Oracle Installation for

Data Loss Prevention

v14.0

Installation on Windows

By
Keval Amin

1
INSTALLATION OF SYMANTEC DATA LOSS PREVENTION

Symantec Data Loss Prevention supports three different installation types: three-tier, two-tier,
and single-tier. Symantec recommends the three-tier installation. However, your organization
might need to implement a two-tier installation depending on available resources and
organization size. Single-tier installations are recommended for branch offices, small
organizations, or for testing purposes.

Single-tier

To implement the single-tier installation, you install the database, the Enforce Server, and a
detection server all on the same computer. Typically, this installation is implemented for
testing purposes.

A Symantec Data Loss Prevention Single Server deployment is a single-tier deployment that
includes the Single Tier Monitor detection server. The Single Tier Monitor is a detection
server that includes the detection capabilities of the Network Monitor, Network
Discover/Cloud Storage Discover, Network Prevent, Mobile Prevent, Network Prevent for
Email, and the Endpoint Prevent and Endpoint Discover detection servers. Each of these
detection server types is associated with one or more detection "channels." The Single Server
deployment simplifies Symantec Data Loss Prevention administration and reduces
maintenance and hardware costs for small organizations, or for branch offices of larger
enterprises that would benefit from on-site deployments of Symantec Data Loss Prevention.

If you choose either of these types of installation, the Symantec Data Loss Prevention
administrator needs to be able to perform database maintenance tasks, such as database
backups.

2
 1 ORACLE DATABASE INSTALLATION

Installing Oracle 11g on Windows

Install Oracle 11g and create the Symantec Data Loss Prevention database by performing the
following steps on the server computer that will host the Oracle database.

Step 1:

Shut down the following services if they are running in Windows Services:

• All Oracle services

• Distributed Transaction Coordinator service

To view the services go to Start > Control Panel > Administrative Tools > Computer
Management, and then expand Services and Applications and click Services.

Step 2:

Extract the win64_11.2.0.4_database_1of2.zip and

win64_11.2.0.4_database_2of2.zip files into a temporary directory, such as
C:\temp\Oracle.

Step 3:

Extract the 11.2.0.4_64_bit_Installation_Tools.zip file from

DownloadHome\DLP\14.0\New_Installs\Oracle_Configuration into a
temporary directory, such as C:\temp\Oracle\tools.

3
Step 4:

To install the Oracle software, use the command prompt to navigate to the temporary
directory where you extracted the win64_11.2.0.4_database.zip files and run
the following command, which includes the paths to the temporary directories where you
extracted the ZIP files in steps 2 and 3:

E:\od\database\setup.exe -noconfig -responsefile

E:\od\tools\responsefiles\Oracle_11.2.0.4_Installation_WIN.r
sp

The installation wizard appears with pre-selected values drawn from the installation
response file. You can confirm these values and click through the panels without needing
to enter information where noted.

Figure 1.1: Run installation file with command prompt

4
Step 5:

On the Configure Security Updates panel, I wish to receive security updates via My
Oracle Support is deselected. Click Next.

Figure 1.2: Configure Security Updates

A dialog box displays that asks you to confirm that you wish to remain uninformed of
critical security issues. Click Yes.

Figure 1.3: Security Updates Confirm Box

Symantec provides Oracle Critical Patch Updates for use with Symantec Data Loss
Prevention. You do not need to receive these updates from Oracle Support.

5
Step 6:

On the Download software updates panel, Skip software updates is selected. Click
Next.

Figure 1.4: Download Software Updates

6
Step 7:

On the Select Installation Options panel, Install database software only is selected. Click
Next.

Figure 1.5: Installation Option

7
Step 8:

On the Grid Installation Options panel, Single instance database installation is

selected. Click Next.

Figure 1.6: Grid Installation Options

8
Step 9:

On the Select Product Languages panel, click Next to accept English as the default
language.

Figure 1.7: Product Language Selection

9
Step 10:

On the Select Database Edition panel, Standard Edition is selected. Click Next.

Figure 1.8: Database Edition Selection

10
Step 11:

On the Specify Installation Location panel, the Oracle Base and Software Location
paths fields are populated. Click Next.

Oracle Base: E:\oracle

Software Location: E:\oracle\product\11.2.0.4\db_1

Figure 1.9: Installation Location

11
Figure 1.10: Prerequisite Checks

12
Step 12:

On the Summary panel, click Install to begin the installation. The installer application
installs the Oracle 11g software to your computer.

Figure 1.11: Summery Window

13
Figure 1.12: Product Installation Process (10%)

Figure 1.13: Product Installation Process (100%)

14
Step 13:

On the Finish panel, click Close to exit the installer application.

Figure 1.14: Installation Successful

15
Creating the Symantec DLP Database

Follow this procedure to create the Symantec Data Loss Prevention database on Windows
systems.

Step 1:

Set the ORACLE_HOME environment variable for your new installation. Open a
command prompt, and enter:

set ORACLE_HOME=c:\oracle\product\11.2.0.4\db_1

Figure 1.15: Set ORACLE_HOME Environment Variable

If you installed Oracle 11g into a different location, substitute the correct directory in
this command.

16
Step 2:

Navigate to the C:\temp\Oracle\tools folder where you extracted the

11.2.0.4_64_bit_Installation_Tools.zip file.

Figure 1.16: Navigation to tools folder to get the file

17
Step 3:

Copy the database template file

(Oracle_11.2.0.4_Template_for_DLP_v14.0_64_bit_WIN.dbt)
from the C:\temp\Oracle\tools folder to the
%ORACLE_HOME%\assistants\dbca\templates folder.

Figure 1.17: Copying the database template file

18
Step 4:

(Optional) Rename the OraDb11g_home1 section of the menu item to

Oracle_11.2.0.4.

Step 5:
Open a command prompt, and execute the following command (line breaks added for
legibility):
%ORACLE_HOME%\bin\dbca

-progressOnly

-responseFile
C:\temp\Oracle\tools\responsefiles\Oracle_11.2.0.4_DBCA_W
IN.rsp

Figure 1.18: Run Oracle_11.2.0.4_DBCA_WIN.rsp file

19
Step 6:

Enter the SYS user password at the prompt.

Figure 1.19: Enter Username and Password

Step 7:

Enter the SYSTEM user password at the prompt. Follow these guidelines to create
acceptable passwords:
• Passwords cannot contain more than 30 characters.
• Passwords cannot contain double quotation marks, commas, or backslashes.
• Avoid using the & character.
• Passwords are case-sensitive by default. You can change the case sensitivity
through an Oracle configuration setting.
• If your password uses special characters other than _, #, or $, or if your password
begins with a number, you must enclose the password in double quotes when you
configure it.

20
Step 8:

The Database Configuration Assistant window appears. The database creation

process can take up to 20 minutes to complete. If the process fails or stops running,
check the %ORACLE_HOME%\cfgtoollogs\dbca\SID folder. For example:
C:\oracle\product\11.2.0.4\db_1\cfgtoollogs\dbca\protect.
When the database creation process is complete, a new Database Configuration
Assistant window appears. It displays the database details.

Figure 1.20: Database Configuration Assistant

21
Step 9:

Click OK.

Figure 1.21: Database Configuration Assistant complete

Step 10:

If the database services OracleServicePROTECT and

DistributedTransaction Coordinator are down, start them using
Windows Services: Start > Control Panel > Administrative Tools > Computer
Management > Services and Applications > Services.

22
Creating the TNS Listener on Windows

Perform the following procedure to create a TNS listener for the Symantec Data Loss
Prevention database.

Step 1 (Optional):

If you logged on as a domain user, you must set the sqlnet.ora file
SQLNET.AUTHENTICATION_SERVICES=() value to none. Otherwise, proceed
to step 2.
To set the sqlnet.ora file SQLNET.AUTHENTICATION_SERVICES=() value,
perform the following steps in this order:
• Open sqlnet.ora, located in the %Oracle_Home%\network\admin
folder (for example,
c:\oracle\product\11.2.0\db_1\NETWORK\ADMIN), using a text
editor.
• Change the SQLNET.AUTHENTICATION_SERVICES=(NTS) value to
none:
• SQLNET.AUTHENTICATION_SERVICES=(none)
• Save and close the sqlnet.ora file.

Figure 1.22: Editing in sqlnet.ora file

23
Step 2:

Start the Oracle Net Configuration Assistant by selecting Start > All Programs >
Oracle 11.2.0.x > Configuration and Migration Tools > Net Configuration
Assistant.

Figure 1.23: Start Net Configuration Assistant

24
Step 3:

On the Welcome panel, select Listener configuration and click Next.

Figure 1.24: Oracle Net Configuration Assistant: Welcome Screen

Step 4:

On the Listener Configuration, Listener panel, select Add and click Next.

Figure 1.25: Oracle Net Configuration Assistant: Add Listener

25
Step 5:

On the Listener Configuration, Listener Name panel, enter a listener name and click
Next.

Figure 1.26: Oracle Net Configuration Assistant: Listener Name

Step 6:
On the Listener Configuration, Select Protocols panel, select the TCP protocol and
click Next.

Figure 1.27: Oracle Net Configuration Assistant: Select Protocols

26
Step 7:

On the Listener Configuration, TCP/IP Protocol panel, select Use the standard
port number of 1521 and click Next.

Figure 1.28: Oracle Net Configuration Assistant: TCP/IP Protocols – Port Number

Step 8:

On the Listener Configuration, More Listeners? panel, select No and click Next.

Figure 1.29: Oracle Net Configuration Assistant: Add more Listener

27
Step 9:

On the Listener Configuration Done panel, click Next.

Figure 1.30: Oracle Net Configuration Assistant: Listener Configuration Done

Step 10:

Leave the Oracle Net Configuration Assistant open to configure the Local Net Service
Name.

Figure 1.31: Oracle Net Configuration Assistant: Finish Listener Configuration

28
Step 11:

On the computer that runs your Oracle database, open a command prompt. The
command window must run as Administrator.

Step 12:

Run the following command: lsnrctl stop

Figure 1.32: Stop Listener Service

Step 13:
Open the following file in a text editor:
%ORACLE_HOME%\network\admin\listener.ora

Figure 1.33: Location of listener.ora file

29
Step 14:
Locate the following line:
(ADDRESS = (PROTOCOL = IPC)(KEY = <key_value>))
Step 15:

Change key_value to PROTECT.

Figure 1.34: Key value changed to PROTECT

Step 16:

Add the following line to the end of the file:

SECURE_REGISTER_LISTENER = (IPC)

Figure 1.35: Line Added to listener.ora file

30
Step 17:

Save the file and exit the text editor.

Step 18:

Run the following command: lsnrctl start

Figure 1.36: Start Listener Service

31
Step 19:

Run the following commands to connect to the database using SQLPlus:

sqlplus /nolog
conn sys/<password> as sysdba

Figure 1.37: Connection to Database

Step 20:

Run the following command:

ALTER SYSTEM SET local_listener =
'(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=PROTECT)))'
SCOPE=both;

Figure 1.38: Alter System

32
Step 21:

Run the following command to register the listener:

ALTER SYSTEM REGISTER;

Figure 1.39: Alter System Register

Step 22:

Exit SQL Plus by running the following command: exit

Figure 1.40: Disconnect and Exit SQL Plus Command Prompt

33
Step 23:

Run the following command to verify the change:

lsnrctl services
The command output should display a message similar to the following:
Services Summary...
Service "protect" has 1 instance(s).
Instance "protect", status READY, has 1 handler(s) for
this service...
Handler(s):
"DEDICATED" established:0 refused:0 state:ready
LOCAL SERVER
The command completed successfully

Figure 1.41: Check lsnrctl services

34
Configuring the local net service name

Perform the following procedure to configure the Local Net Service Name for the Symantec
Data Loss Prevention database.

Step 1:

If the Oracle Net Configuration Assistant is not already running, start it by selecting
Start > All Programs > Oracle 11.2.0.4 > Configuration and Migration Tools >
Net Configuration Assistant.

Figure 1.42: Start Net Configuration Assistant

35
Step 2:

On the Welcome panel, select Local Net Service Name configuration and click
Next.

Figure 1.43: Oracle Net Configuration Assistant – Welcome Screen

Step 3:

On the Net Service Name Configuration panel, select Add and click Next.

Figure 1.44: Add Net Service Name

36
Step 4:

On the Net Service Name Configuration, Service Name panel, enter "protect"
in the Service Name field and click Next.

Figure 1.45: Give Service Name

Step 5:

On the Net Service Name Configuration, Select Protocols panel, select TCP and
click Next.

Figure 1.46: Select Protocols

37
Step 6:

On the Net Service Name Configuration, TCP/IP Protocol panel:

• Enter the IP address of the Oracle server computer in the Host name field.
• Select Use the standard port number of 1521 (the default value).
• Click Next.

Figure 1.47: TCP/IP Protocol and Hostname

Step 7:

On the Net Service Name Configuration, Test panel, select No, do not test and click
Next. Do not test the service configuration, because the listener has not yet started.

Figure 1.48: Service Name Test

38
Step 8:

On the Net Service Name Configuration, Net Service Name panel, select accept the
default name of "protect" and click Next.

Figure 1.49: Enter Service Name

Step 9:

On the Net Service Name Configuration, Another Net Service Name? panel, select
No and click Next.

Figure 1.50: Add more Service Name?

39
Step 10:

On the Net Service Name Configuration Done panel, select Next.

Figure 1.51: Service Name Configuration Done

Step 11:

Click Finish to exit the Oracle Net Configuration Assistant.

Figure 1.52: Exit Net Configuration Assistant

40
Verifying the Symantec DLP database

After you create the Symantec Data Loss Prevention database, verify that it was created
correctly.

Step 1:

Open a new command prompt and start SQL*Plus: sqlplus /nolog

Figure 1.53: Start SQL Plus

Step 2:

Log on as the SYS user:

SQL> connect sys/password@protect as sysdba
Where password represents the SYS password.

Figure 1.54: Connect to Database

41
Step 3:

Run the following query: SQL> SELECT * FROM v$version;

Step 4:

Make sure that the output from the query contains the following information, which
identifies the software components as version 11.2.0.4.
BANNER
---------------------------------------------------------
Oracle Database 11g Release 11.2.0.4.0 - 64-bit
Production
PL/SQL Release 11.2.0.4.0 - Production
CORE 11.2.0.4.0 Production
TNS for 64-bit Windows: Version 11.2.0.4.0 - Production
NLSRTL Version 11.2.0.4.0 - Production

Figure 1.55: Confirm output

Step 5:

Exit SQL*Plus: SQL> exit

42
Creating the Oracle user account for Symantec DLP

Perform the following procedure to create an Oracle user account and name it “protect.”

Step 1:

Navigate to the C:\temp\Oracle\tools folder.

Step 2:
Start SQL*Plus: sqlplus /nolog

Figure 1.56: Navigate to tools folder

Step 3:
Run the oracle_create_user.sql script:
SQL> @oracle_create_user.sql

Figure 1.57: Running the script

43
Step 4:
At the Please enter the password for sys user prompt, enter the password for the
SYS user.

Step 5:
At the Please enter sid prompt, enter "protect."

Step 6:
At the Please enter required username to be created prompt, enter "protect"
for the user name.

Step 7:
At the Please enter a password for the new username prompt, enter a new
password.
Follow these guidelines to create acceptable passwords:
• Passwords cannot contain more than 30 characters.
• Passwords cannot contain double quotation marks, commas, or backslashes.
• Avoid using the & character.
• Passwords are case-sensitive by default. You can change the case sensitivity
through an Oracle configuration setting.
• If your password uses special characters other than _, #, or $, or if your
password begins with a number, you must enclose the password in double
quotes when you configure it.

44