I am planning to implement a clustered 2 node Oracle RAC in an AIX environment at one of the new data Center. The RAC requires a Public IP address ( IP of a server hostname) and VIP address (Service IP used by Oracle clients or application to access the Database) reside in the same subnet. My question is related to the access of the VIP address from a client residing in a different site (same Intranet). I have a concern about having the VIP and the public IP address in the same subnet. Some of the IBM AIX HACMP configurations I have seen isolate the VIP (service IP) address subnet from the public IP address which I think will prevent oracle or other users from known the IP address of the server and hence not accessing the root of the server.
Can anyone who implemented an oracle solution from the network point of you to give some guide line to how to protect the servers from intruders; i.e. L2 switches needed, or VLAN or what ever.