Page 707
When logging into certain sites, an error is issued that warns users that they must have a personal certificate prior to entering that site. Their certificate identifies them by name, address, and other required information that uniquely identifies the person holding a certain certificate. It can be issued only once, and great care must be taken to secure this certificate. Release 1 of Oracle Security Server issues certificates only for Web servers. In Release 2, this capability is improved to include Net8 clients and servers. According to Oracle documentation, the certificates issued by the Oracle Security Server are in compliance with the international standard for electronic commerce (X.509).
To ensure that only those people with the proper authorization access the database, Oracle has created a two-tiered level of security. The DBA must create the user with the Oracle Security Server and also in the database as a global user. Without both the userid and the certificate, access is denied. Care must be taken in creating the global user. A userid cannot be both global and local.
The DBA must have a strong understanding of how to effectively set up and use SQL*Net in order to manage a distributed system. SQL*Net and its management are addressed in Chapter 20.
In conjunction with the system administrator and the network administrator, the DBA will have to establish what servers will be able to support the distributed systems. A server that controls the mail or intranet system will be an unlikely target for the distributed databases. Network traffic has a direct impact on the performance of any database, particularly the distributed system.
The distributed database is made up of several databases that are linked by database links and network connections. Management of these systems can vary greatly. In large, highly decentralized companies, each location may have its own DBA. In a highly centralized company, one DBA may be responsible for databases located in different states, and in some cases, countries. The management and tuning of these databases are the same as of autonomous databases, with the exception of the links and the views that reference them.
There are several reasons to utilize the distributed database system. The following are some of them:
Page 708
These features can be very useful for companies. For example, let's say Big Widget Company (BWC) is a large, international widget maker with offices in Detroit, Michigan, Milan, Italy, and Frankfurt, Germany. BWC has started an aggressive R&D program to develop a new type of widget for international use. Because of each country's standards, the widget specification for each country is slightly different. These differences are kept in a separate table called SITE_SPECIFICATION. Because this is an R&D project, the changes to the specifications are highly dynamic, and each country requires occasional access to the other's specifications. This has created a need for a distributed database.
The setup of a distributed system may be dependent upon the application. If the software utilizes the distributed database, many of the tasks performed by the DBA, such as the creation of database links, may be performed automatically during the installation of the software. However, in the case of BWC, the responsibility of setting up the distributed database is the DBA's. Because this is an R&D project, BWC has decided to invest the funds in the development side of the project. As a result, the responsibility for maintaining the databases relies on one DBA.
Each database will be installed as an autonomous database. The setup should be based on the number of concurrent users on the database in each country. Other factors to consider when installing the database are the following:
NOTE |
Remote users should be included in determining concurrent users if a system is heavily accessed.n |
Using Database LinksDatabase links comprise the method used by Oracle to access a remote database object. There are three types of database links:
Page 709
A public database link is similar to a public synonym; when referenced, it is accessible to all users. Private links are accessible by the owner (schema) of the link. A global link is created automatically when using Oracle Names, explained in detail in Chapter 20.
There are some significant additions in the syntax of the Oracle8 database link. The syntax for creating a public or private database link is essentially the same:
CREATE [SHARED] [PUBLIC] DATABASE LINK dblink [authenticated clause]|[CONNECT TO [CURRENT_USER|user IDENTIFIED BY password] Â[authenticated clause] USING `{connect string}';
There are several differences between Oracle8 and Oracle7 for this syntax. A new process has been added and another has been altered.
SHARED is an entirely new process. In order to use this process, the database must be using a multithreaded server. This enables the creation of a database link that can use existing connections, if available. This should not be used unless the DBA fully understands the concept behind shared database links and the multithreaded server. If set up improperly, the performance of the system can be severely affected. For more information concerning shared database links and how to effectively use them, please read Chapter 2, "Distributed Database Administration Shared Database Links," in Oracle8 Server Distributed Database Systems.
The authenticated clause is associated with the SHARED portion of the database link. This must be used when using SHARED. The following is the syntax for the authentication clause:
AUTHENTICATED BY username IDENTIFIED by PASSWORD
This does not perform any action by the user in the authentication clause; it just requires that the username be a valid user and password on the remote server. The DBA can create a dummy account specifically for this purpose.
CURRENT_USER uses the new Oracle8 global user type. This powerful new feature enables the creation of a user that can access any database on a node (server) with the use of a single login. This is not to be confused with a local user. This user must be created using the Oracle8 Security Server.
Using the BWC example, the following code would create a simple public link in the Germany database from Detroit:
CREATE PUBLIC DATABASE LINK germany.bwc.com USING `GERMANY';
Note that the database name is case-sensitive. If not defined by Oracle Names, the name GERMANY must appear, either as an alias or as the actual name in TNSNAMES.ORA. The