Create Real-Time Data Synchronization from On-Premises to Oracle Database@Azure with OCI GoldenGate

Ensure business continuity with real-time data synchronization across hybrid and multicloud environments.

Before You Begin

In order to take advantage of this reference architecture, the following are required:

• Access to a Microsoft Azure subscription and directory.
• Access to an Oracle Cloud Infrastructure (OCI) tenancy.
• Adequate Oracle Exadata Database Service, Oracle Autonomous Database Serverless, and OCI GoldenGate service limits prior to provisioning.
• An active Oracle Database@Azure multicloud link between the Azure and OCI clouds.

Note:

With a multicloud solution, networking is a key determinant of overall system performance. The customer is responsible for ensuring that the cloud-to-on-premises network (bandwidth and latency) is thoroughly tested to ensure the application performance meets the defined business requirements.

Architecture

This architecture shows how to use Oracle Database@Azure and OCI GoldenGate with your data on-premises to establish business continuity with real-time data synchronization across hybrid environments.

The platforms are connected by an OCI managed network and a VCN that spans both regions and includes a local peering gateway. Oracle Database@Azure resides within the VCN in the Azure region and uses local peering to receive data from the services located in the HUB VCN in OCI through the OCI managed network. OCI GoldenGate is accessible using a private endpoint (PE) from within the OCI network that secures access to OCI resources.

In addition, OCI FastConnect and a site-to-site VPN provide a path for data going from on-premises to OCI. Data flows into the dynamic routing gateway on the OCI HUB VCN from the site-to-site VPN and OCI FastConnect connections. From there, it flows to the Oracle Database@Azure.

The following diagram illustrates this reference architecture.

Description of the illustration premises-oracle-dba-goldengate-diagram.png

premises-oracle-dba-goldengate-diagram-oracle.zip

The architecture has the following Azure components:

• Azure region

  An Azure region is a geographical area in which one or more physical Azure data centers, called availability zones, reside. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).

  Azure and OCI regions are localized geographic areas. For Oracle Database@Azure, an Azure region is connected to an OCI region, with availability zones (AZs) in Azure connected to availability domains (ADs) in OCI. Azure and OCI region pairs are selected to minimize distance and latency.

• Azure availability zone

  An availability zone is a physically separate data center within a region that is designed to be available and fault tolerant. Availability zones are close enough to have low-latency connections to other availability zones.

• Azure virtual network (VNet) and subnet

  A VNet is a virtual network that you define in Azure. A VNet can have multiple non-overlapping CIDR blocks subnets that you can add after your create the VNet. You can segment a VNet into subnets, which can be scoped to a region or to an availability zones. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VNet. Use VNet to isolate your Azure resources logically at the network level.

• Azure route table

  Route tables direct traffic between Azure subnets, VNets, and networks outside Azure.

• Azure network security group

  A network security group contains rules to control network traffic between the Azure resources within a VNet. Each rule specifies the source or destination, port, protocol, and direction of network traffic that's allowed or denied.

• Azure delegated client subnet

  Oracle Database@Azure is connected to Azure's VNet using a virtual NIC from your delegated subnet (delegated to Oracle.Database/networkAttachment).

• Oracle Database@Azure

  Oracle Database@Azure is the Oracle Database service (Oracle Exadata Database Service on Dedicated Infrastructure and Oracle Autonomous Database Serverless) running on Oracle Cloud Infrastructure (OCI), deployed in Microsoft Azure data centers. The service offers features and price parity with OCI, users purchase the service on Azure Marketplace.

  Oracle Database@Azure integrates Oracle Exadata Database Service, Oracle Real Application Clusters (Oracle RAC), and Oracle Data Guard technologies into the Azure platform. Users manage the service on the Azure console and with Azure automation tools. The service is deployed in Azure Virtual Network (VNet) and integrated with the Azure identity and access management system. The OCI and Oracle Database generic metrics and audit logs are natively available in Azure. The service requires users to have an Azure subscription and an OCI tenancy. Autonomous Database is built on Oracle Exadata infrastructure, is self-managing, self-securing, and self-repairing, helping eliminate manual database management and human errors. Autonomous Database enables development of scalable AI-powered apps with any data using built-in AI capabilities using your choice of large language model (LLM) and deployment location.

  Both Oracle Exadata Database Service and Oracle Autonomous Database Serverless are easily provisioned through the native Azure Portal, enabling access to the broader Azure ecosystem.

The architecture has the following Oracle components:

• OCI region

  An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).

• Oracle Exadata Database Service on Dedicated Infrastructure

  Oracle Exadata Database Service on Dedicated Infrastructure delivers proven Oracle Database capabilities on purpose-built, optimized Oracle Exadata infrastructure in the public cloud. Built-in cloud automation, elastic resource scaling, security, and fast performance for OLTP, in-memory analytics, and converged Oracle Database workloads help simplify management and reduce costs.

  Exadata Cloud Infrastructure X9M brings more CPU cores, increased storage, and a faster network fabric to the public cloud. Exadata X9M storage servers include Exadata RDMA Memory (XRMEM), creating an additional tier of storage, boosting overall system performance. Exadata X9M combines XRMEM with innovative RDMA algorithms that bypass the network and I/O stack, eliminating expensive CPU interrupts and context switches.

  Exadata Cloud Infrastructure X9M increases the throughput of its 100 Gbps active-active Remote Direct Memory Access over Converged Ethernet (RoCE) internal network fabric, providing a faster interconnect than previous generations with extremely low-latency between all compute and storage servers.

• OCI GoldenGate

  Oracle Cloud Infrastructure GoldenGate is a managed service that provides a real-time data mesh platform, replication to keep data highly available, and real-time analysis. You can design, run, and monitor your data replication and data streaming solutions without allocating or managing compute environments.

• GoldenGate private endpoint

  A private endpoint is a private IP address within your VCN that OCI GoldenGate uses to access a resource. OCI GoldenGate sets up the private endpoint in a subnet of your choice within one of your VCNs.

• FastConnect

  Oracle Cloud Infrastructure FastConnect creates a dedicated, private connection between your data center and Oracle Cloud Infrastructure. FastConnect provides higher-bandwidth options and a more reliable networking experience when compared with internet-based connections.

• Availability domain

  Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain shouldn't affect the other availability domains in the region.

• Virtual cloud network (VCN) and subnet

  A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.

• Network security group (NSG)

  Network security group (NSG) acts as a virtual firewall for your cloud resources. With the zero-trust security model of Oracle Cloud Infrastructure, all traffic is denied, and you can control the network traffic inside a VCN. An NSG consists of a set of ingress and egress security rules that apply to only a specified set of VNICs in a single VCN.

• Route table

  Virtual route tables contain rules to route traffic from subnets to destinations outside a VCN, typically through gateways.

• Dynamic routing gateway (DRG)

  The DRG is a virtual router that provides a path for private network traffic between VCNs in the same region, between a VCN and a network outside the region, such as a VCN in another Oracle Cloud Infrastructure region, an on-premises network, or a network in another cloud provider.

• Local peering

  Local peering enables you to peer one VCN with another VCN in the same region. Peering means the VCNs communicate using private IP addresses, without the traffic traversing the internet or routing through your on-premises network.

• Site-to-Site VPN

  Site-to-Site VPN provides IPSec VPN connectivity between your on-premises network and VCNs in Oracle Cloud Infrastructure. The IPSec protocol suite encrypts IP traffic before the packets are transferred from the source to the destination and decrypts the traffic when it arrives.

• Transparent Data Encryption (TDE)

  Transparent Data Encryption (TDE) transparently encrypts data at rest in an Oracle Database. It stops unauthorized attempts from the operating system to access database data stored in files, without impacting how applications access the data using SQL. TDE is fully integrated with Oracle Database and can encrypt entire database backups (RMAN), Data Pump exports, entire application tablespaces, or specific sensitive columns. Encrypted data remains encrypted in the database, whether it is in tablespace storage files, temporary tablespaces, undo tablespaces, or other files such as redo logs.

Recommendations

Use the following recommendations as a starting point. Your requirements might differ from the architecture described here.

• Choice of location

  We recommend creating the OCI GoldenGate resources in the same OCI tenancy and region as Oracle Database@Azure to achieve optimal end-to-end latency.

• Provisioning

  Choose the right size of the OCI FastConnect to support the bandwidth needs for the workload.

• Parallelism

  It is recommended that parallel replication in OCI GoldenGate be set up to speed up applying lag where possible.

Considerations

When synchronizing data from on-premises to Oracle Database@Azure with OCI GoldenGate, consider these options.

OCI GoldenGate:

• Source database

  OCI GoldenGate supports various database technologies, such as Oracle Database, Exadata, MySQL, PostgreSQL, and Microsoft SQL Server. See "Supported connection types for Data Replication" in Explore More.

• Cost

  OCI GoldenGate provides a web-based flexible and elastic service to move data in real-time.

• Performance
  • Network latency is vital for performance. Check and measure the network latency as part of application performance testing.
  • The customer is responsible for ensuring that the cloud-to-on-premises network (bandwidth and latency) is thoroughly tested to ensure the application performance meets the defined business requirements. We recommend selecting nearby application and database regions to achieve optimal end-to-end performance.
• Connectivity
  • OCI FastConnect and a site-to-site VPN provide a path for data going from on-premises to OCI.
  • Use a dedicated endpoint and select a private subnet when creating the connection to Oracle Database@Azure.
  • Use the redirect session mode when creating the connection to Oracle Exadata Database Service on Dedicated Infrastructure to use the Single Client Access Name (SCAN) listener.
  • The proper routing, DNS, and security rules must be in place to allow OCI GoldenGate to access your resources.

Networking setup for Oracle Database@Azure and OCI GoldenGate:

• Azure environment
  • Utilizes an Azure Virtual Network (VNet) for networking.
  • Creates virtual network interface cards (VNICs) inside a pre-created delegated subnet.
• OCI environment
  • Oracle Database@Azure connects to a client subnet within an OCI virtual cloud network (VCN).
  • To connect the database VCN with the hub VCN, communication transits through a local peering gateway (LPG).
    1. Log in to the OCI Console and create a local peering gateway (LPG) in the VCNs of the primary and standby Exadata VM clusters.
    2. Establish a peer connection between the primary and standby LPG and select the un-peered peer gateway in the standby VCN.

       Note:

       Each VCN can have only one LPG. A hub VCN will need to be configured if there are multiple databases on a given Exadata VM cluster that will have standby databases on different Exadata VM clusters.
    3. Update the default route table to route the traffic between the primary and standby databases via the OCI network without incurring any inbound and outbound data transfer costs.
• Client connectivity:
  • This network setup allows client connectivity from both Azure and OCI resources.
  • However, it does not permit direct communication between OCI resources and Azure resources.

  This comprehensive setup ensures robust, secure connectivity across OCI and Azure environments, supporting versatile deployment scenarios. See "Access to Microsoft Azure" in Explore More.

Explore More

Learn more about Oracle Database@Azure and OCI GoldenGate.

Review these additional resources:

• Access Oracle Cloud Infrastructure GoldenGate in Oracle Cloud Infrastructure GoldenGate
• Explore quickstarts in Oracle Cloud Infrastructure GoldenGate
• Supported connection types for Data Replication in Oracle Cloud Infrastructure GoldenGate
• Oracle Database@Azure in Oracle Cloud Infrastructure Documentation
• Access to Microsoft Azure in Oracle Cloud Infrastructure Documentation
• Announcing the Oracle Database@Azure Course (blog)
• Oracle Database@Azure is Gold Maximum Availability Architecture endorsed (blog)

Acknowledgments

• Authors: Julien Testut, Suzanne Holliday, Thomas van Buggenhout
• Contributors: Leo Alvarado, John Sulyok