2 Provisioning Oracle GoldenGate Microservices on Marketplace

This chapter describes the steps to provision Oracle GoldenGate Microservices for Oracle Cloud Marketplace.

Setting up Oracle GoldenGate Microservices for Your Database

Before you can start using Oracle GoldenGate Microservices, there are a few tasks that you must perform, depending on your database platform, to ensure that your environment is complete and ready to replicate your data.

Prerequisites to Deploy Oracle GoldenGate Microservices

Here are the prerequisites required to deploy Oracle GoldenGate Microservices:

  • Oracle Cloud Account

  • Access to assigned Oracle Cloud Tenant

  • Compute node resources within Oracle Cloud Tenant

  • Local SSH/RSA Key

Create an SSH/RSA Key

To work with the Oracle Cloud Infrastructure once the Oracle GoldenGate Compute Node is built, you have to provide a SSH Public Key during the interview process that will allow you to log in to the node once built.

Perform the following steps to build your SSH keys:

  1. Open a Terminal window and start the key generation program by typing the following command:
    $ ssh-keygen Generating public/private rsa key pair.
  2. Enter the path to store this file. By default, this gets saved in your home directory under a hidden folder called .ssh. Change this default location, if required.
    Enter file in which to save the key (/Users/johndoe/.ssh/id_rsa): <Return>
  3. Enter a passphrase for using your key.
    Enter passphrase (empty for no passphrase): <passphrase>
  4. Re-enter the passphrase to confirm it.
    Enter same passphrase again: <passphrase>
  5. Check the results.

    The key fingerprint (a colon separated series of 2 digit hexadecimal values) is displayed. Check if the path to the key is correct. In the above example, the path is /Users/johndoe/.ssh/id_rsa.pub. You have now created a public or private key pair.

Note:

For generating key pair on Windows platform, refer to Creating a Key Pair section in Oracle Cloud Infrastructure Documentation.

Finding Oracle GoldenGate within the Oracle Cloud Marketplace

Follow the below steps to launch Oracle GoldenGate Microservices from Oracle Cloud Marketplace :
  1. Log in to Oracle Cloud Marketplace.
  2. From the Oracle Cloud Marketplace home page, use the search box under Applications and search for the keyword GoldenGate.
  3. From the search results, select Oracle GoldenGate.

Deploying Oracle GoldenGate Microservices on Oracle Cloud Marketplace

After finding Oracle GoldenGate Microservices listing in Oracle Cloud Marketplace, you can deploy Oracle GoldenGate using the provided Stack Listing. This TerraForm Stack prompts you for specific information and then builds the Oracle Cloud Infrastructure Compute Node with the desired hardware settings, Oracle Database Client, Oracle GoldenGate Microservices and up to two default deployments.

Once you have found Oracle GoldenGate from the search results on Oracle Cloud Marketplace, follow the below steps to deploy Oracle GoldenGate Microservices on Oracle Cloud Marketplace using the Stack Listing.

  1. From the Application page, select Get App to display the option to select either Commercial Market or Government Market.
  2. If you select Government Market, then select OCI Region from the drop-down menu.
  3. Click Sign In and enter the OCI tenant details.
  4. Sign in to the Identity provider.
  5. On the Oracle GoldenGate for Oracle page, provide the following information:
    • Select Version - It provides a list of versions that are available in the listing. Select the required release version.
    • Select Compartment - Specifies the compartment where the compute node will be built. It is generally the location that you have access to build the compute node.
    • Terms of Use - This check box is selected by default. Oracle recommends to review the licenses before proceeding with the instance creation.
    • Launch Stack - It launches the stack in the OCI environment.
  6. Fill in the required Stack information:
    • Name - Name of the Stack. It has a default name and provides a date time stamp. You can edit this detail, if required.
    • Description - Description that you provide while creating the Stack.
    • Create In Compartment – It defaults to the compartment you have selected on the Oracle GoldenGate 19c for Oracle page.
    • Terraform Version - It defaults to the default version supported.
    • Tags (optional) – Tags are a convenient way to assign a tracking mechanism but are not mandatory. You can assign a tag of your choice for easy tracking. You have to assign a tag for some environments for cost analysis purposes.
    • Click Next.
  7. Fill in the required details to configure variables. This information is required to build the compute node with Oracle GoldenGate Microservices.
    • Name for New Resources -
      1. Display Name – Display name used to identify all new OCI resources.
      2. Host DNS Name – Name of the Domain Name Service for the new compute node.
    • Network Settings -
      1. Create New Network – Select this check box if you wish to create a new network resource.
        • If you select this check box, the Create New Network wizard appears allowing you to add and edit the new network information.
        • If you do not select this check box, the Create New Network wizard does not appear and the compute node is created with the existing network options in the VCN.
      2. Network Compartment (optional) – Compartment for new or existing network resources.
      3. VCN (optional) – Existing VCN to use for the newly created instance if you are not creating a new network.
      4. Subnet Network Compartment (optional) - It specifies the compartment in which the VCN submit resides.
      5. Subnet (optional) – Existing subnet to use for the newly created instance if you are not creating a new network. The subnet that you have selected must match the same Availability Domain set in the Instance Settings.
    • Instance Settings -
      1. Availability Domain – It specifies the availability domain for the newly created Oracle GoldenGate Instance. It must match the Subnet that you have selected in the Use Existing Network settings.
      2. Compute Shape – Shape of new compute instance. Supported shapes are VM.Standard2.4, VM.Standard2.8, VM.Standard2.16 and VM.Standard2.24.
      3. Assign Public IP – This option indicates if the newly created VM should have a public IP address. This option is selected by default. If you clear this check box, no public IP address will be assigned preventing public access to the compute node.

        Note:

        If you are using a private IP address to access the compute node, you have to set up an IPSec VPN or FastConnect connection. Refer to OCI documentation for more details.
      4. Custom Volume Sizes- Select this check box to customize the size of the new block storage volumes that are built for the compute node.

        Block Storage (Custom Volume Sizes) -

        1. Boot Volume Size – Default value is 50GB
        2. Swap Volume Size – Default value is 256GB
        3. Trails Volume Size – Default value is 512GB
        4. Deployments Volume Size – Default value is 128GB
    • Create OGG Deployments -
      1. Deployment 1 – Name (mandatory) – Name of the first Oracle GoldenGate Microservices deployment.
      2. Deployment 1 – Database (mandatory) – Oracle Database version for deployment 1. Supported Oracle Database versions are:
        • Oracle 11g – Used for Oracle Database 11.2.0.4
        • Oracle 12c – Used for Oracle Database 12.1.x and 12.2.x
        • Oracle 18c – Used for Oracle Database 18.x
        • Oracle 19c – Used for Oracle Database 19.x
      3. Deployment 2 – Name (optional) – Name of the second Oracle GoldenGate deployment
      4. Deployment 2 – Database (optional) – Oracle Database version for deployment 2. Supported Oracle Database versions are:
        • Oracle 11g – Used for Oracle Database 11.2.0.4
        • Oracle 12c – Used for Oracle Database 12.1.x and 12.2.x
        • Oracle 18c – Used for Oracle Database 18.x
        • Oracle 19c – Used for Oracle Database 19.x
      5. Deployment 2 - Autonomous Database Compartment (optional) - Select this option if deployment 2 replicates to an Autonomous Database Warehouse. By selecting this option, the Autonomous Database Warehouse wallets and credentials get imported thereby making it easier to connect to the Autonomous Database Warehouse.
        • Deployment 2 - Autonomous Database Compartment - Specifies the compartment in which existing Autonomous Database resides.
        • Deployment 2 - Autonomous Database Instance - Choose an Autonomous Database Instance.
    • Shell Access -
      • SSH Public Key - Public Key for allowing SSH access as the opc user. Enter the key and click Next.
  8. On the Review page, review the information you provided and then click Create.
  9. After clicking Create, you are navigated to the Stacks Job Details page. You can monitor the creation of the compute node using this page.
  10. Upon completion, you can now view the Oracle GoldenGate Microservices compute node under Instances.

Getting Started with Oracle GoldenGate Microservices

After deploying Oracle GoldenGate Microservices on the Oracle Cloud Marketplace, you can access the latest release of Oracle GoldenGate.

Configuring Source or Target Database for Replication

Before you can begin replicating, you should prepare the source or target database to support Oracle GoldenGate. To prepare your database, follow the steps listed in Preparing the Database for Oracle GoldenGate section of Using Oracle GoldenGate for Oracle Database guide. The steps listed in the Using Oracle GoldenGate for Oracle Database guide helps you to enable logging and kernel parameters, set the flashback query and manage server resources.

Changing Default Administrator Password

Changing passwords for critical accounts, such as oggadmin, is the first priority in securing your Oracle GoldenGate Microservices deployment. To change the password for oggadmin, you must first change it in both Service Manager and Administration Server. The following sections guide you to do this with Service Manager and Administration Server.

Using Service Manager

After logging into the Oracle GoldenGate Microservices Service Manager as the Administrator for the deployments, you have to change the password for the Security Role user. In order to do this, perform the following steps:

  1. Navigate to the Service Manager login page. You can reach the Service Manager page by using the public IP address that you obtained when you performed a look up of the compute node information for the environment.
    https://<public_ip_address>
  2. Log in using the oggadmin user and the password credentials located in the /home/opc/ogg-credentials.json file.
  3. Once you have logged into the Service Manager, use the menu icon present on the top left corner to open the menu
  4. Select Administrator option from the menu.
  5. From the Users screen, select the pencil icon under Action option.
  6. Update the essential details for password and info sections for the oggadmin user and click Submit.
  7. Upon successful reset, the current user will be logged out. Log in again to the Service Manager by using the new password.

Note:

Passwords must be 8 to 30 characters long and must contain at least 1 uppercase, 1 lowercase, 1 numeric, and 1 special character. Special characters such as ‘$’, ‘^’, or ‘?’ are not allowed.
Using Administration Server
After changing the Oracle GoldenGate Microservices Service Manager security role user password, you need to change the password of the security role user in the underlying deployments. In order to do this, perform the following steps:
  1. From the Service Manager page, select the port number for the Administration Server in the deployment. This navigates you to the login page for that deployment.
  2. Log in using the oggadmin user credentials available in the following location:
    /home/opc/ogg_credentials.json
  3. Post log in, use the menu icon present in the top left corner to open the menu section.
  4. From the menu, select the Administrator option.
  5. From the Users screen, select the pencil icon under Action option.
  6. Update the essential details in the password and info sections for the oggadmin user and click Submit.
  7. After successfully resetting the password, the current user will be logged out. Log in again to the Administration Server using the new password.

Note:

Passwords must be 8 to 30 characters long and contain at least 1 uppercase, 1 lowercase, 1 numeric, and 1 special character. Special characters such as ‘$’, ‘^’, or ‘?’ are not allowed.

Creating User Accounts

In order to secure your Oracle GoldenGate Microservices deployment, you have to add user accounts for Oracle GoldenGate Users. Oracle GoldenGate Users should be assigned privileges based on functional roles that they are expected to perform. These roles are:

  • Security
  • Administrator
  • Operator
  • User

Oracle GoldenGate users only have access permissions according to their defined access levels. For more information on how Oracle GoldenGate Security Framework is used, refer to Securing Oracle GoldenGate guide.

Topics:

Using Service Manager

After logging into the Oracle GoldenGate Microservices Service Manager as the administrator for the deployments, you have to create a new user with the role of Administrator, Operator, or User to administer the architecture. Users with the security role can administer the entire architecture.
  1. Navigate to the Service Manager login page. You can reach the Service Manager page by using the public IP address that you obtained when you looked up the compute node information for the environment.
    https://<public_ip_address>
  2. Log in using the oggadmin user and the password credentials located in the /home/opc/ogg_credentials.json file.
  3. Click the menu icon present on the top left corner to open the menu section.
  4. Select the Administrator option from the menu.
  5. On the Users screen, select the plus (+) icon to add a new user.
  6. Fill in all the required fields.
  7. Click Submit to create the new user.
Using Administration Server
After logging into the Oracle GoldenGate Microservices Administration Server as the Administrator, for the specified deployment, you have to create a new user with the role of Administrator, Operator, or User to administer the deployment. To do this, perform the following steps:
  1. Log in to the Administration Service using the Security Role User (oggadmin) credentials.
  2. After logging in to the Administration Service, click the menu icon present in the top left corner to open the menu.
  3. From the menu, select the Administrator option.
  4. From the Users screen, select the plus (+) icon, to create a new user.
  5. Fill in the details for all the required fields and click Submit.

Note:

Passwords must be 8 to 30 characters long and contain at least 1 uppercase, 1 lowercase, 1 numeric, and 1 special character. Special characters such as ‘$’, ‘^’, or ‘?’are not allowed.

Establishing Connectivity

The Oracle GoldenGate Microservice on Marketplace compute node acts as a hub where you can manage your connections to source and target database. To do this, establish a network connection between the compute node and your source and target database. The compute node is pre-configured with the Oracle Database Client software and is ready to use.

In most cases, you have to provide sqlnet.ora and a tnsnames.ora file in the TNS_ADMIN directory, to be able to establish connection between source or target database and the compute node. On a deployment basis, the TNS_ADMIN directory has been established as /u02/deployments/<deployment>/etc.

To ensure network connectivity from the deployment, you have to set up certain additional things in the deployment home. Oracle recommends the location to be /u02/deployments/<deployment>/etc. To create this, as per Oracle Client release, perform the following steps.

  1. Connect to the Oracle GoldenGate Marketplace Compute Node as the opc user.
    $ ssh -i <private key> opc@<public_ip_address>
  2. Navigate to /u02/deployments/<deployment>/etc
    $ cd /u02/deployments/<deployment>/etc
  3. Copy the existing files sqlnet.ora and tnsnames.ora to the TNS_ADMIN directory.

    Add or update these two files on the compute node.

    Note:

    • If you are using Oracle Autonomous products, the tnsnames.ora file is included in your Client_Credentials.zip file. You have to edit this tnsnames.ora file.
    • If you want your networking directory structure to be consistent with other Oracle products, you must append /network/admin to the directory structure. For this you have to change the environment variable TNS_ADMIN. For more information on Local Naming Parameters, refer to Database Net Services Reference.

Updating Network Related Files

The Oracle GoldenGate on Marketplace Compute Node comes pre-configured with Oracle Client installed. In order to establish network configuration between the compute node and the source or target systems within your architecture, you have to add or update the network related files in the Oracle Client.

You can find these files in the TNS_ADMIN location and the recommended location is/u02/deployments/<deployment>/etc . You have to add or update the network files, such as sqlnet.ora and tnsnames.ora on the compute node.

To update the files,

  1. Connect to the Oracle GoldenGate Marketplace Compute Node, using opc user credentials.
    $ ssh -i <private key> opc@<public_ip_address>
  2. Change directories to the location /u02/deployments/<deployment>/etc .
    $ cd /u02/deployments/<deployment>/etc 
  3. Edit sqlnet.ora and tnsnames.ora files.

    Note:

    If you want the networking directory structure to be consistent with other Oracle products, you must append /network/admin to the directory structure. For this you have to change the environment variable TNS_ADMIN. For more information on Local Naming Parameters, refer to Database Net Services Reference.
  4. In sqlnet.ora, comment out the following lines using the hash (#) character. Ensure to comment out these lines if they are connecting to a database outside the oracle (ora.com) domain.
    #NAMES.DIRECTORY_PATH= (TNSNAMES, ONAMES, HOSTNAME)
    #NAMES.DEFAULT_DOMAIN = ora.com

The following is an example of a connection within the tnsnames.ora file:

TNS1 =
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP) (HOST = 10.10.10.1) (PORT = 1521))
    (CONNECT_DATA = (SERVER = DEDICATED)(SERVICE_NAME = TNS1))
)
For more information, see Database Net Services Reference.

Creating Database Credentials

Use the credential store to store and use database credentials for the source and target databases for Oracle GoldenGate Microservices. Use the tnsnames.ora file to connect to the required database.

To create database credentials, perform the following tasks:

  1. Log in to the Administration Server and configure the database credentials.
  2. Open the context menu in the top left corner of the Overview page.
  3. From the context menu, select Configuration.
  4. From the Database tab, click the plus ( +) icon to add a new credential.
  5. Provide the following information and click Submit:
    • Credential Domain: [Defaults to OracleGoldenGate]
    • Credential Alias: [Name of the Alias]
    • User ID: ggadmin@<tnsnames_reference>
    • Password: [Password for ggadmin]
    • Verify Password: [Password for ggadmin]
  6. Test the connection to the database by clicking on the database icon, after adding the credential.

Adding SchemaTrandata

After adding the credential for connecting to the source database, you must enable supplemental logging on the source schema. The following steps are used to add SchemaTrandata to the source schema:
  1. Log in to the ServiceManager console.
  2. From the SeviceManager main page, select the hyperlink for the port number associated with the Administration Service.
  3. Open the Context menu present on the top left corner of the Overview page and from the Context menu select Configuration.
  4. From the Database tab, select the database icon to log the source user to the database.
  5. From the Transaction Information, select the plus ( + ) icon.
  6. Ensure that you select the Schema option, provided the selected Schema Name should have schema trandata added.
  7. Click Submit.

Note:

If your source database is multitenant and you are connecting to the root using a c## user, from Oracle Database 12.1 and later, you have to specify the PDB database with the schema. i.e. <pdb>.<schema>.
Checking Tables with Added SchemaTrandata
After adding transactional data to a schema, you must validate the tables. You can do this by following the below steps:
  1. Log in to the ServiceManager console.
  2. From the SeviceManager main page, select the hyperlink for the port number associated with the Administration Service.
  3. Open the Context menu present on the top left corner of the Overview page and from the Context menu, select Configuration.
  4. From the Database tab, select the database icon to log the source user to the database.
  5. From the Transaction Information, select the search icon.
  6. Ensure that you select the Schema option and provide the Schema Name that you need to verify.
  7. Click the search icon.

Enabling Checkpoint Table

Checkpoint tables contain the data necessary for tracking the progress of the Replicat as it applies transactions to the target system. Regardless of the Replicat that is being used, it is a best practice to enable the checkpoint table for the target system.

In order to do this, follow the below steps:

  1. Log in to the Service Manager.
  2. From the Service Manager main page, select the hyperlink for the port number associated with the Administration Service.
  3. Open the Context menu, present on the top left corner of the Overview page and from the Context menu, select Configuration.
  4. From the Database tab, select the database icon to log the target user to the database.
  5. From the Checkpoint, select the plus ( + ) icon.
  6. In the Checkpoint Table text box, provide the name of the checkpoint table. Checkpoint table entry must be two part or three part names, for making it more readable.
  7. Click Submit.

Note:

For a multitenant database, you have to create a checkpoint table for each PDB.

Implementing Heartbeat Monitoring

The Automatic Heartbeat table is a key way to monitor latency within the Oracle GoldenGate framework. Heartbeat tables provide you a way to gauge the end-to-end throughput within the configuration and identify any potential bottlenecks in the network.

To implement the Automatic Heartbeat table, you should perform the following steps on both source and target database:

  1. Log in to the ServiceManager.
  2. From the SeviceManager main page, select the hyperlink for the port number associated with the Administration Service.
  3. Open the context menu available on the top left corner of the Overview page.
  4. From the context menu, select Configuration.
  5. From the first tab - Database, select the database icon, to log in to the database.
  6. From Heartbeat section, select the plus ( + ) icon.
  7. Adjust the Frequency, Retention, and Purge Frequency for the heartbeat table.
  8. Click Submit.
For more information on the Automatic Heartbeat functionality, refer to Monitoring Oracle GoldenGate Processing documentation.

Configuring Capture Support

Before you can begin replication, you have to set up the capture process. The capture process is also known as Extract. Oracle GoldenGate Microservices supports three type of Extracts. They are:
  • Classic Extract
  • Integrated Extract
  • Initial Load Extract

To decide on which type of capture to use, refer to Deciding Which Capture Method to Use section of Using Oracle GoldenGate for Oracle Database Guide.

To build any of these Extracts, perform the following steps in Oracle GoldenGate Microservices:

  1. Log in to the Service Manager console.
  2. From the Sevice Manager main page, select the hyperlink for the port number associated with the Administration Service.
  3. From the Overview page, under Extracts, select the plus ( + ) icon. Add Extract wizard appears.
  4. In the Add Extract wizard, select the Extract Type and then click Next.
  5. Provide the details for the Extract in the Extract Options and then Click Next.
  6. In the Parameter File option, provide the details needed for Extract to run.
  7. Click Create and Run.

Note:

The Classic Extract is still available for use but has been deprecated as of Oracle GoldenGate 18c release. Additionally, there is no capture support for Autonomous Database or Autonomous Transaction Processing platforms.

Configuring Apply Support

The apply process for replication, also known as Replicat, is very easy and simple to configure. There are five types of Replicats supported by the Oracle GoldenGate Microservices and these Replicats are:
  • Integrated Replicat
  • Non-Integrated Replicat
  • Coordinated Replicat
  • Parallel Integrated Replicat
  • Parallel Non-Integrated Replicat

To decide on which Replicat to use, refer to Deciding Which Apply Method to Use section of Using Oracle GoldenGate for Oracle Database Guide.

To build any of these Replicats you can perform the following steps with Oracle GoldenGate Microservices:

  1. Log in to the Administration Server.
  2. From the Overview page, under Replicats, select the plus ( + ) icon and Add Replicat wizard is displayed.
  3. In the Add Replicat wizard, select the Replicat Type and then click Next.
  4. On the Replicat Options, provide the details for the Replicat and then click Next.
  5. In the Parameter File, provide the details needed for the Replicat to run.
  6. Click Create and Run.

Note:

You can use only the Non-Integrated Replicat or Non-Integrated Parallel Replicat for replication to Autonomous Data Warehouse and Autonomous Transaction Processing.

Connecting to Data Resources

Learn about different methods of connecting Oracle GoldenGate data sources and targets. It includes the following connection types:

Connecting to Oracle Database (on-premises)

You can use Oracle GoldenGate Microservices on Marketplace to remotely capture from and apply data to on-premises Oracle database resources. This allows you to enable replication and centrally manage the replication processes.

Use Cases for Replication

You can use Oracle GoldenGate Microservices to replicate data between data resources in the following use cases:

  • Migrations
  • Data Distribution
  • Real-Time Data Warehousing
  • Operational Reporting
Replicating Data from On-premises

Prerequisites

Ensure that the following are set up before you begin replication:

  • Oracle GoldenGate Microservices
  • Source Database
  • Target Database

To move data from on-premises to the cloud or from on-premises to on-premises, perform the following tasks :

Configure Oracle Database for Replication

To prepare your Database as a Service (DBaaS) instance for replication, perform the following tasks:

  1. Configure Logging Properties
    • Enable Supplemental Logging
  2. Enable Oracle GoldenGate within the Oracle Database
    • Update parameter for enable_goldengate_replication

For more details, refer to Preparing the Database for Oracle GoldenGate documentation.

Configure Oracle GoldenGate Microservices Compute Node

To connect the Microservices Compute Node to the on-premises databases, edit the tnsnames.ora file and point the entry to your database resources.

By default, the environment variable TNS_ADMIN is pre-configured for each deployment. But the files tnsnames.ora or sqlnet.ora are not readily available on the compute node. You need to create the files or copy them from an existing file. You can locate the files tnsnames.ora or sqlnet.ora in the pre-configured location as illustrated in the below table:

Oracle Database Version Directory

Oracle 11g

/u02/deployments/<deployment>/etc

Oracle 12c

/u02/deployments/<deployment>/etc

Oracle 18c

/u02/deployments/<deployment>/etc

Oracle 19c

/u02/deployments/<deployment>/etc

Note:

  • If you are using Oracle Autonomous products, the tnsnames.ora file is included in your Client_Credentials.zip file. You have to edit this tnsnames.ora file.
  • If you want your networking directory structure to be consistent with other Oracle products, you must append /network/admin to the directory structure. For this you have to change the environment variable TNS_ADMIN. For more information on Local Naming Parameters, refer to Database Net Services Reference.

Architectures

Oracle GoldenGate on Oracle Cloud Marketplace enables you to work with many existing and new architectures.

This chapter helps you with a few examples and steps required to set up and configure the architectures. The supported architectures are:

  • On-premises to Oracle Cloud (Marketplace)
  • Oracle Cloud to Oracle Cloud (Marketplace to Marketplace)
Securely Connecting Oracle GoldenGate Microservices On Premise to Oracle GoldenGate Microservices on Marketplace

You can connect your on-premises Oracle GoldenGate Microservices architecture to the Oracle GoldenGate Microservices architecture on Oracle Cloud Marketplace using the following methods:

  • Connecting through Public IP Address
  • Connecting through IPSec VPN
  • Connecting through FastConnect

The following section helps you to connect through public IP address. To use the IPSec VPN or the FastConnect approach, refer to the respective VPN Connect and FastConnect documentation.

Connecting Through Public IP Address

By default, we configure Oracle GoldenGate Microservices on Oracle Cloud Marketplace behind the Nginx Reverse Proxy. This simplifies the architecture on Oracle Cloud and also makes the deployment secure. When you connect over a public IP address, on-premises Oracle GoldenGate Microservices architecture has to be secure.

When the deployment is secure and in order to connect to it securely, perform the following steps on the on premise machine and the Oracle Cloud compute node:

In the On Premise Machine
  1. Test the connection to Oracle Cloud Compute Node using OpenSSL.
    $ openssl s_client -connect <public id address>:443
  2. Update the on premise Oracle GoldenGate Microservices with the same SSH Key that is used to build the Oracle GoldenGate Microservices on Oracle Cloud Marketplace compute node.
    Copy your private SSH key to the .ssh directory for the Oracle user on the Oracle GoldenGate Microservices environment.
    $ su – oracle
    $ cd .ssh
    $ scp ….
    $ sudo chmod 700 ~/.ssh/<private ssh key>
  3. Copy the ogg.pem file from the Oracle GoldenGate Microservices compute node to the on premise environment.
    1. Copy the ogg.pem to the local machine.
      $ scp opc@<public ip address>:/etc/nginx/ogg.pem 
    2. Check if the ogg.pem file is present on the local machine through the following command:
      $ ls -a
  4. Update the local wallet for Oracle GoldenGate Microservices Distribution Service with the ogg.pem file. You have to assign it as a trusted certificate.
    1. Find the required wallet.
      $ ps -ef | grep -i distsrvr
      1. Use the listed dat file.
        
        $ cat <dat file> | python -m json.tool
      2. Get the wallet location for the Distribution Service.

        For example: $DEPLOYMENT_HOME/etc/ssl/<distribution service wallet>

    2. Update the wallet.
      
      $ $OGG_HOME/bin/orapki wallet add -wallet <wallet directory> -trusted_cert -cert <certificate file path> -pwd <wallet password>
      

      For example:

      $OGG_HOME/bin/orapki wallet add -wallet /opt/app/oracle/gg_deployments/on-premises/etc/ssl/DistroClient -trusted_cert -cert /home/oracle/oci_cert.pem -pwd ********
    3. Check the wallet.
      
      $ $OGG_HOME/bin/orapki wallet display -wallet <wallet directory> -pwd <wallet password>

      For example:

      $OGG_HOME/bin/orapki wallet display -wallet /opt/app/oracle/gg_deployments/on-premises/etc/ssl/DistroClient -pwd ********
      
    4. As root user, update the on premise /etc/hosts file. You can find the information that needs to go in to the /etc/hosts file on the Oracle GoldenGate Oracle Cloud Compute Node Instance in the Details page. The required information includes:
      • Public IP Address
      • Internal FQDN

      From the Internal FQDN, you have to use the short hostname as well.

    5. Stop the Microservices components. Any running Extracts and/or Replicats will not be affected.
      1. Stop the deployment
        • Login to ServiceManager.
        • Under Deployments, click Action, to stop the deployment.
      2. Stop the ServiceManager.
        • Login to ServiceManager.
        • Under Deployments, click Action, to restart ServiceManager.

        Note:

        While restarting ServiceManager, navigate to the command prompt and issue one of the following commands:

        Manually:

        $ cd $DEPLOYMENT_HOME/bin
        	$ ./stopSM.sh
        	$ ./startSM.sh
        Daemon, as root user:
         service restart OracleGoldenGate.service
    6. Start the Microservices Components.
      1. Start the Deployment
        • Login to ServiceManager.
        • Under Deployments, click Action, to start the deployment.
On Oracle Cloud Compute Node
Follow the below steps from the Administration Service tab on the Oracle GoldenGate Microservices configuration page on Oracle Cloud:
  1. Create a user, who can login to the environment and connect to the Receiver Service.
    • Login to the Administration Service. For this, you will need the oggadmin password available in the ogg-credentials.json file, unless you changed it after the initial setup.
      https://<public id address>/<deployment name>/adminsrvr
    For example-
    https://<public ip address>/OCI-BASE/adminsrvr
  2. Open the context menu and select the Administrator option.
  3. Click the plus ( + ) icon, to add a new user with Operator role. This account is used by the on premise Distribution Service to login through the Reverse Proxy.
    Provide the following information:
    Username: streamnetwork
    Role: Operator
    Type: Basic
    Info: Network User
    Password: **********
    Verify Password: **********
On Premise Machine
In the on premise machine:
  1. From the Administration Service tab on the on premise environment, create an alias that can connect to the network user created in the previous step. This alias is used by the Distribution Service to connect to the Receiver Service on Oracle Cloud.
    • Login to the Administration Service.
    • Open the context menu and select Configuration.
    • Click the plus (+) icon, to add a new credential.
    • Add a new Credential by providing the following information:
      Credential Domain: Network
      Credential Alias: streamnetwork
      User ID: streamnetwork
      Password: **********
      Verify Password: *********

      Note:

      You cannot validate the new credential, as it is not logged in to the database.
  2. In the Distribution Service on the on-premise environment,
    • Provide information needed for the Distribution Path. The basic information required are:
      Path Name: OP2OCI
      Reverse Proxy Enabled: Toggle to on
      Use Basic Authentication: Toggle to on
      Source: Select Extract and provide source trail file info
      Target: 
      	Keep the WSS protocol
      	Provide the Hostname of the OCI Compute node – IP will not work
      	Provide remote trail file name
      	Provide Deployment name
      	Domain: Network 
      	Alias: securitynetwork
      Trail Size (MB): set to desired size
    • Click Create or Create and Run.

Connecting to Oracle Database as a Service (DBaaS)

You can use Oracle GoldenGate Microservices on Marketplace to remotely capture and apply data to Oracle Cloud Infrastructure (OCI) Database as a Service (DBaaS) resources. This allows you to enable replication in a scalable fashion, centralize the point of management, and enable replication between cloud services.

Replicating Data to OCI Database as a Service

Prerequisites

Ensure you have the following prerequisites before replicating data from on-premises:

  • Oracle GoldenGate Microservices on Marketplace
  • Source Database
  • Oracle Cloud Infrastructure (OCI) Database as a Service (DBaaS) Instance

To move data from on-premises to the cloud or from on-premises-to-on-premises, perform the following tasks :

Configure Oracle Database for Replication

To prepare your Database as a Service (DBaaS) instance for replication, perform the following tasks:

  1. Configure Logging Properties
    • Enable Supplemental Logging
  2. Enable Oracle GoldenGate within the Oracle Database
    • Update parameter for enable_goldengate_replication

For more details, refer to Preparing the Database for Oracle GoldenGate documentation.

Configure Oracle GoldenGate Microservices Compute Node

To establish connection from the Oracle GoldenGate Microservices Compute Node to your on-premises database, you must edit the tnsnames.ora file and point the entry to your database resources.

By default, the environment variable TNS_ADMIN is pre-configured for each deployment. But the files tnsnames.ora or sqlnet.ora are not readily available on the compute node. You need to create the files or copy them from an existing file. You can locate the files tnsnames.ora or sqlnet.ora in the pre-configured location as illustrated in the below table:

Table 2-1 Oracle Database Client directories

Oracle Database Version Directory

Oracle 11g

/u02/deployments/<deployment>/etc

Oracle 12c

/u02/deployments/<deployment>/etc

Oracle 18c

/u02/deployments/<deployment>/etc

Oracle 19c

/u02/deployments/<deployment>/etc

Note:

  • If you are using Oracle Autonomous products, the tnsnames.ora file is included in your Client_Credentials.zip file. You can use this tnsnames.ora file or copy its contents to your tnsnames.ora file located in $ORACLE_HOME/network/admin.
  • If you want your networking directory structure to be consistent with other Oracle products, you must append /network/admin to the directory structure. For this you have to change the environment variable TNS_ADMIN. For more information on Local Naming Parameters, refer to Database Net Services Reference.

Connecting to Oracle Autonomous Data Warehouse/Autonomous Transaction Processing

You can replicate data to Oracle Autonomous Data Warehouse Cloud Service (ADWCS) or Autonomous Transaction Processing (ATP) by using Oracle GoldenGate Microservices on Oracle Cloud Marketplace. The steps described in this section, streamlines the approach for making a remote connection to Oracle Autonomous Database Warehouse Cloud Service (ADWCS).

For more information, refer to Replicating Data to the Autonomous Database section of Using Oracle GoldenGate for Oracle Database guide.

Use Cases for Replicating to Autonomous Database

Use Oracle GoldenGate Microservices to replicate data to the Autonomous Data Warehouse for:

  • Real-time Data Warehousing
  • Operational Reporting
Replicating Data to Autonomous Data Warehouse

Prerequisites:

The following prerequisites are essential for replicating data to Autonous Data Warehouse:

  • Oracle Autonomous Data Warehouse Cloud Service
  • Your source database

To deliver data to the Autonomous Database using Oracle GoldenGate Microservices, perform the following tasks:

Configure the Autonomous Data Warehouse for Replication

Unlock the Pre-created Oracle GoldenGate User (ggadmin)

Perform the following steps to configure the Autonomous Data Warehouse for Replication:

  1. Unlock and change the password for the pre-created Oracle GoldenGate user (ggadmin) within the Autonomous Data Warehouse. Use any SQL client tool to unlock the account.

    For more details, refer to About Connecting to an Autonomous Data Warehouse Instance section of Using Oracle Autonomous Data Warehouse guide.

    SQL> select * from dba_users order by username;
    SQL> alter user ggadmin identified by <password> account unlock;
  2. Check whether the parameter enable_goldengate_replicaton is set to true. If not, then modify the parameter.
    SQL> select * from v$parameter where name = 'enable_goldengate_replication';
    SQL> alter system set enable_goldengate_replication = true scope=both;

Create Target Schema

Complete the following steps to create schema and target objects that can be used in replication. This schema and associated objects does not support DDL replication.

  1. Create a new application user/schema. This user/schema stores the target objects for replication.

    Note:

    appadmin is an example user.
    SQL> create user appadmin identified by ********
    SQL> grant create session, resource, create view, create table to appadmin;
    SQL> alter user appadmin quota unlimited on data;
    
  2. Connect to the Oracle Autonomous Data Warehouse Cloud database as user/schema and create your application tables.
Autonomous Database Client Credentials

Obtain the Autonomous Database Client Credentials

To establish connection to your Autonomous Database, you must download the client credential files from the Autonomous Database Service Console. For more information, see Downloading Client Credentials section of Using Oracle Autonomous Data Warehouse guide .

Note:

If you do not have administrator access to the Autonomous Database, ask your service administrator to download and provide the credential files to you. Once you have the credential files for your Autonomous Database, you should upload the zip file to the Oracle GoldenGate Compute Node.

Perform the following steps to obtain the Oracle Autonomous Data Warehouse Cloud account details:

  1. Log in to your Oracle Autonomous Data Warehouse Cloud account.
  2. From the Instance page, click the menu option for the Autonomous Database instance and select Service Console.
  3. Log in to the Service Console using the admin username, and its associated password.
  4. In the Service Console, click the Administration tab.
  5. Click Download Client Credentials.
  6. Enter a password to secure your credentials zip file and click Download.
  7. Save the credentials zip file to your local system.

Move Client Credentials to Oracle GoldenGate Compute Node

In order to establish a connection from Oracle GoldenGate to the Autonomous Data Warehouse, you need to move the client credentials to Oracle GoldenGate Compute Node. The following steps will illustrate how to move the credential zip file from your machine to Oracle GoldenGate Compute Node.

  1. Connect to the Oracle GoldenGate Classic Compute Node using SSH and opc user credentials.
    ssh -i <private_key> opc@<public_ip_address>
  2. Create a staging directory and grant the essential permissions and then exit the session.
    $ mkdir stage
    $ exit
    
  3. Copy the credentials zip file to the Oracle GoldenGate Classic Compute Node.
    $ scp ./<credential_file>.zip opc@<public_id_address>:~/stage
  4. Connect to the Oracle GoldenGate Classic Compute Node.
    ssh -i <private_key> opc@<public_ip_address>
  5. Verify whether the credentials zip file is available in the stage location.
    $ cd ~/stage
    $ ls -ltr
    

Configure Oracle Goldengate Compute Node with Autonomous Client Credentials

After moving the ADWC Client Credentials to the Oracle GoldenGate Compute Node, you have to install the necessary files and ensure you have a connection to the Autonomous Data Warehouse. The following steps will help you configure the required SQL*Net components:

  1. Log in to the Oracle GoldenGate Classic Compute Node using SSH and the opc user credentials.
    ssh -i <private_key> opc@<public_ip_address>
  2. Unzip the client credentials file into a temporary directory.
    unzip ./<credential_file>.zip -d ./client_credentials
  3. Copy the sqlnet.ora and tnsnames.ora files to the location of your TNS_ADMIN.
    $ cd ~/stage/client_credentials
    $ cp ./sqlnet.ora /u02/deployments/<deployment>/etc
    $ cp ./tnsnames.ora /u02/deployments/<deployment>/etc

    Note:

    If you want your networking directory structure to be consistent with other Oracle products, you must append/network/admin to the directory structure. For this you have to change the environment variable TNS_ADMIN. For more information on Local Naming Parameters, refer to Database Net Services Reference.
  4. Edit the sqlnet.ora file and replace the directory parameter with the location of the information pointing to the location where the client credentials were unzipped.
    $ cd /u02/deployments/<deployment>/etc
    $ vi ./sqlnet.ora

    Change ?/network/admin to /home/opc/stage/client_credentials.

  5. For testing purposes, set the TNS_ADMIN and ORACLE_HOME environment variables at the operating system level.

    Note:

    The Oracle GoldenGate Deployment(s) use the ORACLE_HOME and TNS_ADMIN environment variables that are set per deployment.
    $ export ORACLE_HOME=/u01/app/client/<oracle version>
    $ export TNS_ADMIN=/u02/deployments/<deployment>/etc
    
  6. Test the connection to Autonomous Data Warehouse by connecting to one of the entries in the tnsnames.ora file.
    $ cd $ORACLE_HOME/bin
    $ ./sqlplus appadmin/**********@orcladw_low
Configure Oracle Goldengate Microservices for Replication

Perform the following steps for establishing a successful connection to the Autonomous Data Warehouse with Oracle GoldenGate Microservices.

Add Oracle GoldenGate Credential to connect to Autonomous Data Warehouse

To add Oracle GoldenGate Credential details, to connect to Autonomous Data Warehouse:

  1. Log in to the Service Manager using the password for oggadmin.
  2. From the Service Manager main page, select the hyperlink for the port number associated with the Administration Service.
  3. Open the context menu in the top left corner of the Overview page.
  4. From the context menu, select Configuration.
  5. From the Database tab, click the plus ( + ) icon, to add a new credential.
  6. Provide the following information and click Submit.
    Credential Domain: [Defaults to OracleGoldenGate]
    Credential Alias: [Name of the Alias]
    User ID: ggadmin@<adw_tnsnames_reference>
    Pasword: [Password for ggadmin]
    Verify Password: [Password for ggadmin]
  7. Test the connection to the Autonomous Data Warehouse by clicking the Log in Database icon after the credential has been added.