OCI GoldenGate connectivity

Discover how OCI GoldenGate connects with other services and technologies.

By default, all network connectivity to OCI GoldenGate is encrypted over SSL. The following network diagrams illustrate how traffic is routed through specific ports, depending on the service or technology OCI GoldenGate is connecting to.

Oracle Cloud Infrastructure (OCI) GoldenGate deployments are located in a secure area in OCI outside of your tenancy. Its network isn't connected to any customers’ networks and can only access resources available over the public internet by default.

OCI GoldenGate deployments are accessible using a private endpoint and port 443 from a machine using the same subnet. This private endpoint is only used to access the GoldenGate console and doesn't provide access to other resources in that subnet. OCI GoldenGate deployments require a VCN with at least a private subnet with a NAT Gateway. A route table with a route rule redirecting traffic to the NAT Gateway for the private subnet must be available.

Optionally, you can ‘Enable GoldenGate console public access’ and OCI GoldenGate creates a Flexible Load Balancer in the subnet of your choosing, in your tenancy, that connects to the OCI GoldenGate deployment, and creates a public IP. If so, network traffic uses port 443 and you must create a route table with a route rule that redirects traffic to the Internet Gateway. You can also add Network Security Groups (NSGs) to the subnet to control traffic.

For example, you can access an OCI GoldenGate deployment through its deployment console. Connectivity to the deployment console is done over HTTPS through port 443. OCI GoldenGate connects to Oracle Databases using the default ports 1521 or 1522, and MySQL databases using default port 3306. For Big Data targets, OCI GoldenGate connects using port 443.

Description of ggs-network-diagram.png follows

Description of the illustration ggs-network-diagram.png

When you create connections, you must specify a Traffic Routing Method. Your choices are:

Shared endpoint, which routes traffic through an endpoint shared with the assigned deployment, and the connection uses the assigned deployment's Ingress IPs and Network Security Group (NSG) settings.

Note:
Shared endpoints may impact performance as connections share bandwidth with the assigned deployment (and potentially other connections assigned to the deployment, if configured to do so).
Dedicated endpoint, which routes traffic through a single dedicated endpoint created in the assigned subnet of your VCN. You must allow connectivity from this connection's Ingress IPs. Select this option to connect to private resources.

Note:
Up to 3 Ingress IPs may be assigned to a connection with a dedicated endpoint. While dedicated endpoint connections don't share bandwidth, they use more IP resources from your resource pool.

You can connect to publicly available databases with dedicated or shared endpoints, however you must create and configure a Network Access Translation (NAT) Gateway in your VCN. Learn more about NAT Gateway.

When using shared private endpoints, the communication from OCI GoldenGate originates from the Ingress IPs listed on the Connection Details page, after a connection is assigned to a deployment. Ensure that you add the appropriate subnet security rules to allow connectivity from these IP addresses into the data source or target node's private IP.

Any Fully Qualified Domain Name (FQDN) provided must be resolvable within the selected subnet.

Let's look at the following examples.

Example: Replication from Oracle on-premise into Autonomous Data Warehouse

Description of network-onprem-adw.png follows

Description of the illustration network-onprem-adw.png

In this example, the OCI GoldenGate deployment is accessible over the public internet using port 443.

To connect to an on-premise Oracle database not available over the public internet, you must create an Oracle connection and select ‘Dedicated endpoint' for Traffic routing method. This ensures that OCI GoldenGate creates a private endpoint in one of your subnets and connects over port 1521. As mentioned above, you must add the appropriate subnet security rules to allow connectivity from the Ingress IPs addresses listed in the Connection Details page into the database node's private IP. Any FQDN provided must be resolvable within the selected subnet.

To connect to Autonomous Data Warehouse (ADW), OCI GoldenGate also creates a private endpoint over port 1522, unless you selected ‘Secure access from everywhere.’

Example: Replication from Autonomous Transaction Processing into Autonomous Data Warehouse

Description of network-atp-adw.png follows

Description of the illustration network-atp-adw.png

In this example, the OCI GoldenGate deployment is only accessible using a private endpoint from within the OCI network, or through a bastion host that secures access to OCI resources. See Connect to Oracle Cloud Infrastructure GoldenGate using a private IP for more details.

To connect to Autonomous Transaction Processing (ATP) and Autonomous Data Warehouse (ADW), OCI GoldenGate creates private endpoints over port 1522, unless you selected ‘Secure access from everywhere.’

If you select the Autonomous Database when creating the connection, then the private endpoint gets created automatically. Otherwise, you can enter your Autonomous Database configuration manually, and select 'Shared endpoint' to reuse the deployment's private endpoint created in the subnet selected during the deployment creation. Appropriate subnet security rules and DNS resolution configuration is your responsibility within this subnet.

Example: Replication from Azure SQL Managed Instance into Autonomous Transaction Processing

Description of network-azuresql-atp.png follows

Description of the illustration network-azuresql-atp.png

In this example, the OCI GoldenGate deployment is accessible over the public internet using port 443.

To connect to Azure SQL Managed Instance without a public endpoint, a private endpoint must be created. To do so, you must select ‘Dedicated endpoint’ for Traffic routing method when you create the connection. This ensures that OCI GoldenGate creates a private endpoint in one of your subnets. As mentioned above, you must add the add the appropriate subnet security rules to allow connectivity from the Ingress IPs addresses listed on the Connection details page into the database node's private IP. Any FQDN provided must be resolvable within the selected subnet.

In this example, network traffic goes through a private interconnection between OCI and Azure with FastConnect and ExpressRoute. Port 1433 is used for private connections. Connections to Azure SQL Managed Instance over the public internet typically uses port 3342.

To connect to Autonomous Transaction Processing (ATP), OCI GoldenGate creates a private endpoint over port 1522, unless you selected ‘Secure access from everywhere.’

Title and Copyright Information

OCI GoldenGate connectivity

Documentation Accessibility

For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.

Access to Oracle Support

Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.