1. Administering Oracle GoldenGate Classic Architecture
  2. Securing Oracle GoldenGate
  3. Overview of Security Options

18 Overview of Security Options

This topic describes the Oracle GoldenGate Classic Architecture security features and provides a comparison between Classic Architecture and Microservices Architecture.

Chapter Features Microservices Architecture Classic Architecture

Secure Deployments

REST API based access

N

Y

Secure Deployments

Browser-based user interface

Y

N

Secure Deployments
Remote Access Client

Note:

On-host Client Access does not support on-host access to the deployments on Oracle GoldenGate MA while Classic can provide a virtual on-host presence.

N

Y

Authentication and Authorization

TLS 1.2 Secured Network Communication

Y

N

Authentication and Authorization

Certificate-Based Authentication

N

Y

Authentication and Authorization

Role-based access control

N

Y

Authentication and Authorization

Support for External Identity Providers

N

Y

Data at Rest

Trail File Encryption

Y

Y

Data at Rest

KMS Integration (Oracle Key Vault)

Y

Y

Data at Rest

Multiple Masterkeys

N

Y

Data at Transit

Transparent reverse and forward proxy support

Y

N

Data at Transit

DMZ support with target-initiated paths
Y

Note:

Oracle GoldenGate MA Receiver Service can initiate distribution paths.

Y

Federal Security

FIPS

Y

Y

Appendix

OWASP Guidelines

Y

N

The following table describes details about the features being secured in Oracle GoldenGate Classic Architecture.

Security Objective What to Secure Security Features Supported Databases and Platforms

Securing Deployments

User IDs and passwords (credentials) assigned to Oracle GoldenGate processes to log into a database.

Credential Store Identity Management

Managing Identities in a Credential Store

Credential store is the preferred password management method on platforms that support it. Not valid for NonStop platforms.

Securing data at rest

Master Encryption Keys

Managing Data Encryption using Oracle Key Vault

.

All databases

Securing data at rest

Data in the trails or an Extract file

Encrypting Data with the Master Key and Wallet Method

Master key and wallet method is the preferred method on platforms that support it. Not valid for NonStop platforms.

Securing data at rest

Data sent across TCP/IP networks

Encrypting Data with the Master Key and Wallet Method

Master key and wallet method is the preferred method on platforms that support it. Not valid for NonStop platforms.

Securing data in transit

FIPS-140.

CryptoEngine

Valid for Oracle GoldenGate Classic and Microservices architectures and databases supported by Oracle GoldenGate.

Valid for all Oracle GoldenGate-supported databases on Linux-x64 and Windows-x64.

Parent topic: Securing Oracle GoldenGate