18 Overview of Security Options
This topic describes the Oracle GoldenGate Classic Architecture security features and provides a comparison between Classic Architecture and Microservices Architecture.
Chapter | Features | Microservices Architecture | Classic Architecture |
---|---|---|---|
Secure Deployments |
REST API based access |
N |
Y |
Secure Deployments |
Browser-based user interface |
Y |
N |
Secure Deployments |
Remote Access Client
Note: On-host Client Access does not support on-host access to the deployments on Oracle GoldenGate MA while Classic can provide a virtual on-host presence. |
N |
Y |
Authentication and Authorization |
TLS 1.2 Secured Network Communication |
Y |
N |
Authentication and Authorization |
Certificate-Based Authentication |
N |
Y |
Authentication and Authorization |
Role-based access control |
N |
Y |
Authentication and Authorization |
Support for External Identity Providers |
N |
Y |
Data at Rest |
Trail File Encryption |
Y |
Y |
Data at Rest |
KMS Integration (Oracle Key Vault) |
Y |
Y |
Data at Rest |
Multiple Masterkeys |
N |
Y |
Data at Transit |
Transparent reverse and forward proxy support |
Y |
N |
Data at Transit |
DMZ support with target-initiated paths |
Y
Note: Oracle GoldenGate MA Receiver Service can initiate distribution paths. |
Y |
Federal Security |
FIPS |
Y |
Y |
Appendix |
OWASP Guidelines |
Y |
N |
The following table describes details about the features being secured in Oracle GoldenGate Classic Architecture.
Security Objective | What to Secure | Security Features | Supported Databases and Platforms |
---|---|---|---|
Securing Deployments |
User IDs and passwords (credentials) assigned to Oracle GoldenGate processes to log into a database. |
Credential Store Identity Management |
Credential store is the preferred password management method on platforms that support it. Not valid for NonStop platforms. |
Securing data at rest |
Master Encryption Keys |
. |
All databases |
Securing data at rest |
Data in the trails or an Extract file |
Master key and wallet method is the preferred method on platforms that support it. Not valid for NonStop platforms. |
|
Securing data at rest |
Data sent across TCP/IP networks |
Master key and wallet method is the preferred method on platforms that support it. Not valid for NonStop platforms. |
|
Securing data in transit |
FIPS-140. |
CryptoEngine |
Valid for Oracle GoldenGate Classic and Microservices architectures and databases supported by Oracle GoldenGate. Valid for all Oracle GoldenGate-supported databases on Linux-x64 and Windows-x64. |
Parent topic: Securing Oracle GoldenGate