Load balancing
  • Content switching
  • Web acceleration
  • Origin server health checking
  • Dynamic discovery
  • SSL/TLS termination
  • Web application firewall
  • High availability
  • Performance optimization
  • Flexible deployment options

Related manuals

Frequently Answers and Questions

How do I reset the password for the administration server user?
The password for the administration server user can be reset using the tadm command-line utility.
What is a "configuration"?
A configuration in Oracle Traffic Director defines the behavior and settings of an Oracle Traffic Director instance, including virtual servers, origin server pools, and listeners.
How do I access the administration console?
The administration console can be accessed through a web browser by navigating to the URL of the administration server
Why am I unable to select TCP as the health-check protocol when dynamic discovery is enabled?
When dynamic discovery is enabled, Oracle Traffic Director automatically detects and manages the origin servers in a cluster. In this mode, the health-check protocol is automatically set to HTTP for discovery purposes.
After I changed the origin servers in a pool to Oracle WebLogic Servers, they are not discovered automatically, though dynamic discovery is enabled. Why?
Dynamic discovery relies on the origin servers responding to HTTP health checks. If the origin servers are configured as Oracle WebLogic Servers, you may need to ensure that the WebLogic Server is configured to respond to HTTP health checks.
How do I view the request and response headers sent and received by Oracle Traffic Director?
You can view the request and response headers using the server log. Enable the server log in the administration console and configure the logging level to include the request headers and response headers.
Download PDF

advertisement

Table of contents