Before you begin

What you need

Here are the prerequisites required to deploy Oracle GoldenGate Maximum Availability Hub:

• Oracle Cloud Account
• Access to an assigned Oracle Cloud Tenant
• Policies to create compute node resources within the Oracle Cloud Tenant
• Local SSH/RSA Key

Create an SSH/RSA Key

To work with the Oracle Cloud Infrastructure once the Oracle GoldenGate Compute Node is built, you have to provide a SSH Public Key during the interview process that will allow you to log in to the node once built.

In order to build your SSH keys, perform the following steps:

1. Open a Terminal window and start the key generation program by typing the following command:

   $ ssh-keygen

2. Enter the path to store this file. By default, this gets saved in your home directory under a hidden folder called .ssh. Change this default location, if required.

   Enter file in which to save the key (/Users/johndoe/.ssh/id_rsa): <Return>

3. Enter a passphrase for using your key.

   Enter passphrase (empty for no passphrase): <passphrase>

4. Re-enter the passphrase to confirm it.

   Enter same passphrase again: <passphrase>

5. Check the results.

   The key fingerprint (a colon separated series of 2 digit hexadecimal values) is displayed. Check if the path to the key is correct. In the above example, the path is /Users/johndoe/.ssh/id_rsa.pub. You have now created a public or private key pair.

Note:

For generating key pair on Windows platform, refer to Creating a Key Pair section in Oracle Cloud Infrastructure Documentation.

Required policies

You may need assistance from your Service administrator to add these policies to your compartment.

Add the following required policies before you deploy the Oracle GoldenGate Maximum Availability Hub stack:

• Allow group <ggowner> to manage instance-family in compartment <Compartment Name>
• Allow group <ggowner> to manage orm-family in compartment <Compartment Name>
• Allow group <ggowner> to manage volume-family in compartment <Compartment Name>
• Allow group <ggowner> to use virtual-network-family in compartment <Compartment Name>
• Allow group <ggowner> to manage public-ips in compartment <Compartment Name>
• Allow group <ggowner> to use tag-namespaces in tenancy
• Allow group <ggowner> to inspect compartments in tenancy

Where <ggowner> is an example for a group and <Compartment Name> is an example of a compartment. The following are permission names: instance-family, orm-family, volume-family, virtual-network-family, and public-ips.

Note:

• The manage public-ips permission is required only if you give the instance a public IP address. Oracle GoldenGate uses reserved IP addresses so that the public address is preserved across stack upgrades.
• The Networks compartment is an assumption that the customers follow the practice of having a separate network group manage the network resources for all users in the tenancy. If the tenancy instead allows you to create network resources of your own, then the policy would be: Allow group <marketplace-permissions> to manage virtual-network-family in compartment <Marketplace-Test>.

Use one of the following examples to assign privileges required for VIP reassignment

• Create a dynamic group, OracleIdentityCloudService/VIP-Reassignment, with the following rule for any compartment that requires access:

  Any {Instance.compartment.id  = ‘<Compartment OCID>’}

  For each compartment listed, add the following required policy for the dynamic group to use APIs to reassign the VIP to another instance in failover events:

  Allow dynamic-group 'OracleIdentityCloudService'/'VIP-Reassignment' to { PRIVATE_IP_READ, PRIVATE_IP_UPDATE, VNIC_ASSIGN, VNIC_UNASSIGN, VNIC_ATTACHMENT_READ, INSTANCE_INSPECT } in compartment <child_compartment_name>

• Instances created by the Oracle GoldenGate Maximum Availability Hub stack are tagged with the tag namespace, GG_DEV, and tag key, ogg-high-availability.

  Create the tag namespace, GG_DEV in the compartment in which you deploy Oracle GoldenGate Maximum Availability Hub. Create the tag key definition ogg-high-availability in the GG_DEV namespace. Create a dyamic group, OracleIdentityCloudService/VIP-Reassignment-Tag, with the following matching rule to group all instances tagged with the given namespace and tag key:

  tag.GG_DEV.ogg-high-availability.value

  Add the following required policy for the dynamic group that assigns privileges to all instances with this namespace and tag, enabling them to reassign the VIP address to other instances. For example:

  Allow dynamic-group 'OracleIdentityCloudService'/'VIP-Reassignment-Tag' to { PRIVATE_IP_READ, PRIVATE_IP_UPDATE, VNIC_ASSIGN, VNIC_UNASSIGN, VNIC_ATTACHMENT_READ, INSTANCE_INSPECT } in compartment <child_compartment_name>

Set up the source and target databases for replication

Before you can start replicating data, you should prepare the source or target database to support Oracle GoldenGate. For more information about steps to prepare your Oracle database, see Preparing the Database for Oracle GoldenGate in the Using Oracle GoldenGate for Oracle Database Guide.

Create a custom Virtual Cloud Network (VCN)

You can use an existing VCN or create one when you deploy the Oracle GoldenGate Maximum Availability Hub stack, but ensure that the VCN includes the following network configurations.

Before you begin

Take note of the following:

• When you create your VCN, you must create both a client subnet and a cluster subnet. The client subnet can be either public, which allows public access to instances created in the subnet, or private, which prohibits public IP address for instances created in the subnet. The cluster subnet is used only for internal communication between clusters, and must be private.
• If your client subnet is public, you must create and use an Internet Gateway. If your client subnet is private, then you must create and use a NAT Gateway.
• Two sets of security lists and route table rules are required, one set for the client subnet and one set for the cluster subnet. You can use the default security list and route table created when you create the subnet, and create a second security list and route table for the other subnet, or create two new security lists and route tables for each subnet, ensuring that the required ingress, egress, and route table rules are included as documented below.

To create a custom VCN:

1. Log in to the Oracle Cloud console with your Oracle Cloud account, if you're not already logged in.
2. Create the VCN:
   1. Open the Oracle Cloud navigation menu, click Networking, and then click Virtual cloud networks.
   2. On the Virtual Cloud Networks in Compartment page, click Create VCN.
   3. In the Create Virtual Cloud Network panel, complete the following fields:
      1. For Name, enter a name for the VCN, such as VCN01.
      2. Select a compartment in which to create the VCN.
      3. For IPv4 CIDR Blocks, enter an IPv4 CIDR block such as, 10.10.0.0/16, and then press Enter on your keyboard.
   4. Click Create VCN.
3. Create Gateways:
   • Create an Internet Gateway, if the client subnet's access type is public:
     1. On the Virtual Cloud Network details page, under Resources, click Internet Gateways.
     2. Click Create Internet Gateway.
     3. In the Create Internet Gateway panel, enter a name for the Internet Gateway, such as igwy01, and then click Create Internet Gateway.
   • Create a NAT Gateway for the cluster subnet, or if the client subnet's access type is private:
     1. Use the breadcrumb to return to the VCN details page.
     2. On the Virtual Cloud Network details page, under Resources, click NAT Gateways, and then click Create NAT Gateway.
     3. In the Create NAT Gateway panel, enter a name for the NAT Gateway, such as ngwy01, and then click Create NAT Gateway.
4. Create Route Tables and add Route Rules:
   1. Create a Route Table for the client subnet:
      1. On the Virtual Cloud Network details page, under Resources, click Route Tables, and then click Create Route Table.
      2. For In the Create Route Table panel, enter a name for the Route Table, such as client_rt01, and then click Create.
      3. Select the newly created route table.
      4. On the Route Table Details page, click Add Route Rules.
      5. In the Add Route Rules panel, complete the fields as follows:
         1. For Target Type, select:
            • Internet Gateway, if your client subnet is public.
            • NAT Gateway, if your client subnet is private.
         2. For Destination CIDR Block, enter 0.0.0.0/0
         3. For Target, select Internet Gateway from the dropdown.
      6. Click Add Route Rules.
   2. Create a Route Table for the cluster subnet:
      1. On the Virtual Cloud Network details page, under Resources, click Route Tables, and then click Create Route Table.
      2. For In the Create Route Table panel, enter a name for the Route Table, such as cluster_rt01, and then click Create.
      3. Select the newly created route table.
      4. On the Route Table Details page, click Add Route Rules.
      5. In the Add Route Rules panel, complete the fields as follows:
         1. For Target Type, select NAT Gateway.
         2. For Destination CIDR Block, enter 0.0.0.0/0
         3. For Target, select Internet Gateway from the dropdown.
      6. Click Add Route Rules.
5. Create Security Lists:
   1. Use the breadcrumb to return to the VCN details page.
   2. On the Virtual Cloud Network details page, under Resources, click Security Lists.
   3. Create a Security List for the client subnet:
      1. Click Create Security List.
      2. In the Create Security List panel, complete the fields as follows:
         1. For Name, enter client_sl01.
         2. Under Allow Rules for Ingress, click + Another Ingress Rule.
         3. For Ingress Rule 1,
            1. For Source Type, select CIDR.
            2. For Source CIDR, enter 10.10.0.0/24.
            3. For IP Protocol, select ICMP from the dropdown.
            4. For Type, enter 8.
            5. For Description, enter Required for ACFS replication.
            6. Click + Another Ingress Rule
         4. For Ingress Rule 2,
            1. For Source Type, select CIDR.
            2. For Source CIDR, enter the client subnet CIDR. For example, 10.10.0.0/24.
            3. For Source Port Range, enter All
            4. For Destination Port Range, enter All.
            5. For IP Protocol, select TCP from the dropdown.
            6. For Description, enter Required for GI communication.
            7. Click + Another Ingress Rule
         5. For Ingress Rule 3,
            1. For Source Type, select CIDR.
            2. For Source CIDR,
               • If the client subnet is public, enter 0.0.0.0/0.
               • If the client subnet is private, enter 10.10.0.0/24
            3. For Source Port Range, enter All
            4. For Destination Port Range, enter 22.
            5. For IP Protocol, select TCP from the dropdown.
            6. For Description, enter Required for SSH.
         6. For Ingress Rule 4,
            1. For Source Type, select CIDR.
            2. For Source CIDR,
               • If the client subnet is public, enter 0.0.0.0/0.
               • If the client subnet is private, enter 10.10.0.0/24
            3. For Source Port Range, enter 443
            4. For Destination Port Range, enter 443.
            5. For IP Protocol, select TCP from the dropdown.
            6. For Description, enter Required for web access to GoldenGate.
         7. Under Allow Rules for Egress, click + Another Egress Rule.
         8. For Egress Rule 1,
            1. For Destination Type, select CIDR.
            2. For Destination CIDR, enter 0.0.0.0/0.
            3. For IP Protocol, select All Protocols.
      3. Click Create Security List.
   4. Create a Security List for the cluster subnet.
      1. Click Create Security List.
      2. In the Create Security List panel, complete the fields as follows:
         1. For Name, enter cluster_sl01.
         2. Under Allow Rules for Ingress, click + Another Ingress Rule.
         3. For Ingress Rule 1,
            1. For Source Type, select CIDR.
            2. For Source CIDR, enter 10.10.1.0/24.
            3. For IP Protocol, select ICMP from the dropdown.
            4. For Type, enter All.
            5. For Code, enter All.
            6. Click + Another Ingress Rule
         4. For Ingress Rule 2,
            1. For Source Type, select CIDR.
            2. For Source CIDR, enter 10.10.1.0/24.
            3. For Source Port Range, enter All.
            4. For Destination Port Range, enter All.
            5. For IP Protocol, select TCP from the dropdown.
            6. Click + Another Ingress Rule
         5. For Ingress Rule 3,
            1. For Source Type, select CIDR.
            2. For Source CIDR, enter 10.10.1.0/24.
            3. For Source Port Range, enter All.
            4. For Destination Port Range, enter All.
            5. For IP Protocol, select UDP from the dropdown.
            6. Click + Another Ingress Rule
         6. Under Allow Rules for Egress, click + Another Egress Rule.
         7. For Egress Rule 1,
            1. For Destination Type, select CIDR.
            2. For Destination CIDR, enter 0.0.0.0/0.
            3. For IP Protocol, select All Protocols.
         8. Click Create Security List.
6. Create the client subnet:
   1. Use the breadcrumb to return to the VCN details page.
   2. On your Virtual Cloud Network details page, under Resources, click Subnets.
   3. In the Subnets list, click Create Subnet.
   4. In the Create Subnet panel, complete the following fields:
      1. For Name, enter a name for the subnet, such as clientsubnet001.
      2. For Create in Compartment, select the compartment in which to create the subnet.
      3. For Subnet Type, select Regional.
      4. For IPv4 CIDR Blocks, enter 10.10.0.0/24.
      5. For Route Table in Compartment, select the client Route Table created in step 4a (client_rt01).
      6. (Optional) For Subnet Access, select one of the following:
         • Publict Subnet, to allow public IP addresses for instances created in this subnet.
         • Private Subnet, to prohibit public IP addresses for instances created in this subnet.
      7. For Security Lists, select the client Security List created in step 5c (client_sl01).
   5. Click Create Subnet.
7. Create the cluster subnet:
   1. On your Virtual Cloud Network details page, click Create Subnet.
   2. In the Create Subnet panel, complete the following fields:
      1. For Name, enter a name for the subnet, such as clustersubnet001.
      2. For Create in Compartment, select the compartment in which to create the subnet.
      3. For IPv4 CIDR Blocks, enter an IPv4 CIDR block such as, 10.10.1.0/24.
      4. For Route Table in Compartment, select the client Route Table created in step 4b (cluster_rt01).
      5. For Subnet Access, select Private Subnet.
      6. For Security Lists, select the client Security List created in step 5d (client_sl01).
   3. Click Create Subnet.
8. Create a private view:
   1. Use the Oracle Cloud console search bar to search for private view.
   2. In the search results, under Services, select Private views (DNS Management).
   3. On the Private views page, click Create private view.
   4. In the Create private view panel, enter a name, such as goldengate_dns_view, and then click Create.
9. Create a zone:
   1. Use the Oracle Cloud console search bar to search for zones.
   2. In the search results, under Services, select Zones (DNS Management).
   3. On the Zones page, click Private zones, and then click Create zone.
   4. In the Create private zone panel, enter a Zone name, such as goldengate.com, and then click Create.
   5. Ensure that the DNS private view selected is the private view created in step 8, and then click Create.
10. Update the associated DNS resolver:
    1. Use the breadcrumb to return to the Networking page, and then select Virtual cloud networks from the Networking menu.
    2. On the Virtual Cloud Networks page, select your VCN.
    3. On the Virtual Cloud Network details page, in the VCN information card, locate DNS Resolver, and click the VCN name.
    4. On the Private resolver details page, click Manage private views.
    5. In the Manage private views panel, select the DNS private view created in step 8 from the dropdown, and then click Save changes.