Oracle Cloud Infrastructure Documentation

Create Stream Analytics resources

To use Stream Analytics in OCI GoldenGate, create a Stream Analytics deployment and assign connections.

Tip:

Ensure that you review the OCPU management and billing information for both OCI GoldenGate and Stream Analytics deployments before you proceed.

Create the Stream Analytics deployment

Before you begin

Before you create a deployment, review the following requirements:

  • If you enable public deployment console access in Step 15, OCI GoldenGate creates a load balancer in your tenancy VCN on your behalf. To ensure successful creation of the deployment and load balancer, you must have the appropriate policies, quotas, and limits in place.
  • In Oracle Cloud Infrastructure Identity and Access Management (OCI IAM) enabled tenancies, Step 16 requires you to select the credential store you'll use to log in to the deployment console.
  • Depending on your source and target technology types, you may need more than one deployment. If you're not sure how many deployments you need for your solution, see Example topologies for details.
To create a Stream Analytics deployment in the Oracle Cloud console:
  1. In the Console navigation menu, click Oracle Database, and then select GoldenGate.
  2. On the Deployments page, click Create deployment.
  3. In the Create deployment panel, enter a name and optionally, a description.
  4. From the Compartment dropdown, select a compartment in which to create the deployment.
  5. Select Stream analytics for deployment type.
  6. The Stream analytics technology type is automatically selected for you.
  7. For Version, the latest version is automatically selected. Click Change version to select a different version.
    Note

    Learn more about versions.
  8. Select one of the following options:
    • Development or testing: Sets up a deployment with recommended defaults for a development or testing environment. The minimum number of OCPUs is 1.
    • Production: Sets up a deployment with recommended default of 4 OCPUs with auto-scaling enabled for a production environment. The minimum number of OCPUs needed is 3, with auto-scaling enabled.
  9. For Select OCPU enter the number or click Change shape to use the slider to choose the number of Oracle Compute units (OCPUs) to use.
  10. (Optional) Select Auto scaling.
    Note

    Auto scaling enables OCI GoldenGate to scale up to three times the number of OCPUs you specify for OCPU Count, up to 24 OCPUs. For example, if you specify your OCPU Count as 2 and enable Auto Scaling, then your deployment can scale up to 6 OCPUs. If you specify your OCPU Count as 20 and enable Auto Scaling, OCI GoldenGate can only scale up to 24 OCPUs.
  11. From the Subnet in <Compartment> dropdown, select the subnet to which a private endpoint is created from the OCI GoldenGate service tenancy. This ensures that the deployment is always available over this subnet, as long as the policies for this subnet allow access.

    To select a subnet in a different compartment, click Change compartment.

    Note

    You can only select a private subnet when creating or updating a deployment.
  12. Select a license type.
  13. For GoldenGate instance name, enter a name for the stream analytics instance.
  14. For Credential store, select one of the following:
    • OCI Identity and Access Management (OCI IAM), to enable users to log in to the the deployment console using their Oracle Cloud account (single sign on) in IAM (Identity and Access Management) enabled tenancies.
      Note

      • Once you select IAM, you won't be able to switch to GoldenGate when you edit the deployment settings at a later time.
      • This option is preferred for a Db2 for i deployment, to prevent issues with log in and Distribution Paths.
      1. (Optional - applies only to Data Replication deployments) Select Customize group to role mappings to map user groups to specific GoldenGate roles. At minimum, you must assign the Security role group to a user group. Learn more about Oracle GoldenGate user roles and privileges.
    • GoldenGate, for GoldenGate to manage users.
      1. Enter the Administrator username
      2. Select a password secret in your compartment or click Change compartment to select one in a different compartment. You can also create a new password secret.

        To create a new password secret:

        1. Click Create password secret.
        2. In the Create secret panel, enter a name for the secret, and optionally, a description.
        3. Select a compartment from the Compartment dropdown in which to save your secret.
        4. Select a vault in the current compartment, or click Change compartment to select a vault in a different compartment.
        5. Select an Encryption key.
          Note

          Only AES keys, Software protected keys, and HSM keys are supported. RSA and ECDSA keys are not supported for GoldenGate password secret keys.
        6. Enter a password 8 to 30 characters in length, containing at least 1 uppercase, 1 lowercase, 1 numeric and 1 special character. The special characters must not be '$', '^' or '?'.
        7. Confirm the password.
        8. Click Create.
      Note

      You can manage GoldenGate users in the deployment console. Learn more.
  15. (Optional) Click Show advanced options for network options and to add tags.
    1. In the Network tab,
      1. Select Enable GoldenGate console public access to include a public endpoint in addition to a private endpoint, and allow public access to the deployment console for users. If selected, OCI GoldenGate creates a load balancer in your tenancy to create a public IP. Select a public subnet in the same VCN as this deployment in which to create the load balancer.
        Note

        The load balancer is a resource that comes with an additional cost. You can manage this resource, but ensure that you don't delete the load balancer while your deployment is still in use. Learn more about load balancer pricing.

      2. Select Customize endpoint to provide a private fully qualified domain name (FQDN) prefix that you'll use to access the private service console URL. You can also optionally upload an SSL/TLS certificate (.pem) and its corresponding private key, however, password protected certificates are not supported.

        • It's your responsibility to ensure that the FQDN resolves to the deployment's private IP address in the subnet you previously selected.
        • If the deployment is public, it's your responsibility to ensure that the FQDN publicly resolves to the deployment's public IP address.

        The services uses its own certificate, if you don't provide one, and you may encounter security warning when launching the deployment console.

        Note

        Your SSL certificate must meet the following requirements:
        • It's common name should match the deployment's FQDN. If it doesn't, you'll encounter warnings when you access the deployment console.
        • It must be signed using a strong hashing algorithm. arcfour, arcfour128, arcfour256, none algorithm types are not permitted.
        • It must not be expired.
        • It's maximum validity should not exceed 13 months.
        • It must not be a self-signed certificate.
        If you encounter "Invalid Private Key" errors, you can check the correctness of the key using the following OpenSSL commands. Run this command against the certificate:
        openssl x509 --noout --modulus --in <cert>.pem |openssl md5

        Then run this command on the private key:

        openssl rsa --noout --modulus --in <key>.pem |openssl md5

        The output of the two commands should return the same md5 value. If it doesn't, then the certificate and private key don't match.

    2. In the Maintenance section:
      1. Select Customize maintenance window to define the start of the maintenance window to upgrade the deployment.
      2. (Optional) For Major release auto-upgrade period in days, enter the number of days, between 0 and 365.
      3. (Optional) For Bundle release auto-upgrade period in days, enter the number of days, between 0 and 180 days.
      4. (Optional) For Security patch auto-upgrade period in days, enter the number of days, between 0 and 14 days.
      5. Select Enable minor release auto-upgrade, and, optionally, enter the number of days.
      Note

      Learn more about scheduling upgrades.
    3. In the Backup schedule section:
      1. Select Configure backup schedule.
      2. Select the Date and Time to start creating backups.
      3. Select the Frequency for creating backups, either Daily, Weekly, or Monthly.
      4. Select Backup metadata only, to create backups without trail files.
      5. Select the Compartment in which to create backups.
      6. Select the Compartment and the Object storage bucket in which to save backups.
    4. In the Tags section, add tags to help track the resources within your tenancy. Click + Additional tag to add more tags. Learn more about tagging.
  16. Click Create to create the deployment, or click Save as Stack to save this configuration to Resource Manager.

    If you select Save as stack, then the Save as stack panel opens, where you can optionally provide a name and description for the stack and select the compartment to save it in. Learn more about Resource Manager.

Your Stream analytics deployment takes a few minutes to create. Its status changes to Active when your deployment is ready to use. Ensure that you create and assign connections to the deployment before you use your deployment.

Supported connections

Learn about what types of connections are supported by OCI GoldenGate Stream Analytics.

OCI GoldenGate Stream Analytics supports the following source technology types:

Note

You can also create Coherence, Ignite, and Java Message Server (JMS) connections directly within the Stream Analytics console.

Stream Analytics supports the following target technology types:

Note

You can also create Amazon S3, Azure Data Lake Storage, Coherence, Hadoop File Storage (HDFS), Ignite, JMS, and MongoDB connections directly within the Stream Analytics console.

Assign a connection to a deployment

Ensure that you have connections created for your source and target technologies.
Note

If using connections with password secrets, the deployment you're assigning the connection to must be able to access the connection's password secrets. Ensure that you add the policy: allow dynamic-group <group-name> to read secret-bundles in <location> to your compartment or tenancy.
To assign a connection to a deployment:
  1. On the deployment details page, under Resources, click Assigned connections.
  2. Click Assign connection.
  3. In the Assign connection dialog, select a connection from the dropdown. If you want to select a connection from a different compartment, click Change Compartment.
  4. Click Assign connection.
The selected connection appears in the Assigned connections list. You can also view and manage this relationship from the Connection details page under Assigned deployments.
Note

If a connection with a dedicated endpoint remains unassigned for seven days, then the service converts it to a shared endpoint.

When you assign a connection to a deployment, GoldenGate removes disallowed characters from the name you entered and trims it to 30 characters in length. The name must only contain alphanumeric characters, and follow the alias pattern: ^[a-zA-Z][a-zA-Z0-9_#$]*$. If a connection with the same alias is already assigned, a number is automatically added to the new alias name.