Configure Secure Database Connections from Oracle GoldenGate
-
Include the
USERIDALIAS
option in the Extract and Replicat parameter files -
Set up a connection using TCP or Bequeath protocols
Important:
For Oracle database, it is recommended that you use the TCP or Bequeath protocols with Oracle GoldenGate to be able to use features such as efficient DDL notification. Avoid using the IPC protocol as there are intermittent issues with using this protocol. For details, see Table DDL Change Notification in the Oracle Database Development GuideSecurity Options for Specifying the Connection String in the Extract and Replicat Parameter Files
The following are the security options for specifying the connection string in the Extract or Replicat parameter file.
Credential store method:
USERIDALIAS ggeast
In the case of USERIDALIAS
, the alias
ggeast
is stored in the Oracle GoldenGate credential store with
the actual connection string. The following example uses the INFO
CREDENTIALSTORE
command to display the details of the credentials
configured in Oracle GoldenGate:
INFO CREDENTIALSTORE DOMAIN OracleGoldenGate
Output:
Domain: OracleGoldenGate
Alias: ggeast
Userid: ggadmin@dc1.example.com:1521/DBEAST.example.com
Setting up a Bequeath connection
Valid for Oracle database.
Oracle GoldenGate can connect to a database instance
without using the network listener if a Bequeath connect descriptor is added in the
tnsnames.ora
.
The following example shows the configuration for connecting to a database using Bequeath connect descriptor:
dbbeq = (DESCRIPTION=
(ADDRESS=(PROTOCOL=beq)
(ENVS='ORACLE_SID=sales,ORACLE_HOME=/app/db_home/oracle,LD_LIBRARY_PATH=/app/db_home/oracle/lib')
(PROGRAM=/app/db_home/oracle/bin/oracle)
(ARGV0=oraclesales)
(ARGS='(DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=beq)))'))
(CONNECT_DATA=(SID=sales)))
In this example:
/app/db_home
is the target Oracle database installation
directory
sales
is the database service name
ORACLE_SID
, ORACLE_HOME
, and
LD_LIBRARY_PATH
in the ENVS
parameter refers
to the target.
Note:
Make sure that there is no white space between these environment variable settings.Setting up a TCP connection
For Oracle database, you can configure connect description in the
tnsnames.ora
file for setting up a TCP connection
and save it in the credentials store in Oracle GoldenGate. The following example
shows the tnsnames.ora
file with the TCP connect
descriptor:
##tnsnames.ora file sample for database host DBEAST
cdb23_root = (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=DBEAST)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=rdbms.oracle.com)))
cdb23_pdb0 = (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=DBEAST)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=cdb1_pdb0.rdbms.oracle.com)))
cdb23_pdbeast = (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=DBEAST)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=cdb1_pdbeast.rdbms.oracle.com)))
cdb23_pdbwest = (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=DBEAST)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=cdb1_pdbwest.rdbms.oracle.com)))
To configure additional security options using sqlnet.ora
, see Connecting to a Database Using Strong Authentication