How to connect CDP components to a TCPS-enabled Oracle database

Learn which CDP components support TCPS-enabled Oracle database and how to configure them to work with an TCPS-enabled Oracle database.

What is TCPS

TCPS is Transmission Control Protocol with SSL. It provides higher security between the database and CDP services than TCP alone.

List of CDP components and Runtime services that support TCPS-enabled Oracle database

The following CDP components can use a TCPS-enabled Oracle database starting with CDP 7.1.9:
  • Cloudera Manager server
  • Reports Manager
  • Hive MetaStore
  • Hue
  • Schema Registry
  • Streams Messaging Manager
  • Oozie
  • Sqoop
  • Ranger
  • Ranger KMS

High-level steps to configure and set up TCPS

In any TLS connection, there are two entities involved–a client and a server. In CDP, Cloudera Manager and Runtime services are the clients and the Oracle database is the server.
  1. First, you enable TCPS on the Oracle database server, as described in Enabling TCPS for Oracle Database Server.
  2. Specify the JDBC URL or a connection string when you add the Runtime services in the Add service wizard using Cloudera Manager. Review the instructions for each supported service in Configuring runtime services to connect to TLS 1.2/TCPS-enabled databases.

You can also configure the existing Runtime services to connect to a TCPS-enabled Oracle database. See Configuring runtime services to connect to TLS 1.2/TCPS-enabled databases.

How to verify whether TCPS is enabled on your database

You can verify whether TCPS is successfully enabled on your Oracle database by running the following command:
SQL> select sys_context('userenv','network_protocol') from dual;
If TCPS is enabled, you see the following output:
SYS_CONTEXT('USERENV','NETWORK_PROTOCOL')
----------------------------------------------------------------------
tcps
Alternatively, check whether the PROTOCOL = TCPS line is present in the following configuration files:
  • listener.ora
  • tnsnames.ora