Changes in This Release for Oracle Database Net Services Reference
This preface contains:
Changes in Oracle Net Services 18c Release 1 (18.1)
The following are the changes in Oracle Database Net Services Reference for Oracle Database 18c Release 1 (18.1):
New Features
The following are the new features in Oracle Net Services:
-
Read-only Oracle Home Support
An Oracle home can be configured in a read-only mode, which prevents creation or modification of files inside the Oracle home (
ORACLE_HOME
) directory. A read-only Oracle home can be used as a software image that can be shared across multiple independent servers. This simplifies patching and mass rollout as only one Oracle home image needs to be updated to distribute a patch to multiple servers. In the read-only Oracle home mode,ORACLE_BASE_
HOME is a home-specific directory located atORACLE_BASE/homes/
HOME_NAME. -
New sqlnet.ora Parameters
-
ACCEPT_MD5_CERTS
parameter replaces theORACLE_SSL_ALLOW_MD5_CERT_SIGNATURES
environment variable -
ACCEPT_SHA1_CERTS
parameter -
ADD_SSLV3_TO_DEFAULT
parameter
See Also:
sqlnet.ora Profile Parameters -
-
Ability to Create a Keystore for Each Pluggable Database
Starting with this release, each pluggable database (PDB) can have its own keystore, instead of there being only one keystore for the entire container database (CDB). The advantage of this feature is that it enables independent key management operations to be performed by each tenant (PDB) in a multitenant environment rather than having to share a keystore at the CDB root level. This feature benefits both multitenant and non-multitenant environments because it provides parameters to facilitate the configuration of the keystore location and the keystore type, eliminating the need for editing the
sqlnet.ora
file.This feature provides the following new functionality:
-
For multitenant environments, the following two modes:
-
United mode, in which the keystores and master encryption keys are primarily managed from the CDB root, and can be accessed from the united mode PDB. Within the PDB, the keystore can be opened and closed just for that PDB. You also can create a PDB-specific master encryption key for this keystore.
-
Isolated mode, in which the keystore and encryption keys are managed in an individual PDB. This way, each PDB can configure its own keystore type independently, and create and manage this keystore after configuring it.
To accommodate these modes, the
ADMINISTER KEY MANAGEMENT
SQL statement has been enhanced to behave differently in the two modes. -
-
For both non-multitenant and multitenant environments, the following are the new features:
-
Addition of the
WALLET_ROOT
static instance initialization parameter, to specify the keystore path. In this guide,WALLET_ROOT
refers to the configuration of software keystores, hardware keystores, and Oracle Key Vault keystores, but this parameter can be used to designate the wallet location for other products as well: Enterprise User Security, Secure Sockets Layer, Oracle XML DB, and Secure External Password Store. -
Addition of the
TDE_CONFIGURATION
dynamic instance initialization parameter, to specify the type of keystore to use. You can set this parameter for TDE software keystores, hardware security module keystores (HSMs), and Oracle Key Vault. -
Modification to the behavior of the
SQLNET.ENCRYPTION_WALLET_LOCATION
parameter, to enable its use only if theWALLET_ROOT
parameter has not been set
-
-
-
Integration of Active Directory Services with Oracle Database
With centrally managed users (CMU) Oracle database users and roles can map directly to Active Directory users and groups without using Oracle Enterprise User Security (EUS) or another intermediate directory service. EUS is not being replaced or deprecated; this new feature is another simpler option if you only want to authenticate and authorize users with Active Directory.
The direct integration with directory services supports better security through faster and easier configuration with the enterprise identity management architecture. In the past, users may have avoided integrating the database with directory services due to the difficulty and complexity. Centrally managed users allows the Oracle database to directly connect with Active Directory
-
Support for Oracle Connection Manager in Traffic Director Mode
This feature provides improved high availability and performance for both planned and unplanned outages with the help of new
cman.ora
parameters. Some of the existing parameters that support Oracle Connection Manager in Traffic Director Mode areinbound_connect_timeout
,min_gateway_processes
,max_gateway_processes
, andmax_connections
.
Changes in Oracle Net Services 12c Release 2 (12.2)
The following are the changes in Oracle Database Net Services Reference for Oracle Database 12c Release 2 (12.2):
New Features
The following are the new features in Oracle Net Services:
-
Listener Parameter for Multiple Redirects
Starting with Oracle Database 12c Release 2 (12.2), Oracle Net listener supports multiple redirects with the introduction of a new listener parameter,
ALLOW_MULTIPLE_REDIRECTS_
listener_name
. It supports seamless migration of a PDB from a local database to the Oracle Public Cloud.See Also:
Oracle Database Net Services Administrator's Guide for information about this parameter
-
Sharding and Data Dependent Routing
This feature provides the ability to horizontally partition the data across multiple independent Oracle databases, also called shards, and based on a key specified in the connect string, route the database requests to a particular shard.
See Also:
-
CONNECT_DATA section for information about the new parameters
-
Oracle Database Net Services Administrator's Guide for information about data-dependent routing
-
Oracle Data Provider for .NET Developer's Guide for Microsoft Windows for more information about this feature
-
-
SCAN Listener Support for HTTP
This feature enables load balancing across the HTTP presentation handlers residing on different nodes by redirecting to the least loaded node.
-
ExaDirect SQL*Net Adapter
Use the ExaDirect SQL*Net adapter for low overhead database access. Use the new transport to improve latency and throughput by leveraging Remote Direct Memory Access (RDMA) in an InfiniBand environment.
See Also:
Oracle Database Net Services Administrator's Guide for information
-
Direct SQL*Net Access Over Oracle Cloud
This feature enables Oracle Cloud support for Oracle Database over SQL*Net. The existing applications can now use Oracle Cloud without any code changes. The database clients can connect to Oracle Cloud using Oracle Connection Manager.
-
Service-Level ACLs for TCP Protocol
This feature allows every database service to have its own access control list (ACL) and the ACL is based on IPs. Since each pluggable database is a different service, this feature enables different pluggable databases to have different ACLs. These ACLs are enforced by the listener. In other words, access to a pluggable database service is enabled only for IPs that are permitted through an ACL.
-
Better Security for Password Verifiers
Starting with this release, Oracle Database provides several enhancements for password authentication verifiers.-
The default for the
SQLNET.ALLOWED_LOGIN_VERSION_SERVER
parameter is now12
(Exclusive Mode) instead of11
. A setting of12
generates both11G
and12C
verifiers. If you want to restrict the verifier generation to the12C
verifier, then you can setSQLNET.ALLOWED_LOGIN_VERSION_SERVER
to12a
. -
The
12C
verifier is now generated automatically. In previous releases, the10G
verifier was generated automatically.
See Also:
Oracle Database Security Guide for more information about this feature.
-
-
Additional Supported Encryption Algorithms
Starting with this release, you can use the ARIA, GOST, and SEED encryption algorithms for both column encryption and tablespace encryption, in addition to the AES and DES encryption standards. The following are the benefits of these new encryption standards:-
ARIA uses the same block sizes as AES. It is designed for lightweight environments and the implementation of hardware.
-
GOST is very similar to DES except that it has a large number of rounds and secret S-boxes.
-
SEED is used by several standard protocols: S/MIME, TLS/SSL, IPSec, and ISO/IEC.
-
See Also:
Oracle Database Advanced Security Guide for more information about this feature.