Oracle Cloud Infrastructure Documentation

Replicate data between cloud databases in different regions with VCN peering

Learn to set up and configure Oracle Cloud Infrastructure GoldenGate and Virtual Cloud Network (VCN) peering to replicate data between two Autonomous Databases located in two different regions.

Overview

Oracle Cloud Infrastructure GoldenGate enables you to replicate data in supported OCI databases located in different regions with private endpoints. This example demonstrates how to connect OCI GoldenGate in Phoenix (Region A) to an Autonomous Transaction Processing (ATP) instance in Frankfurt (Region B) with a private endpoint.

Description of vcn-peering.png follows

Before you begin

You must have the following in order to proceed:

Task 1: Configure networking

  1. In Region A, create a VCN (VCN A) with two regional subnets:
    • Public (10.0.0.0/24)
    • Private (10.0.1.0/24)
    1. On the VCN A Details page, under Resources, click Dynamic Routing Gateway Attachments, and then click Create DRG Attachment.
    2. In the Create DRG Attachment panel, select the DRG you created, and then click Create DRG Attachment.
    3. In the DRG Attachments list, click the DRG name in the Dynamic Routing Gateway column. You're brought to the DRG Details page.
    4. On the DRG Details page, under Resources, click Remote Peering Connection Attachments, and then click Create Remote Peering Connection.
    5. In the Create Remote Peering Connection panel, enter a name, leave the default settings as is, and then click Create Remote Peering Connection. An RPC attachment is automatically added to the DRG and its peering status set to New (not peered).
    6. In the Remote Peering Connections Attachments list, under Remote Peering Connection, click the RPC name.
    7. On the RPC Details page, for OCID, click Copy.
      Note

      You can temporarily paste the OCID to a text editor for later use.
  2. Repeat the previous step in Region B to create a VCN (VCN B) with two regional subnets and DRG:
    • Public (192.168.0.0/24)
    • Private (192.168.1.0/24)
  3. On Region B's RPC Details page, click Establish Connection, select Region A's RPC, and then paste Region A's RPC OCID. The Peer Status is then set to Peered.
  4. On VCN A's Details page, under Resources, click Route Tables, and then click route table for private subnet-<VCN Name>.
  5. Click Add Route Rules.
  6. In the Add Route Rules panel, complete the following fields, and then click Add Route Rules:
    1. Target Type: Dynamic Routing Gateway
    2. Destination CIDR Block: 192.168.1.0/24
  7. On VCN B's Details page, under Resources, click Security Lists, and then click security list for private subnet-<VCN Name>.
  8. Click Add Ingress Rules.
  9. In the Add Ingress Rules dialog, complete the following fields and then click Add Ingress Rules:
    1. Source Type: CIDR
    2. Source CIDR: 10.0.1.0/24
    3. IP Protocol: TCP
    4. Source Port Range: All
    5. Destination Port Range: 1522
      Note

      This is the default port to access Oracle Autonomous Database (ADB) instances.
  10. On VCN B's Details page, under Resources, click Route Tables, and then click route table for private subnet-<VCN Name>.
  11. Click Add Route Rules.
  12. In the Add Route Rules panel, complete the following fields and then click Add Route Rules:
    1. Target Type: Dynamic Routing Gateway
    2. Destination CIDR: 10.0.1.0/24

Task 2: Create a deployment

Ensure that you use VCN A in Region A, which was peered with VCN B in Region B.

To see which regions OCI GoldenGate is available in, see Cloud Data Regions.

  1. In the Console navigation menu, click Oracle Database, and then select GoldenGate.
  2. On the Deployments page, click Create deployment.
  3. In the Create deployment panel, enter a name and optionally, a description.
  4. From the Compartment dropdown, select a compartment in which to create the deployment.
  5. Select one of the following options:
    • Production: Sets up a deployment with recommended defaults for a production environment. The minimum number of OCPUs is 4, with auto-scaling enabled.
    • Development or testing: Sets up a deployment with recommended defaults for a development or testing environment. The minimum number of OCPUs is 1.
  6. For OCPU count enter the number of Oracle Compute units (OCPUs) to use.
    Note

    One OCPU is equivalent to 16gb of memory. For more information, see OCPU management and billing.
  7. (Optional) Select Auto scaling.
    Note

    Auto scaling enables OCI GoldenGate to scale up to three times the number of OCPUs you specify for OCPU Count, up to 24 OCPUs. For example, if you specify your OCPU Count as 2 and enable Auto Scaling, then your deployment can scale up to 6 OCPUs. If you specify your OCPU Count as 20 and enable Auto Scaling, OCI GoldenGate can only scale up to 24 OCPUs.
  8. From the Subnet in <Compartment> dropdown, select the subnet to which a private endpoint is created from the OCI GoldenGate service tenancy. This ensures that the deployment is always available over this subnet, as long as the policies for this subnet allow access. The private endpoint is only used to access the deployment console, and doesn't provide access to other resources in the subnet.

    To select a subnet in a different compartment, click Change compartment.

    Note

    You can only select a private subnet when creating a deployment.
  9. Select a license type.
  10. (Optional) Click Show advanced options for network options and to add tags.
    1. In the Network tab,
      1. Select Enable GoldenGate console public access to include a public endpoint in addition to a private endpoint, and allow public access to the deployment console for users. If selected, OCI GoldenGate creates a load balancer in your tenancy to create a public IP. Select a subnet in the same VCN as this deployment in which to create the load balancer.
        Note

        The load balancer is a resource that comes with an additional cost. You can manage this resource, but ensure that you don't delete the load balancer while your deployment is still in use. Learn more about load balancer pricing.

      2. Select Customize endpoint to provide a private fully qualified domain name (FQDN) prefix that you'll use to access the private service console URL. You can also optionally upload an SSL/TLS certificate (.pem) and its corresponding private key, however, password protected certificates are not supported.

        • It's your responsibility to ensure that the FQDN resolves to the deployment's private IP address in the subnet you previously selected.
        • If the deployment is public, it's your responsibility to ensure that the FQDN publicly resolves to the deployment's public IP address.

        A self-signed certificate is generated for you, if you don't provide one.

        Note

        Your SSL certificate must meet the following requirements:
        • It's common name should match the deployment's FQDN. If it doesn't, you'll encounter warnings when you access the deployment console.
        • It must be signed using a strong hashing algorithm. arcfour, arcfour128, arcfour256, none algorithm types are not permitted.
        • It must not be expired.
        • It's maximum validity should not exceed 13 months.
        • It must not be a self-signed certificate.
        If you encounter "Invalid Private Key" errors, you can check the correctness of the key using the following OpenSSL commands. Run this command against the certificate:
        openssl x509 --noout --modulus --in <cert>.pem |openssl md5

        Then run this command on the private key:

        openssl rsa --noout --modulus --in <key>.pem |openssl md5

        The output of the two commands should return the same md5 value. If it doesn't, then the certificate and private key don't match.

    2. In the Maintenance tab:
      1. Select Customize maintenance window to define the start of the maintenance window to upgrade the deployment.
      2. (Optional) For Major release auto-upgrade period in days, enter the number of days, between 0 and 365.
      3. (Optional) For Bundle release auto-upgrade period in days, enter the number of days, between 0 and 180 days.
      4. (Optional) For Security patch auto-upgrade period in days, enter the number of days, between 0 and 14 days.
      5. Select Enable interim release auto-upgrade, and, optionally, enter the number of days.
      Note

      Learn more about scheduling upgrades.
    3. In the Tags tab, add tags to help track the resources within your tenancy. Click + Additional tag to add more tags. Learn more about tagging.
  11. Click Next.
  12. For Deployment type, select Data replication.
  13. From the Select a technology dropdown, Oracle Database.

    See what's supported to learn which databases and technologies you can use as OCI GoldenGate sources and targets.

  14. For Version, the latest version is automatically selected. Click Change version to select a different version.
    Note

    Learn more about versions.
  15. For GoldenGate instance name, enter the name that the deployment will assign to the GoldenGate deployment instance upon creation.
  16. For Credential store, select one of the following:
    • OCI Identity and Access Management (OCI IAM), to enable users to log in to the the deployment console using their Oracle Cloud account (single sign on) in IAM (Identity and Access Management) enabled tenancies.
      Note

      Once you select IAM, you won't be able to switch to GoldenGate when you edit the deployment settings at a later time.
    • GoldenGate, for GoldenGate to manage users.
      1. Enter the Administrator username
      2. Select a password secret in your compartment or click Change compartment to select one in a different compartment. You can also create a new password secret.

        To create a new password secret:

        1. Click Create password secret.
        2. In the Create secret panel, enter a name for the secret, and optionally, a description.
        3. Select a compartment from the Compartment dropdown in which to save your secret.
        4. Select a vault in the current compartment, or click Change compartment to select a vault in a different compartment.
        5. Select an Encryption key.
          Note

          Only AES keys, Software protected keys, and HSM keys are supported. RSA and ECDSA keys are not supported for GoldenGate password secret keys.
        6. Enter a password 8 to 30 characters in length, containing at least 1 uppercase, 1 lowercase, 1 numeric and 1 special character. The special characters must not be '$', '^' or '?'.
        7. Confirm the password.
        8. Click Create.
      Note

      You can manage GoldenGate users in the deployment console. Learn more.
  17. Click Create.

Task 4: Create and assign connections

  1. Create connections for the source and target databases.
    Note

    Ensure that:
    • You select 'Dedicated endpoint' for Traffic routing method.
    • Ensure that the domain used by the FQDN provided in the connection string or wallet is being correctly forwarded to the appropriate DNS Resolver using its Rules. See Resolver Rules for more information.
  2. Assign the connections to the deployment created in Task 2.

Task 5: Replicate data

  1. Navigate back to the Deployments page, and then select the deployment you created in Task 2.
  2. On the Deployment details page, click Launch console.
  3. Log in to the OCI GoldenGate deployment console
  4. Add transaction information and a a checkpoint table.
  5. Add and run an Extract.
  6. Add and run a Replicat.

Task 6: Monitor and maintain processes

Learn more