Connect to Oracle Autonomous AI Database

Learn to create a connection to Oracle Autonomous AI Transaction Processing or Autonomous AI Lakehouse to use as sources and targets for OCI GoldenGate.

Before you begin

Ensure that you:

• Review how OCI GoldenGate connects to your sources and targets.
• Depending on your Oracle GoldenGate version:
  • Prepare the database for Oracle GoldenGate 23ai
  • Prepare the database for Oracle GoldenGate 21c.
• For Autonomous AI Database, Unlock the GGADMIN user.
• Configure the required policies to enable secure Vault and Secrets access, such as use secrets, use vaults, and read secret-bundles. For more information, see Minimum recommended policies.

Connect to Autonomous AI Database

Note:

For Autonomous AI Database Serverless connections with remote peers configured with Data Guard, failover automatically occurs from the primary to the standby database, so long as you configure your network to resolve the standby database's host name from the primary database's subnet. You can select the database or manually enter the database details when you create the connection. If you manually enter the database details, ensure that you enter the database connection string of both the primary and standby databases.

To create an Autonomous AI Database connection:

1. From the OCI GoldenGate Overview page, click Connections.
   You can also click Create Connection under the Get started section and skip to step 3.
2. On the Connections page, click Create Connection.
3. On the Create Connection page, complete the fields as follows:
   1. For Name, enter a name for the connection.
   2. (Optional) For Description, enter a description that helps you distinguish this connection from others.
   3. If creating this deployment for GoldenGate on Multicloud, select your Subscription.
      1. From the Compartment dropdown, select the compartment in which the Resource Anchor resides.
      2. Select the Multicloud partner region.
      3. Select your Partner availability zone. The available options populate based on the selected Multicloud partner region.
   4. For Compartment, select the compartment in which to create the connection.
   5. For Type, select Autonomous AI Database.
   6. For Database details, you can choose:
      • Select database to select from a list of existing Autonomous AI Database in the selected compartment, and then select a password secret from the dropdown or click Change compartment to choose a password secret in a different compartment.

        Note:

        When you select an existing Autonomous AI Database, a private endpoint is created automatically.
      • Enter database information and then manually complete the following fields:
        • If not using a database wallet, enter the Database connection string.
        • If you don't enter a Database connection string, you use a Wallet secret.

          Note:

          • If you're using a Wallet, it must at least contain the cwallet.sso and tnsnames.ora files.
          • If you prefer not to use secrets, ensure that you deselect Use secrets in vault in the Security section under Advanced Options, located at the bottom of this form.
   7. For Database username, enter the username to connect to the database with.
   8. Select the Database user password secret. If located in a different compartment, use the dropdown to change compartments.

      Note:

      • Secrets are credentials such as passwords, certificates, SSH keys, or authentication tokens that you use with OCI services. To create a secret, see Creating a secret. Ensure that you:
        • Select Manual secret generation.
        • Paste the credentials into Secret contents.
      • If you prefer not to use password secrets, ensure that you deselect Use secrets in vault in the Security section under Advanced Options, located at the bottom of this form.
   9. If the Autonomous AI Database instance you selected allows you to change the Security protocol, select from the following options:
      • MTLS: provides a higher level of security, recommended for production environments. If selected, ensure you refresh the connection each time you rotate the MTLS wallet.
      • TLS: walletless security that provides reduced connection latency. If selected, ensure that the network is properly configured to allow TLS connections.
   10. Expand Show advanced options. You can configure the following options:
       • Security:
         • Deselect Use vault secrets you prefer not to use password secrets for this connection. If not selected:
           • Select Use Oracle-managed encryption key to leave all encryption key management to Oracle.
           • Select Use customer-managed encryption key to select a specific encryption key stored in your OCI Vault to encrypt your connection credentials.
       • Network connectivity
         • Shared endpoint, to share an endpoint with the assigned deployment. You must allow connectivity from the deployment's ingress IP.
         • Dedicated endpoint, for network traffic through a dedicated endpoint in the assigned subnet in your VCN. You must allow connectivity from this connection's ingress IPs.

           Note:

           • If a dedicated connection remains unassigned for seven days, then the service converts it to a shared connection.
           • Learn more about Oracle GoldenGate connectivity.
       • Security attributes: Add security attributes to control access to this connection using Zero Trust Packet Routing (ZPR).
       • Tags: Add tags to organize your resources.
4. Click Create.

After the connection is created, it appears in the Connections list. Ensure that you assign the connection to a deployment to use it as a source or target in a replication.

Known issues

Action required for Autonomous Databases that use mTLS Authentication

When an Autonomous Database wallet is rotated, the OCI GoldenGate connection to this database must be refreshed to retrieve the latest wallet information.

For more information see, My Oracle Support (MOS) Document 2911553.1.

To refresh an Autonomous Database connection: Edit and save the connection to the Autonomous Database (Autonomous Transaction Processing or Autonomous Data Warehouse). Saving the connection automatically downloads and refreshes the wallet. No other changes to the connection is needed.

To verify:

1. Launch the deployment console for a deployment that uses the Autonomous Database connection.
2. In the deployment console, open the navigation menu, and then click Configuration.
3. On the Credentials screen, observe the Autonomous Database connection string.

   Before the wallet is refreshed, the connection string looks like the following:

   ggadmin@(DESCRIPTION=(TRANSPORT_CONNECT_TIMEOUT=3)(CONNECT_TIMEOUT=60)(RECV_TIMEOUT=120)(retry_count=20)(retry_delay=3)(address=(protocol=tcps)(port=1522)(host=adb.us-phoenix-1.oraclecloud.com))(CONNECT_DATA=(COLOCATION_TAG=ogginstance)(FAILOVER_MODE=(TYPE=SESSION)(METHOD=BASIC)(OVERRIDE=TRUE))(service_name=<adb-servicename>_low.adb.oraclecloud.com))(security=(MY_WALLET_DIRECTORY=“/u02/connections/ocid1.goldengateconnection.oc1.phx.<ocid>/wallet”)(SSL_SERVER_DN_MATCH=TRUE)(ssl_server_cert_dn=“CN=adwc.uscom-east-1.oraclecloud.com,
           OU=Oracle BMCS US, O=Oracle Corporation, L=Redwood City, ST=California,
           C=US”)))

   After the wallet is refreshed, the connection string is updated to look like the following:

   ggadmin@(DESCRIPTION=(TRANSPORT_CONNECT_TIMEOUT=3)(CONNECT_TIMEOUT=60)(RECV_TIMEOUT=120)(retry_count=20)(retry_delay=3)(address=(protocol=tcps)(port=1522)(host=adb.us-phoenix-1.oraclecloud.com))(CONNECT_DATA=(COLOCATION_TAG=ogginstance)(FAILOVER_MODE=(TYPE=SESSION)(METHOD=BASIC)(OVERRIDE=TRUE))(service_name=<adb-servicename>_low.adb.oraclecloud.com))(security=(MY_WALLET_DIRECTORY=“/u02/connections/ocid1.goldengateconnection.oc1.phx.<ocid>/wallet”)(SSL_SERVER_DN_MATCH=TRUE)(ssl_server_dn_match=yes)))

---

Title and Copyright Information

Copyright ©2022,

Oracle and/or its affiliates.