JavaScript must be enabled to correctly display this content
Replicate data between cloud databases in different regions with VCN peering
Learn to set up and configure Oracle Cloud Infrastructure GoldenGate and Virtual Cloud
Network (VCN) peering to replicate data between two Autonomous Databases located in
two different regions.
Oracle Cloud Infrastructure GoldenGate enables you to replicate data in supported OCI
databases located in different regions with private endpoints. This example demonstrates how
to connect OCI GoldenGate in Phoenix (Region A) to an
Autonomous Transaction Processing (ATP) instance in Frankfurt (Region B) with a private
endpoint.
In Region A, create a VCN (VCN A) with
two regional subnets:
Public (10.0.0.0/24)
Private (10.0.1.0/24)
On the VCN A Details page, under Resources, click
Dynamic Routing Gateway Attachments, and then
click Create DRG Attachment.
In the Create DRG Attachment panel, select the DRG you created, and
then click Create DRG Attachment.
In the DRG Attachments list, click the DRG name in the Dynamic Routing
Gateway column. You're brought to the DRG Details page.
On the DRG Details page, under Resources, click
Remote Peering Connection Attachments, and
then click Create Remote Peering
Connection.
In the Create Remote Peering Connection panel, enter a name, leave the
default settings as is, and then click Create Remote Peering
Connection. An RPC attachment is automatically added to
the DRG and its peering status set to New (not peered).
In the Remote Peering Connections Attachments list, under
Remote Peering Connection, click the RPC
name.
On the RPC Details page, for OCID, click
Copy.
Note:
You can temporarily
paste the OCID to a text editor for later use.
Repeat the previous step in Region B to create a VCN (VCN B) with
two regional subnets and DRG:
Public (192.168.0.0/24)
Private (192.168.1.0/24)
On Region B's RPC Details page, click Establish
Connection, select Region A's RPC, and then paste Region A's RPC
OCID. The Peer Status is then set to Peered.
On VCN A's Details page, under Resources, click Route
Tables, and then click route table for private
subnet-<VCN Name>.
Click Add Route Rules.
In the Add Route Rules panel, complete the following fields, and then click
Add Route Rules:
Target Type: Dynamic Routing Gateway
Destination CIDR Block: 192.168.1.0/24
On VCN B's Details page, under Resources, click Security
Lists, and then click security list for private
subnet-<VCN Name>.
Click Add Ingress Rules.
In the Add Ingress Rules dialog, complete the following fields and then click
Add Ingress Rules:
Source Type: CIDR
Source CIDR: 10.0.1.0/24
IP Protocol: TCP
Source Port Range: All
Destination Port Range: 1522
Note:
This is the default
port to access Oracle Autonomous Database (ADB) instances.
On VCN B's Details page, under Resources, click Route
Tables, and then click route table for private
subnet-<VCN Name>.
Click Add Route Rules.
In the Add Route Rules panel, complete the following fields and then click
Add Route Rules:
Target Type: Dynamic Routing Gateway
Destination CIDR: 10.0.1.0/24
Task 2: Create a
deployment
Ensure that you use VCN A in Region A, which was peered with VCN B in
Region B.
To see which regions OCI GoldenGate is available in, see
Cloud Data
Regions.
In the Console navigation menu, click Oracle Database, and then
select GoldenGate.
On the Deployments page, click Create deployment.
In the Create deployment panel, enter a name and optionally, a description.
From the Compartment dropdown, select a compartment in which to create the
deployment.
Select one of the following options:
Production: Sets up a deployment with
recommended defaults for a production environment. The minimum number of OCPUs is 4,
with auto-scaling enabled.
Development or testing: Sets up a deployment
with recommended defaults for a development or testing environment. The minimum number
of OCPUs is 1.
For OCPU count enter the number of
Oracle Compute units (OCPUs) to use.
Auto scaling enables OCI GoldenGate to scale up to three times the number of OCPUs you specify for
OCPU Count, up to 24 OCPUs. For example, if you specify your OCPU Count as 2 and enable
Auto Scaling, then your deployment can scale up to 6 OCPUs. If you specify your OCPU
Count as 20 and enable Auto Scaling, OCI GoldenGate can only scale up to 24
OCPUs.
From the Subnet in <Compartment> dropdown, select the
subnet to which a private endpoint is created from the OCI GoldenGate service
tenancy. This ensures that the deployment is always available over this subnet, as long as
the policies for this subnet allow access. The private endpoint is only used to access the
deployment console, and doesn't provide access to other resources in the subnet.
To select a subnet in a different compartment, click Change
compartment.
Note:
You can only select a private subnet
when creating a deployment.
Select a license type.
(Optional) Click Show advanced options for network options and
to add tags.
In the Network tab,
Select Enable GoldenGate console public
access to include a public endpoint in addition to a private
endpoint, and allow public access to the deployment console for users. If
selected, OCI GoldenGate creates a load balancer in your tenancy to
create a public IP. Select a subnet in the same VCN as this deployment in which to
create the load balancer.
Note:
The
load balancer is a resource that comes with an additional cost. You can manage
this resource, but ensure that you don't delete the load balancer while your
deployment is still in use. Learn more about load balancer
pricing.
Select Customize endpoint to provide a private fully
qualified domain name (FQDN) prefix that you'll use to access the private
service console URL. You can also optionally upload an SSL/TLS certificate
(.pem) and its corresponding private key, however, password protected
certificates are not supported.
It's your responsibility to ensure that the FQDN resolves to the
deployment's private IP address in the subnet you previously selected.
If the deployment is public, it's your responsibility to ensure
that the FQDN publicly resolves to the deployment's public IP address.
The services uses its own certificate, if you don't provide one,
and you may encounter security warning when launching the deployment
console.
Note:
Your SSL certificate must meet the following requirements:
It's common name should match the deployment's FQDN. If it
doesn't, you'll encounter warnings when you access the deployment
console.
It must be signed using a strong hashing algorithm. arcfour,
arcfour128, arcfour256, none algorithm types are not permitted.
It must not be expired.
It's maximum validity should not exceed 13 months.
It must not be a self-signed certificate.
If you encounter "Invalid Private Key" errors, you can
check the correctness of the key using the following OpenSSL commands. Run
this command against the
certificate:
For GoldenGate instance name, enter the name that the deployment
will assign to the GoldenGate deployment instance upon creation.
For Credential store, select one of the following:
OCI Identity and Access Management (OCI IAM), to enable users
to log in to the the deployment console using their Oracle Cloud account (single sign
on) in IAM (Identity and Access Management) enabled tenancies.
Note:
Once you select IAM, you won't be able
to switch to GoldenGate when you edit the deployment settings at a later
time.
GoldenGate, for GoldenGate to manage users.
Enter the Administrator username
Select a password secret in your compartment or click Change
compartment to select one in a different compartment. You can also create a
new password secret.
To create a new password secret:
Click Create password secret.
In the Create secret panel, enter a name for the secret, and
optionally, a description.
Select a compartment from the Compartment
dropdown in which to save your secret.
Select a vault in the current compartment, or click Change
compartment to select a vault in a different compartment.
Select an Encryption key.
Note:
Only AES keys, Software
protected keys, and HSM keys are supported. RSA and ECDSA keys are not
supported for GoldenGate password secret keys.
Enter a password 8 to 30 characters in length, containing at least
1 uppercase, 1 lowercase, 1 numeric and 1 special character. The special
characters must not be '$', '^' or '?'.
Confirm the password.
Click Create.
Note:
You can manage GoldenGate
users in the deployment console. Learn more.
Click Create.
Task 3: Configure DNS
Peering
Create a Listening and a Forwarding endpoint in VCN A:
From the Oracle Cloud console navigation menu, click Networking,
and then select Virtual Cloud Networks.
From the list of databases, select VCN A.
In VCN A, under VCN Information, select the DNS Resolver.
Under Resources, click Endpoints then click Create
endpoint to create a Listening and a Forwarding endpoint.
In the Create endpoint panel, enter a Name.
For Choose a subnet, select VCN A Private subnet from the
dropdown.
For Endpoint type, select Listening.
Click Create endpoint.
Repeat the steps above to create the Forwarding
endpoint.
Repeat step 1 to create a Listening and a Forwarding endpoint in VCN B.
Manage Rules for VCN A:
Go back to VCN A, click on DNS Resolver.
Under Resources, click Rules and then click Manage
rules:
In the Manage rules panel, for Rule
condition, select Domains from the dropdown.
For Domains, enter the DNS Domain Name for
VCN A.
You can also add your ADB domain name if
you're planning to connect to it. For example, if your
region is Phoenix, then your ADB domain name would be:
adb.us-phoenix-1.oraclecloud.com
For Source endpoint, select a Listening
endpoint for VCN B from the dropdown.
For Destination IP address, enter your
destination IP address.
Click Save changes.
Note:
See Resolver
Rules for more information about creating a
resolver rule.
You select 'Dedicated endpoint' for Traffic
routing method.
Ensure that the domain used by
the FQDN provided in the connection string or
wallet is being correctly forwarded to the
appropriate DNS Resolver using its Rules. See
Resolver
Rules for more information.
Oracle customer access to and use of Oracle support
services will be pursuant to the terms and conditions specified in their Oracle
order for the applicable services.