Example: Configuring connection management for untrusted networks

This example shows steps that are required to configure connection management for an untrusted network.

About this task

For this example, you have a high-availability cluster on an untrusted network. All hosts use UNIX™ operating systems. The cluster consists of four servers:
  • A primary server (server_1)
  • A shared-disk secondary server (server_2)
  • An HDR secondary server (server_3)
  • An RS secondary server (server_4)

Procedure

To configure connection management:
  1. Install at least two network interface cards on each host.
  2. Install at least two Connection Managers. Install each Connection Manager onto a different host, and do not install the Connection Managers onto the hosts that database servers are installed on.
  3. On each host Connection Manager host, set the ONEDB_HOME environment to the directory the Connection Manager was installed into.
    Run the following command:
    setenv ONEDB_HOME path
  4. Create a configuration file in each Connection Manager installation's $ONEDB_HOME/etc directory.
    The first Connection Manager's configuration file is named cm_1.cfg and has the following entries:
    NAME connection_manger_1
    LOG 1
    LOGFILE $ONEDB_HOME/tmp/my_cm1_log.log
    LOCAL_IP 192.0.2.0,192.0.2.1
    
    CLUSTER cluster_1
    {
       ONEDB_SERVER cluster_1
       SLA oltp_1    DBSERVERS=primary
       SLA payroll_1 DBSERVERS=(PRI,HDR) \
                     POLICY=WORKLOAD
       SLA report_1  DBSERVERS=(SDS,HDR,RSS) \
                     POLICY=WORKLOAD
       FOC ORDER=ENABLED \
           PRIORITY=1
       CMALARMPROGRAM $ONEDB_HOME/etc/CMALARMPROGRAM.sh
    }
    The second Connection Manager's configuration file is named cm_2.cfg and has the following entries:
    NAME connection_manger_2
    LOG 1
    LOGFILE $ONEDB_HOME/tmp/my_cm2_log.log
    LOCAL_IP 192.0.2.2,192.0.2.3
    
    CLUSTER cluster_1
    {
       ONEDB_SERVER cluster_1
       SLA oltp_2    DBSERVERS=primary
       SLA payroll_2 DBSERVERS=(PRI,HDR)\
                     POLICY=WORKLOAD
       SLA report_2  DBSERVERS=(SDS,HDR,RSS) \
                     POLICY=WORKLOAD
       FOC ORDER=ENABLED \
           PRIORITY=2
       CMALARMPROGRAM $ONEDB_HOME/etc/CMALARMPROGRAM.sh
    }
  5. Set the onconfig file DRAUTO configuration parameter on all database servers to 3, to specify that Connection Managers control failover arbitration.
    DRAUTO 3
  6. Set the onconfig file HA_FOC_ORDER configuration parameter on server_1 to SDS,HDR,RSS
    HA_FOC_ORDER SDS,HDR,RSS
  7. Optional: Configure the cmalarmprogram script on each Connection Manager host.
  8. Add entries to thesqlhosts files on server_1 and server_2's host, server_3's host, and server_4's host.
    #dbservername   nettype    hostname   servicename   options
     server_1       onsoctcp   host_1     port_1        s=6
     a_server_1     onsoctcp   host_1     port_2
    
     server_2       onsoctcp   host_1     port_3        s=6
     a_server_2     onsoctcp   host_1     port_4
    
     server_3       onsoctcp   host_2     port_5        s=6
     a_server_3     onsoctcp   host_2     port_6
    
     server_4       onsoctcp   host_3     port_7        s=6
     a_server_4     onsoctcp   host_3     port_8
    
  9. Create a sqlhosts file on each Connection Manager's host.
    #dbservername   nettype    hostname   servicename   options
     cluster_1      group      -          -             c=1,e=a_server_4
     server_1       onsoctcp   host_1     port_1        s=6,g=cluster_1
     a_server_1     onsoctcp   host_1     port_2        g=cluster_1
     server_2       onsoctcp   host_1     port_3        s=6,g=cluster_1
     a_server_2     onsoctcp   host_1     port_4        g=cluster_1
     server_3       onsoctcp   host_2     port_5        s=6,g=cluster_1
     a_server_3     onsoctcp   host_2     port_6        g=cluster_1
     server_4       onsoctcp   host_3     port_7        s=6,g=cluster_1
     a_server_4     onsoctcp   host_3     port_8        g=cluster_1
  10. In each database server's onconfig file, set the DBSERVERALIASES parameter to that database server's alias.
    The onconfig file entry for server_1:
    DBSERVERALIASES a_server_1
    The onconfig file entry for server_2:
    DBSERVERALIASES a_server_2
    The onconfig file entry for server_3:
    DBSERVERALIASES a_server_3
    The onconfig file entry for server_4:
    DBSERVERALIASES a_server_4
  11. On one of the Connection Manager hosts, use a text editor to create an ASCII-text password file that contains security information. Save the file to the $ONEDB_HOME/tmp directory.
    For example, my_passwords.txt has the following entries:
    cluster_1   a_server_1  user_1  password_1
    cluster_1   a_server_2  user_2  password_2
    cluster_1   a_server_3  user_3  password_3
    cluster_1   a_server_4  user_4  password_4
    
    server_1    a_server_1  user_1  password_1
    server_2    a_server_2  user_2  password_2
    server_3    a_server_3  user_3  password_3
    server_4    a_server_4  user_4  password_4
    
    a_server_1  a_server_1  user_1  password_1
    a_server_2  a_server_2  user_2  password_2
    a_server_3  a_server_3  user_3  password_3
    a_server_4  a_server_4  user_4  password_4
    
  12. On the host where the password file is saved, run the onpassword utility with a specified encryption key to encrypt the password and create passwd_file in the $ONEDB_HOME/etc directory.
    For example, run the following command, specifying my_secret_encryption_key_456 as your encryption key:
    onpassword -k my_secret_encryption_key_456 -e my_passwords.txt
  13. Store the original text file and encryption key in a safe place.
  14. Distribute $ONEDB_HOME/etc/passwd_file to all the database servers that Connection Managers connect to, and to all Connection Managers.
    For systems that use Enterprise Replication, also distribute $ONEDB_HOME/etc/passwd_file to all the database servers that the cdr utility connects to.
  15. Create a sqlhosts file on each client host.
    #dbservername  nettype    hostname   servicename   options
     oltp          group      -          -             c=1,e=oltp_2
     oltp_1        onsoctcp   cm_host_1  cm_port_1     g=oltp
     oltp_2        onsoctcp   cm_host_2  cm_port_2     g=oltp
    
     report        group      -          -             c=1,e=report_2
     report_1      onsoctcp   cm_host_1  cm_port_3     g=report
     report_2      onsoctcp   cm_host_2  cm_port_4     g=report
     
     payroll       group      -          -             c=1,e=payroll_2
     payroll_1     onsoctcp   cm_host_1  cm_port_5     g=payroll
     payroll_2     onsoctcp   cm_host_2  cm_port_6     g=payroll
  16. Set each ONEDB_ SQLHOSTS environment variable to the sqlhosts file location by running the setenv command on each Connection Manager and client host.
    setenv ONEDB_ SQLHOSTS path_and_file_name
  17. Run the oncmsm utility on each Connection Manager host, to start each Connection Manager.
    On the host of connection_manager_1:
    oncmsm -c cm_1.cfg
    On the host of connection_manager_2:
    oncmsm -c cm_2.cfg
  18. Check each Connection Manager's log file to verify that the Connection Manager started correctly.