Valid For
Passive Extract
Description
Use the RMTHOSTOPTIONS parameter to control attributes of a TCP/IP connection made between an Extract group running in PASSIVE mode on a less trusted source to a target system in a more secure network zone. This parameter controls compression, data encryption, buffer attributes, streaming, and the wait period for a connection request. It also can be used to set Collector parameters.
This parameter differs from the RMTHOST parameter because it does not provide the host information needed to establish a remote connection. When Extract is running in PASSIVE mode, all connections between source and target are established by an alias Extract group on the target.
All parameter options must be specified in one RMTHOSTOPTIONS statement. If multiple RMTHOSTOPTIONS statements are used, the last one in the parameter file is used, and the others are ignored. RMTHOSTOPTIONS overrides any RMTHOST statements in the file.
See RMTHOST for additional information about supported IP protocols.
The RMTHOST and RMTHOSTOPTIONS parameters can be specified together; the RMTHOST parameter is not required for RMTHOSTOPTIONS if the dynamic IP assignment is properly configured. When RMTHOSTOPTIONS is used, the MGRPORT option is ignored.
For more information about using Oracle GoldenGate in a zoned network, see Administering Oracle GoldenGate.
Default
None
Syntax
RMTHOSTOPTIONS [, COMPRESS] [, COMPRESSTHRESHOLD] [, ENCRYPT algorithm [KEYNAME key_name]] [, PARAMS collector_parameters] [, STREAMING | NOSTREAMING] [, TCPBUFSIZE bytes] [, TCPFLUSHBYTES bytes] [, TIMEOUT seconds]
COMPRESSCompresses outgoing blocks of records to reduce bandwidth requirements. Oracle GoldenGate decompresses the data before writing it to the trail. COMPRESS typically results in compression ratios of at least 4:1 and sometimes better. However, compressing data can consume CPU resources.
COMPRESSTHRESHOLDSets the minimum block size for which compression is to occur. Valid values are from 0 and through 28000. The default is 1,000 bytes.
ENCRYPT algorithm [KEYNAME key_name]Encrypts the data stream sent over TCP/IP to the target system. This option supports the following encryption options:
Master key and wallet method: Generate a one-time AES key to encrypt the data across the TCP/IP network. Then, the one-time key is encrypted by the master-key and stored in the trail file header.
ENCKEYS method: Generate an AES encryption key, store it under a given name in an ENCKEYS file, and configure Oracle GoldenGate to use that key to directly encrypt the data across the TCP/IP network.
algorithmSpecifies the encryption algorithm to use:
AES128 uses the AES-128 cipher, which has a key size of 128 bits. AES128 is the default if no algorithm is specified.
AES192 uses the AES-192 cipher, which has a key size of 192 bits.
AES256 uses the AES-256 cipher, which has a key size of 256 bits.
BLOWFISH uses Blowfish encryption with a 64-bit block size and a variable-length key size from 32 bits to 128 bits. Use BLOWFISH for backward compatibility with earlier Oracle GoldenGate versions and for Oracle GoldenGate installations for DB2 on z/OS, DB2 for i, and SQL/MX on NonStop. On those platforms, BLOWFISH is the only supported encryption method. Use AES where supported, because it is more secure than BLOWFISH for those platforms.
KEYNAME key_nameSpecifies that the ENCKEYS method of encryption will be used. Not valid for the master key and wallet method. For key_name, specify the logical name of the user-defined encryption key. Oracle GoldenGate uses the key name to look up the actual key in the ENCKEYS lookup file. To use the ENCKEYS method, you must:
Generate the encryption key.
Store it in an ENCKEYS lookup file.
Copy ENCKEYS to every system where encryption or decryption (or both) are performed.
To use AES encryption for any database other than Oracle on a 32-bit platform, the path of the lib sub-directory of the Oracle GoldenGate installation directory must be specified as an environment variable before starting any processes. This is not required on 64-bit platforms. Set the path as follows:
Linux: Specify the path as an entry to the LD_LIBRARY_PATH. For example:
setenv LD_LIBRARY_PATH ./lib:$LD_LIBRARY_PATH
For Solaris: Specify the path as an entry to the SHLIB_PATH variable.
For IBMi and AIX: Specify the path as an entry to the LIBPATH variable.
Windows: Add the path to the PATH variable.
You can use the SETENV parameter to set the library as a session variable for the process.
PARAMS collector_parametersSpecifies Collector parameters on a NonStop target system.
Note:
Do not specify a Collector port (-p argument) if Manager will be starting Collector dynamically.
For more information about Collector parameters on the NonStop platform, see Reference Guide for Oracle GoldenGate for HP NonStop (Guardian).
STREAMING | NOSTREAMINGControls TCP/IP streaming.
STREAMINGEnables the asynchronous internet streaming protocol and is the default. In STREAMING mode, the receiver (Collector) does not send an acknowledgement to the sender (primary Extract or data pump) for any data packet unless the packet contains a flag requesting a response, typically when the sender must checkpoint or determine a write position. Because this method omits acknowledgements, the sender or receiver process terminates if there is a network disruption; therefore, when using STREAMING, use the AUTORESTART parameter in the Manager parameter file to restart Extract and Collector if they terminate.
NOSTREAMINGEnables the synchronous internet protocol. In NOSTREAMING mode, the sender sends a packet and then waits for the receiver to acknowledge it, before sending the next packet. This method is more reliable, because it enables the sender or receiver process to recover if there is a network disruption.
Extract falls back to the synchronous protocol automatically if the host system of the receiver process is not configured to use streaming.
Keep the STREAMING default unless you are requested to disable it, because streaming reduces transmission latency, especially in networks where latency is a problem already. Streaming is not supported for initial-load tasks where Extract communicates directly with Replicat.
TCPFLUSHBYTES bytesControls the size of the buffer, in bytes, that collects data that is ready to be sent across the network. When either this value or the value of the FLUSHSECS parameter is reached, the data is flushed to the target.
The default is 30,000 bytes. Valid values are from 1000 to 200000000 (two hundred million) bytes, but should be at least the value of TCPBUFSIZE.
Do not use this parameter for an initial load Extract. It is valid only for an online Extract group. Do not use this parameter if the target system is NonStop.
TIMEOUT secondsSpecifies how long an Extract running in PASSIVE mode waits to get a connection from Collector, and how long Extract waits for a heartbeat signal from Collector before terminating a connection. Valid values are 1 second to 1800 seconds (30 minutes). The default value is 300 seconds (5 minutes). Setting the timeout to a very low value is not recommended in a production setting. You might need to increase the TIMEOUT value if you see a warning in the error log that there was a TCP/IP error 10054 (existing connection forcibly closed by remote host). This error typically occurs when the Extract terminates itself after the TIMEOUT value is exceeded.
Example
RMTHOSTOPTIONS ENCRYPT AES192, KEYNAME newyork, COMPRESS, COMPRESSTHRESHOLD 750, TCPBUFSIZE 100000, TCPFLUSHBYTES 300000, NOSTREAMING