Oracle Network Products Getting Started Release 2.3.4 for Windows Platforms |
Library |
Product |
Contents |
Index |
Oracle Network Product | Release | NT Server | NT Client | 95 Client | Windows Client |
SQL*Net | 2.3.31 | no | no | no | yes 2 |
SQL*Net | 2.3.4 | yes | yes | yes | no |
Oracle Protocol Adapters: | |||||
TCP/IP Protocol Adapter | 2.3.4 | yes | yes | yes | yes |
SPX Protocol Adapter | 2.3.4 | yes | yes | yes | yes |
DECnet Protocol Adapter3 | 2.3.4 | yes (NT 3.51 only) | yes (NT 3.51 only) | no | yes |
Named Pipes Protocol Adapter | 2.3.4 | yes | yes | yes | yes |
NetBIOS Protocol Adapter | 2.3.4 | no | no | no | yes |
LU6.2 Protocol Adapter | 2.3.4 | yes | yes | no | yes |
Bequeath Protocol Adapter (automatically installed with SQL*Net for local connections) | 2.3.4 | yes | yes | yes4 | no |
SQL*Net Configuration Tools: | |||||
SQL*Net Easy Configuration5 | n/a | yes | yes | yes | yes |
Oracle Network Manager6 | 3.1.0 | yes | yes | yes | yes |
Client Status Monitor and SQLNET.ORA Editor | 2.3.4 | no | no | no | yes |
Oracle Names Server | 2.0.4 | yes | no | no | no |
NDS Native Naming Adapter | 2.3.4 | no | yes | yes | yes |
SQL*Net Authentication Adapters: | |||||
NDS Authentication Adapter7 | 2.3.4 | no | yes | yes | yes |
Windows NT Authentication Adapter | 2.3.4 | yes8 | yes | yes | yes9 |
Advanced Networking Option10: | 2.3.4 | ||||
Network Security and Single Sign-On | 2.3.4 | yes | yes | yes | yes |
CyberSAFE Authentication Adapter | 2.3.4 | yes | yes | yes | yes |
SecurID Authentication Adapter | 2.3.4 | yes | yes | yes | yes |
Kerberos Authentication Adapter | 2.3.4 | yes | yes | yes | yes |
Biometric (Identix) Authentication Adapter | 2.3.4 | yes | yes | yes | no |
DCE Integration11 | 2.3.4 | yes | yes | yes | no |
ORA-03121 No interface driver connection - function not performed ORA-12634 TNS:Memory allocation failed If you receive this error, try using 535K or below one megabyte DOS memory. Free up more DOS memory by either not loading as many DOS drivers or by running MEMMAKER. |
A client and server or two servers running different versions of SQL*Net connect successfully. The SQL*Net functionality, however, defaults to the lower version. |
Database Release | 7.1.4 | 7.1.5 | 7.1.6 | 7.2.2 | 7.2.3 | 7.3.2 | 7.3.3 | 7.3.4 | 8.0.3 |
SQL*Net1 | 2.1.4 | 2.1.5 | 2.1.6 | 2.2.2 | 2.2.3 | 2.3.2 | 2.3.3 | 2.3.4 | n/a |
Names Server | 1.0 | 1.0 | 1.0 | 1.1 | 2.0 | 2.0.2 | 2.0.3 | 2.0.4 | 8.0.3 |
Advanced Networking Option | n/a | n/a | n/a | n/a | n/a | 2.3.2 | 2.3.3 | 2.3.4 | 8.0.3 |
Secure Network Services2 | 1.0.1 | 1.0.2 | 1.0.3 | 1.1 | 2.0 | n/a | n/a | n/a | n/a |
Net8 | n/a | n/a | n/a | n/a | n/a | n/a | n/a | n/a | 8.0.3 |
Additional Information:
|
|
Networking Product | Windows Platform | Supported Vendor |
TCP/IP Protocol Adapter | Windows 3.1 and Windows for Workgroups 3.11 | Third-party vendors that support JSB Virtual Socket Library version 3.0.11 |
Windows NT and Windows 95 | Microsoft TCP/IP | |
SPX Protocol Adapter | Windows 3.1 and Windows for Workgroups 3.11 | Novell NetWare version 3.11 or later, included in Novell NetWare Workstation Kit for DOS and Windows version 2.0 |
Windows NT and Windows 95 | Microsoft NW Link1
Novell IntranetWare Client version 4.1 for Windows NT Novell IntranetWare Client version 2.2 for Windows 95 Note: For Microsoft NW Link, Client Service for NetWare must be installed. |
|
DECnet Protocol Adapter | Windows 3.1 and Windows for Workgroups 3.11 | Digital DEC PATHWORKS for DOS/Windows version 5.1 or 6.0 |
Windows NT | Digital DEC PATHWORKS2 version 4.1B supporting Windows NT 3.51 | |
Named Pipes Protocol Adapter | Windows 3.1 and Windows for Workgroups 3.11 | Microsoft LAN Manager version 2.2 or Windows for Workgroups version 3.11 |
Windows NT and Windows 95 | Microsoft NETBEUI | |
NetBIOS Protocol Adapter | Windows 3.1 and Windows for Workgroups 3.11 | IBM LAN Support Program version 1.3, or Microsoft NetBEUI provided by Microsoft Windows for Workgroups version 3.11 |
LU6.2 Protocol Adapter | Windows 3.1 and Windows for Workgroups 3.11 | IBM Networking Services for Windows version 1.0 |
Windows NT | Microsoft SNA Server version 3.0 | |
NDS Native Naming Adapter | Windows 3.1 and Windows for Workgroups 3.11 | Novell NetWare Client version 4.1
Note: An Oracle7 release 7.2.2 or above for Netware release 4.1 is required. |
Windows NT and Windows 95 | Novell NetWare Client 32 version 4.1
Note: An Oracle7 release 7.2.2 or above for Netware release 4.1 is required. |
|
NDS Authentication Adapter | Windows 3.1 and Windows for Workgroups 3.11 | Novell NetWare Client version 4.1
Note: An Oracle7 release 7.2.2 or above for Netware release 4.1 is required. |
Windows NT and Windows 95 | Novell NetWare Client 32 version 4.
Note: An Oracle7 release 7.2.2 or above for Netware release 4.1 is required. |
|
Windows NT Authentication Adapter | Windows for Workgroups 3.11, Windows NT, and Windows 95 | Microsoft |
ANO DCE Integration Protocol Adapter | Windows NT and Windows 95 | Gradient PC-DCE/32 Runtime Services Kit version 2.0 |
ANO CyberSAFE Authentication Adapter | Windows 3.1 and Windows for Workgroups 3.11 | CyberSafe Challenger Version 5.2.7 |
Windows NT and Windows 95 | CyberSafe Application Security Toolkit version 1.0.4a | |
ANO SecurID Authentication Adapter | Windows 3.1 and Windows for Workgroups 3.11 | No vendor software requirements on an Oracle7 client, but a SecurID card is needed |
Windows NT and Windows 95 | No vendor software requirements on an Oracle7 client or server, but a SecurID card is needed | |
ANO Kerberos Authentication Adapter | Windows 3.1 and Windows for Workgroups 3.11 | No vendor software requirements on an Oracle7 client. |
Windows NT and Windows 95 | No vendor software requirements on an Oracle7 client or server. | |
ANO Biometric (Identix) Authentication Adapter | Window NT and Windows 95 | Identix hardware and driver on an Oracle7 client. |
Additional Information:
See Appendix B, "Verifying Parameters and Vendor Adapters for Windows 3.1x" for additional vendor information for Windows Oracle Protocol Adapters. |
TCP/IP is a combination of two network protocols that facilitate transferring data across a network:
|
SPX/IPX is a combination of two network protocols that carry data packets between clients and their servers:
|
DECnet is a collection of software and hardware communications products that lets various computer system users communicate in a network. Its peer-to-peer network environment lets any computer or node running DECnet communicate with all other nodes in the network without depending on a central controlling node. Each node is equally responsive to user requests, letting network users access applications. DECnet extends operating system use by creating an environment where client and server software is shared and accessed by other DECnet network users.
Many third party vendors on other operating systems and hardware platforms implement the DECnet protocol. DECnet capabilities include:
The Named Pipes Protocol Adapter is a high-level interface providing interprocess communications between clients and servers (distributed applications). One process (the server side of the application) creates the pipe, and the other process (the client side) opens it by name. What one side writes, the other can read, and vice versa. Named Pipes is specifically designed for PC-LAN environments.
The Oracle NetBIOS Protocol Adapter for Windows lets an Oracle application on a Windows client machine communicate with remote Oracle7 databases using NetBIOS.
Communication is over an IBM LAN Support Program or Microsoft Network Basic Extended User Interface (NetBEUI).
NetBEUI is part of the transport layer protocol, not the NetBIOS programming interface.
NetBEUI is fast, with a low overhead (number of extra bytes) per frame of data transmitted. The protocol, however, cannot be routed. Thus, NetBEUI is most appropriate in single subnet (continuous) networks.
NetBEUI provides compatibility with existing LAN Manager, LAN Server, and MS-Net installations. NetBEUI is provided with Windows NT to maintain connectivity to existing LAN Manager and MS-Net based networks.
Program-to-program communication protocols provide services for programs on one computer to initiate processes on another computer, thus establishing a dialog. Peer-to-peer communication is independent of the following:
APPC architecture lets the client and host communicate over an SNA network without forcing the client to emulate a terminal (as in terminal-to-host protocols). APPC architecture allows peer-to-peer communication; the client can initiate communication with the server.An SNA network with the LU6.2 and Physical Unit Type 2.1 (PU2.1) protocols provides APPC. The LU6.2 protocol defines a session between two application programs; LU6.2 is a product-independent LU-type.
The LU6.2 Protocol Adapter lets an Oracle application on a PC communicate with an Oracle7 database. This communication is over an SNA network with the Oracle7 database on a host system that supports APPC.
In addition to these server platforms, LU6.2 is available on operating systems that are client-only platforms.
The Bequeath Protocol Adapter:
Tool | Description | Where to Find Additional Information... |
SQL*Net Easy Configuration | Used for simple database connections. | "Using SQL*Net Easy Configuration" in Chapter 4, "Configuration" |
Oracle Network Manager | Used for complex networks, and advanced SQL*Net features such as Oracle Names and the Advanced Networking Option. | |
Client Status Monitor | Provides client connection troubleshooting information about a client workstation and access to the SQLNET.ORA editor. | |
SQLNET.ORA Editor | Enables you to edit parameters in your SQLNET.ORA file, including trace parameters. |
A well-known Names Server is a host whose address is hard coded into the Oracle Names server and its clients. By hard coding the address of the well-known Names Server, clients do not need to be told, by way of configuration files, where to find it.
When a service (for example, database) starts up, it automatically registers itself with the first well-known Names Server it locates. Once a service is registered with the Names Server, its address is available to SQL*Net clients throughout the network.
Default settings are hard coded for the Names Servers, SQL*Net, and Oracle Names, minimizing configuration.
Additional Information: |
Advanced Networking Option (ANO) provides its own naming service adapter. See "Advanced Networking Option" in this chapter for more information.
The NDS Native Naming Adapter enables you to integrate Oracle service names (or database aliases) and addresses into your existing non-Oracle name services. This feature allows users from multiple points to use a single login to access a multi-server and multi-database network, and view the entire network under a single directory tree.
The NDS Native Naming Adapter uses the NDS naming environment to store service names and addresses of Oracle7 for NetWare databases. This environment allows users to connect to Oracle7 databases whose server name is defined as an NDS object name.
To use the NDS Native Naming Adapter, you must configure your Windows client machine to a Novell NetWare 4.x workstation.
Additional Information:
|
ANO provides other authentication adapters. See "Advanced Networking Option" in this chapter for ANO authentication adapters.
|
|
ANO is comprised of the following components:
The following concepts are explained below:
In symmetric-key encryption, the sender of a message uses a secret key to encrypt the message, and the receiver uses the same secret key to decrypt the message. If Alice and Bob want to communicate, they must each know what the secret key is (and the key must be exchanged in a way that the secrecy of the key is preserved). If Bob and Steve want to communicate, they must also have a separate key (so that, for example, Alice cannot read their messages).
The main drawback of symmetric-key encryption is that, in a system with many users wanting to communicate, the management and distribution of keys becomes overwhelming.
Public Key CryptographyPublic key cryptography solves the key management problem of symmetric-key cryptography. In the public key scheme, each person receives a pair of keys:
Each public key is published, while the private key is confidential. Messages encrypted with a public key can only be decrypted with the corresponding private key. Messages encrypted with a private key can only be decrypted with the corresponding public key. Keys may not be deduced from each other. The sender and receiver of an encrypted message do not share confidential information, since all communications involve only public keys. Private keys are neither transmitted nor shared.For example, Alice sends a message to Bob so that only Bob can read it. She encrypts the message with Bob's public key, which is public knowledge. Bob decrypts the message with his private key to read it. Only Bob owns the private key that is able to decrypt the message, and only Bob can read the message.
Digital SignaturesPublic key cryptography can be used for authentication (digital signatures) as well as for privacy (encryption). A digital signature is a non-forgeable way of authenticating the sender of a message. Only the sender of a message could actually have sent the message. The sender cannot later claim that someone impersonated her or him.
For example, Alice orders equipment, and the purchasing department (where Bob works) requires a digital signature on the purchase order. To sign the purchase order, Alice performs a computation (hash) of the message, encrypts the hash with her private key, and attaches the encrypted hash (digital signature) to the order before sending it. To verify the signature, Bob decrypts the hash with Alice's public key, performs the same computation on the order, and compares the results with Alice's decrypted hash. If the results are the same, then only Alice could have sent the message.
Digital CertificatesTo establish confidence in the identity associated with a public key, public keys are incorporated into digital certificates. A digital certificate is a binding of a public key to a user by a trusted third party known as a Certificate Authority (CA). The public key and user identity, together with other information such as the certificate expiration date, are digitally signed by the CA. CAs serve as electronic notaries, attesting to the identity of users and the validity of their public keys.
Certificates may be issued in several ways. For instance, Alice may generate her own key pair and send the public key to an appropriate CA with some proof of her identification. The CA verifies the identification and takes other steps to ensure that Alice is really Alice. Next, the CA sends Alice a certificate attesting to the binding between Alice and her public key, along with a hierarchy of certificates verifying the CA's public key. Alice can present this certificate chain whenever necessary to demonstrate the legitimacy of her public key.
Alternatively, the key pair may be generated by an administrator in a way that the person generating the keys does not know Alice's private key. Alice's private key may be given to her on a diskette or embedded within a token. Alice's public key is bound to a certificate by the CA, a copy given to Alice and a copy stored in a public database for ready access.
Certificate Revocation Lists (CRL)Public keys are sometimes revoked before their expiration date. Such instances include compromised keys or employment termination. A CRL lists such revoked public keys. CAs maintain CRLs and provide information about revoked keys originally certified by the CA. CRLs list only current keys, since expired keys are not valid. A revoked key past the expiration date is removed from the list. Although CRLs are maintained in a distributed manner, networked sites may provide a centralized location for the latest CRLs.
Note:
See the RSA Data Security website at http://www.rsa.com for more information about public key cryptography and digital signatures. |
The following adapters are supported for this reason:
RPC is the transport mechanism that enables multi-vendor interoperability for DCE Integration. RPC also uses additional DCE services, including directory and security services, to provide location transparency and secure distributed computing.
DCE Integration works with the DCE Security Service to provide security within DCE cells. It enables a user logged onto DCE to securely access any Oracle application without specifying a user name or password. This function is referred to as external authentication to the database. In addition, clients and servers not running DCE authentication services can interoperate with systems that have DCE security by specifying an Oracle password.
DCE Integration uses multiple levels of security to ensure data authenticity, privacy, and integrity. For example, users have a range of choices, from no protection to full encryption for each connection, with a guarantee that no data has been modified in transit. For parts of your network that do not use DCE, you can use ANO-Network Security and Single Sign-On.
The DCE CDS Naming Adapter offers a distributed, replicated repository service for name, address, and attributes of objects across the network. Because servers register their name and address information in the DCE CDS Naming Adapter, Oracle clients can make location-independent connections to Oracle7 databases. Services can be relocated without any changes to the client configuration. An Oracle utility is provided to load the Oracle service names (with corresponding connect descriptors) into the DCE CDS Naming Adapter. After the names are loaded, Oracle connect descriptors can be viewed from a central location with standard DCE tools.
Prev Next |
Copyright © 1997 Oracle Corporation. All Rights Reserved. |
Library |
Product |
Contents |
Index |