You can use these security features to protect your Oracle GoldenGate environment and the data that is being processed.
| Security Feature | What it Secures | Supported Databases | Description |
|---|---|---|---|
|
Data Encryption Two methods are available: |
|
Master key and wallet method is the preferred method on platforms that support it. Not valid for the DB2 for i, DB2 z/OS, and NonStop platforms.
|
Encrypts the data in files, across data links, and across TCP/IP. Use any of the following: |
|
Credential Store Identity Management |
User IDs and passwords (credentials) assigned to Oracle GoldenGate processes to log into a database. |
Credential store is the preferred password management method on platforms that support it. Not valid on the DB2 for i, DB2 z/OS, , and NonStop platforms. |
User credentials are maintained in secure wallet storage. Aliases for the credentials are specified in commands and parameters. |
|
Password Encryption |
Passwords specified in commands and parameter files that are used by Oracle GoldenGate processes to log into a database. |
Valid for all Oracle GoldenGate-supported databases and platforms. Blowfish must be used on the DB2 for i, DB2 z/OS, , and NonStop platforms. On other platforms, the credential store is the preferred password-management method. |
Encrypts a password and then provides for specifying the encrypted password in the command or parameter input. Use any of the following:
|
|
Command Authentication |
Oracle GoldenGate commands issued through GGSCI. |
Valid for all Oracle GoldenGate-supported databases and platforms. |
Stores authentication permissions in an operating-system-secured file. Configure a |
|
Trusted Connection |
TCP/IP connection to untrusted Oracle GoldenGate host machines that are outside a firewall. |
Valid for all Oracle GoldenGate-supported databases and platforms. |
Use any of the following:
|
|
Manager Security |
Access rules for Manager. |
Valid for all Oracle GoldenGate-supported databases and platforms. |
You can secure the following:
|
|
CryptoEngine |
Allows you to select the cryptographic library that better suits your needs: Portability (Classic), Portability and compliance with FIPS-140 standard (FIPS140), or enhanced throughput (Native). |
Valid for all Oracle GoldenGate-supported databases and platforms (Classic and FIPS140). Valid for all Oracle GoldenGate-supported databases on Linux.x64 and Windows.x64 (Native). |
Selects which cryptographic library the Oracle GoldenGate processes will use. |
Footnote 1
Advanced Encryption Standard (AES) is a symmetric-key encryption standard that is used by governments and other organizations that require a high degree of data security. It offers three 128-bit block-ciphers: a 128-bit key cipher, a 192-bit key cipher, and a 256-bit key cipher. To use AES for any database other than Oracle on a 32-bit platform, the path to the lib sub-directory of the Oracle GoldenGate installation directory must be set with the library path variable. For different platforms the library path variable is different. For Linux it is LD_LIBRARY_PATH. For IBM i and AIX it is LIBPATH, SHLIB_PATH variable for Solaris and the PATH variable on Windows. Not required for 64-bit platforms.
Footnote 2
Blowfish encryption: A keyed symmetric-block cipher. The Oracle GoldenGate implementation of Blowfish has a 64-bit block size with a variable-length key size from 32 bits to 256 bits.
Parent topic: Securing Oracle GoldenGate