The Oracle Database uses various encryption algorithms to secure the information moving across the network between the Oracle Database Server and a client. The Enterprise Manager agent communicates with the Database target over a TCP protocol to get real-time monitoring data. The Oracle Management Server (OMS) also communicates with the Database target in clear text over the network to manage the target. As TCP transfers data in clear text format over the network, anyone can access and modify the data. To secure the data exchanges between the OMS and managed target, Enterprise Manager can use the TCPS protocol to encrypt and protect the data.

The Secure Monitoring feature in Enterprise Manager allows you to monitor Oracle Database targets on secure channels using a TCP/IP with SSL (Secure Socket Layer) protocol. You can also discover and monitor the Listener processes running on TCPS ports using the Enterprise Manager console.

You can choose from the following options available for target monitoring:

• Target Monitoring over TCP

  In this case, Enterprise Manager connects to the target database for target monitoring using the TCP protocol. The data communication between the target database and the Enterprise Manager OMS happens in clear text form over the network.

• Target Monitoring over TCPS with Server Authentication using Trusted Certificate

  Enterprise Manager connects to the target database TCP over a secure socket layer (SSL) for target monitoring. In this case, the client authenticates the database server using a trusted certificate of the server. The data communicates over the network between Enterprise Manager and the target database in encrypted form.

• Target Monitoring over TCPS with Server Authentication using Kerberos

  Enterprise Manager connects to the target database TCP over a secure socket layer (SSL) for target monitoring. In this case, the client authenticates the database server using the Kerberos authentication protocol. The data communicates over the network between Enterprise Manager and the target database in encrypted form.

You can enable secure monitoring while discovering the target database, or you can change the secure monitoring settings for a target database on the Monitoring Configuration page.