Valid For
Passive Extract
Description
Use the RMTHOSTOPTIONS
parameter to control attributes of a TCP/IP connection made between an Extract group running in PASSIVE
mode on a less trusted source to a target system in a more secure network zone. This parameter controls compression, data encryption, buffer attributes, streaming, and the wait period for a connection request. It also can be used to set Collector parameters.
This parameter differs from the RMTHOST
parameter because it does not provide the host information needed to establish a remote connection. When Extract is running in PASSIVE
mode, all connections between source and target are established by an alias Extract group on the target.
All parameter options must be specified in one RMTHOSTOPTIONS
statement. If multiple RMTHOSTOPTIONS
statements are used, the last one in the parameter file is used, and the others are ignored. RMTHOSTOPTIONS
overrides any RMTHOST
statements in the file.
See RMTHOST
for additional information about supported IP protocols.
The RMTHOST
and RMTHOSTOPTIONS
parameters can be specified together; the RMTHOST
parameter is not required for RMTHOSTOPTIONS
if the dynamic IP assignment is properly configured. When RMTHOSTOPTIONS
is used, the MGRPORT
option is ignored.
For more information about using Oracle GoldenGate in a zoned network, see Administering Oracle GoldenGate.
Default
None
Syntax
RMTHOSTOPTIONS [, COMPRESS] [, COMPRESSTHRESHOLD] [, ENCRYPT algorithm [KEYNAME key_name]] [, PARAMS collector_parameters] [, STREAMING | NOSTREAMING] [, TCPBUFSIZE bytes] [, TCPFLUSHBYTES bytes] [, TIMEOUT seconds]
COMPRESS
Compresses outgoing blocks of records to reduce bandwidth requirements. Oracle GoldenGate decompresses the data before writing it to the trail. COMPRESS
typically results in compression ratios of at least 4:1 and sometimes better. However, compressing data can consume CPU resources.
COMPRESSTHRESHOLD
Sets the minimum block size for which compression is to occur. Valid values are from 0 and through 28000. The default is 1,000 bytes.
ENCRYPT
algorithm
[KEYNAME
key_name
]Encrypts the data stream sent over TCP/IP to the target system. This option supports the following encryption options:
Master key and wallet method: Generate a one-time AES key to encrypt the data across the TCP/IP network. Then, the one-time key is encrypted by the master-key and stored in the trail file header.
ENCKEYS method: Generate an AES encryption key, store it under a given name in an ENCKEYS
file, and configure Oracle GoldenGate to use that key to directly encrypt the data across the TCP/IP network.
algorithm
Specifies the encryption algorithm to use:
AES128
uses the AES-128 cipher, which has a key size of 128 bits. AES128 is the default if no algorithm is specified.
AES192
uses the AES-192 cipher, which has a key size of 192 bits.
AES256
uses the AES-256 cipher, which has a key size of 256 bits.
BLOWFISH
uses Blowfish encryption with a 64-bit block size and a variable-length key size from 32 bits to 128 bits. Use BLOWFISH
for backward compatibility with earlier Oracle GoldenGate versions and for Oracle GoldenGate installations for DB2 on z/OS, DB2 for i, and SQL/MX on NonStop. On those platforms, BLOWFISH
is the only supported encryption method. Use AES where supported, because it is more secure than BLOWFISH
for those platforms.
KEYNAME
key_name
Specifies that the ENCKEYS
method of encryption will be used. Not valid for the master key and wallet method. For key_name
, specify the logical name of the user-defined encryption key. Oracle GoldenGate uses the key name to look up the actual key in the ENCKEYS
lookup file. To use the ENCKEYS
method, you must:
Generate the encryption key.
Store it in an ENCKEYS
lookup file.
Copy ENCKEYS
to every system where encryption or decryption (or both) are performed.
To use AES encryption for any database other than Oracle on a 32-bit platform, the path of the lib
sub-directory of the Oracle GoldenGate installation directory must be specified as an environment variable before starting any processes. This is not required on 64-bit platforms. Set the path as follows:
Linux: Specify the path as an entry to the LD_LIBRARY_PATH
. For example:
setenv LD_LIBRARY_PATH ./lib:$LD_LIBRARY_PATH
For Solaris: Specify the path as an entry to the SHLIB_PATH
variable.
For IBMi and AIX: Specify the path as an entry to the LIBPATH
variable.
Windows: Add the path to the PATH
variable.
You can use the SETENV
parameter to set the library as a session variable for the process.
PARAMS
collector_parameters
Specifies Collector parameters on a NonStop target system.
Note:
Do not specify a Collector port (-p
argument) if Manager will be starting Collector dynamically.
For more information about Collector parameters on the NonStop platform, see Reference Guide for Oracle GoldenGate for HP NonStop (Guardian).
STREAMING | NOSTREAMING
Controls TCP/IP streaming.
STREAMING
Enables the asynchronous internet streaming protocol and is the default. In STREAMING
mode, the receiver (Collector) does not send an acknowledgement to the sender (primary Extract or data pump) for any data packet unless the packet contains a flag requesting a response, typically when the sender must checkpoint or determine a write position. Because this method omits acknowledgements, the sender or receiver process terminates if there is a network disruption; therefore, when using STREAMING
, use the AUTORESTART
parameter in the Manager parameter file to restart Extract and Collector if they terminate.
NOSTREAMING
Enables the synchronous internet protocol. In NOSTREAMING
mode, the sender sends a packet and then waits for the receiver to acknowledge it, before sending the next packet. This method is more reliable, because it enables the sender or receiver process to recover if there is a network disruption.
Extract falls back to the synchronous protocol automatically if the host system of the receiver process is not configured to use streaming.
Keep the STREAMING
default unless you are requested to disable it, because streaming reduces transmission latency, especially in networks where latency is a problem already. Streaming is not supported for initial-load tasks where Extract communicates directly with Replicat.
TCPFLUSHBYTES
bytes
Controls the size of the buffer, in bytes, that collects data that is ready to be sent across the network. When either this value or the value of the FLUSHSECS
parameter is reached, the data is flushed to the target.
The default is 30,000 bytes. Valid values are from 1000 to 200000000 (two hundred million) bytes, but should be at least the value of TCPBUFSIZE
.
Do not use this parameter for an initial load Extract. It is valid only for an online Extract group. Do not use this parameter if the target system is NonStop.
TIMEOUT
seconds
Specifies how long an Extract running in PASSIVE
mode waits to get a connection from Collector, and how long Extract waits for a heartbeat signal from Collector before terminating a connection. Valid values are 1 second to 1800 seconds (30 minutes). The default value is 300 seconds (5 minutes). Setting the timeout to a very low value is not recommended in a production setting. You might need to increase the TIMEOUT
value if you see a warning in the error log that there was a TCP/IP error 10054 (existing connection forcibly closed by remote host). This error typically occurs when the Extract terminates itself after the TIMEOUT
value is exceeded.
Example
RMTHOSTOPTIONS ENCRYPT AES192, KEYNAME newyork, COMPRESS, COMPRESSTHRESHOLD 750, TCPBUFSIZE 100000, TCPFLUSHBYTES 300000, NOSTREAMING