1. Microservices Architecture Documentation
  2. Secure
  3. Oracle GoldenGate Security Features

Oracle GoldenGate Security Features

This section presents the Oracle GoldenGate Security features available with the current release. The following table lists the security aspect and the associated Oracle GoldenGate feature that implements it.

Supported Oracle GoldenGate Security Feature Description


Supported feature

Secure Administration

  • All administrative operations are authorized and made with REST API calls

  • Support for TLS 1.3 (default) and TLS 1.2


Supported feature

Authentication

  • Credentials (user name/password)

  • Client certificates (without Reverse Proxy)

  • Single Sign On (SSO) support with external Identity Providers using OAuth/OIDC

  • OCI: Oracle Identity Manager (IAM), Oracle Identity Cloud Service (IDCS)

  • On-Premise: Oracle Access Man anger (OAM)

  • Token-based Authentication


Supported feature

Password management and MFA

  • Local password policy based on character length and rules

  • Supported and enforced by external Identity Provider (IDP)


Supported feature

Role based Access Control (RBAC)
Hierarchical Role based layout:

  • Security: User with this privilege, can perform all administrative tasks and authorizing new clients.

  • Administrator: User with this privilege, can perform all administrative tasks, but no authorizing new clients.

  • User: User with this privilege, can retrieve only status or monitoring information.

  • Operator: User with this privilege, with operator role can start and stop processes.


Supported feature

Database Credentials

  • Credentials stored in secure PKCS#12 wallet

  • Kerberos support, if available for the database, for example: Oracle.


Supported feature

Database Connectivity

Support based on Database client capabilities

Example: Oracle using TCPS or Native Network Encryption.


Supported feature

Network Trail File Distribution (Data in Transit)

  • Secured with industry standard secure streaming Websocket protocol (WSS)

  • Support for mutual TLS using client certificate


Supported feature

Proxy/DMZ

  • Support for reverse and forward Proxy

  • Target-initiated Distribution Path for DMZ systems


Supported feature

Trail File Encryption (Data in Rest)

  • Encryption support using AES128, AES192 or AES256

  • Support for Master key from external Key Management System (OKV, OCI-KMS)

  • Support of multiple Master Keys


Supported feature

Auditing

  • Logging of REST API Calls

  • Enabled System Security Logging