OCI: Connection manager 18c setup for ATP/ADW

This note is about how to configure Connection manager 18c to be used as a front end proxy for both the autonomous database ATP or data warehouse ADW.


#1 First provision a VM running a basic shape, running OL7


#2 Login to the connection manager VM and configure the oracle user as detailed in this note


#3 Configure the XDisplay as detailed in this note


#4 Add the following prereq for the 12c client runinstaller not to fail because of missing prerequisites

yum install compat-libcap1 libstdc++-devel ksh glibc-devel libaio-devel psmisc


#5 Open the port tcp/1950 for the connection manager as detailed in this note


#6 Transfer the 18c Database client on the VM and unzip it as the oracle user.


#7 Login with the oracle user and run the installer. Ignore the warning about the swap size. Install the connection manager component


#8 Create the directory /u01/app/oracle/admin/wallet/atp_wallet and transfer into this location the ATP or ADP wallet files.

This directory should list the following files:

ls -l /u01/app/oracle/admin/wallet/atp_wallet
total 44
-rw-r--r--. 1 oracle oinstall 10613 Dec 16 13:10 cwallet.sso
-rw-------. 1 oracle oinstall     0 Dec 16 13:10 cwallet.sso.lck
-rw-r--r--. 1 oracle oinstall 10568 Dec 16 13:10 ewallet.p12
-rw-------. 1 oracle oinstall     0 Dec 16 13:10 ewallet.p12.lck


#9 Configure the cman.ora file in $ORACLE_HOME/network/admin

Specify the private IP and a port. Other parameters are only relevant for more complex configurations.

Add the wallet_location parameter


wallet_location =


#10 Start the connection manager

$ cmctl startup 
CMCTL for Linux: Version - Production on 16-Dec-2018 13:35:42
Copyright (c) 1996, 2018, Oracle. All rights reserved.
Current instance ... is not yet started
Starting Oracle Connection Manager instance ...
Please wait...
CMAN for Linux: Version - Production
Status of the Instance
Instance name cman...oraclevcn.com
Version CMAN for Linux: Version - Production
Start date 16-Dec-2018 13:35:42
Uptime 0 days 0 hr. 0 min. 9 sec
Num of gateways started 3
Average Load level 0
Log Level USER
Trace Level USER
Instance Config file /u01/app/oracle/product/18.0.0/client_1/network/admin/cman.ora
Instance Log directory /u01/app/oracle/diag/netcman/.../alert
Instance Trace directory /u01/app/oracle/diag/netcman/.../trace
The command completed successfully.



#11 Test the connection to the ATP

Revise the TNS aliases to reference first the connection manager host and port:

    (ADDRESS =
       (PROTOCOL = TCP)
       (HOST =
       (PORT = 1950))
    (ADDRESS =
      (service_name=[atp service].atp.oraclecloud.com)
        "CN=adwc.eucom-central-1.oraclecloud.com,OU=Oracle BMCS FRANKFURT,O=Oracle Corporation,L=Redwood City,ST=California,C=US"))   )


then connect from the ATP database using the new alias:

$ sqlplus user/pwd@atp_cman

SQL*Plus: Release - Production on Sun Dec 16 13:47:30 2019 Version
Copyright (c) 1982, 2018, Oracle.  All rights reserved.
Last Successful login time: Fri Dec 16 2018 13:46:49 +00:00
Connected to:
Oracle Database 18c Enterprise Edition Release - Production Version

OCI: Setting up the firewall on iaas VMs

Examples of command to manage the firewall on OCI VMs.


sudo iptables -I INPUT -p tcp -m tcp --dport 3876 -j ACCEPT

sudo service iptables save

sudo service iptables restart




sudo firewall-cmd --zone=public --add-port=8000/tcp --permanent

sudo firewall-cmd --zone=public --add-port=8443/tcp --permanent

sudo firewall-cmd --add-port=5555/tcp

sudo firewall-cmd --add-port=1521/tcp --permanent

sudo firewall-cmd --add-port=1950/tcp --permanent 
sudo systemctl restart firewalld.service



EMCC: Redirection http->https

To have the unsecured login page redirected to the secured https page, proceed as follow:

#1 On each OMS server, navigate into the htdocs directory, for example:

cd /u01/app/oracle/gc/gc_inst/user_projects/domains/GCDomain/config/fmwconfig/components/OHS/instances/ohs*/htdocs


#2 Create there the redirection page welcome-index.html (12c) or index.html (13c) with the following content:

<meta HTTP-EQUIV="REFRESH" content="1; url=https://xxxxx.xxx.com/em">
<img src="/images/company.png"/>
<p><font size="14"><font color="##FF0000"><font face="Calibri"><i>Redirecting</i></font></font></font></p>

Optionally include an image as above.