In this article we shall discuss how to configure Oracle GoldenGate (OGG) replication between On-Premises and GoldenGate Cloud Service (GGCS) via HTTP Proxy Server. This discussion will include a sample configuration setup.
This approach is very similar to configuring OGG Replication between On-Premises and GGCS via DMZ server, the only main difference is how the GoldenGate uses the mid-tier server. For details on configuring OGG Replication via DMZ server between On-Premises and GGCS, check the following link on this topic:
The concepts, scripts and information presented in this article are for educational purposes only. They are not supported by Oracle Development or Support, and come with no guarantee or warrant for functionality in any environment other than the test system used to prepare this article. Before applying any changes presented in this article to your environment, you should thoroughly test to assess functionality and performance implications.
In this article, the following assumptions were made:
The GoldenGate Cloud Service (GGCS), is a cloud based real-time data integration and replication service, which provides seamless and easy data movement from various On-Premises relational databases to databases in the cloud with sub-second latency while maintaining data consistency and offering fault tolerance and resiliency.
Here's an architecture diagram of Oracle GoldenGate Cloud Services (GGCS):
In a typical simple implementation of On-Premises On-Premises to GGCS, there’s a direct secure connection between the On-Premises to the GGCS server. The On-Premises server communicates directly to the GGCS server through the use of SOCKS proxy.
Here’s a diagram of a typical On-Premises to GGCS replication:
However, in case the security policy dictates that a direct secure connection is not allowed between On-Premises and the GoldenGate Cloud Service (GGCS) server, and the only allowed outgoing connection must go through an HTTP proxy port running on a mid-tier server, then OGG connection must be configured to use HTTP proxy server.
Here's a diagram of On-Prem to GGCS via a mid-tier HTTP Proxy Server :
In this scenario, you will be running the OGG SOCKS proxy server connecting first or tunneling through the HTTP proxy server port.
To accomplish connection to the HTTP proxy port from OGG SOCKS proxy server, the HTTP proxy server must support the HTTP "CONNECT" method. This is required since the OGG SSH SOCKSPROXY will need to use this method to tunnel through the HTTP server via netcat "nc" utiilty.
Here are the four high level steps for configuring OGG Replication from On-Premises to GGCS via HTTP Proxy server:
$ ssh -i ./auth_keys/mp_opc_ssh_key -o ServerAliveInterval=120 -v -N -f -D 9999 opc@east-ggcs-vm-mp -o "ProxyCommand=nc -X connect -x enterprise:8888 %h %p" > ./logs/http_socksproxy.log 2>&1
On the source/On-Premises server, create the online change capture (extract) process using the following GGCS commands:
GGCSI> add extract etpcadb, tranlog, begin now
GGSCI> add exttrail ./dirdat/ea, extract etpcadb, megabytes 50
GGSCI> start extract etpcadb
GGSCI> info extract etpcadb detail
Sample Change Capture (Extract) Parameter File (etpcadb.prm):
userid TPCADB, password TPCADB
DISCARDFILE ./dirrpt/etpcadb.dsc, purge
On the source/On-Premises server, create the datapump (extract) process using the following GGCS commands:
GGCSI> add extract ptpcadb, exttrailsource ./dirdat/ea
GGSCI> add rmttrail ./dirdat/pa, extract ptpcadb, megabytes 50
GGSCI> start extract ptpcadb
GGSCI> info extract ptpcadb detail
You can also check the the socksproxy log and make sure that a connection from the SOCKSPROXY port has been successfully forwarded to the GGCS instance MGR Port:
Sample DataPump Extract Parameter File (ptpcadb.prm):
RMTHOST east-ggcs-vm-mp-ggcs-1, MGRPORT 7744, SOCKSPROXY 127.0.0.1:9999
DISCARDFILE ./dirrpt/ptpcadb.dsc, purge
On the GoldenGate Cloud Service (GGCS) server, create the Change Delivery process (Replicat) using the following GGCS commands:
GGCSI> dblogin useridaalias ggcsuser_alias
GGSCI> add replicat rtpcadb integrated, exttrail ./dirdat/pa
GGSCI> start replicat rtpcadb
GGSCI> info replicat rtpcadb detail
Sample Change Delivery (Replicat) parameter file (rtpcadb.prm):
DBOPTIONS INTEGRATEDPARAMS (parallelism 3)
DISCARDFILE ./dirrpt/rtpcadb.dsc, APPEND Megabytes 50
REPORTCOUNT EVERY 1 MINUTES, RATE
MAP TPCADB.ACCTN, TARGET TPCADB.ACCTN;
MAP TPCADB.ACCTS, TARGET TPCADB.ACCTS;
MAP TPCADB.BRANCH, TARGET TPCADB.BRANCH;
MAP TPCADB.HISTORY, TARGET TPCADB.HISTORY;
MAP TPCADB.TELLER, TARGET TPCADB.TELLER;
In this article, we showed an alternative way of configuring OGG replication between the On-Premises server and GoldenGate Cloud Service (GGCS) server via tunneling the connection through an HTTP Proxy server as an additional layer of network security. Additionally, we have illustrated the steps necessary for its configuration.
Oracle GoldenGate Cloud Service (GGCS) : https://cloud.oracle.com/goldengate
GGCS User Guide Documentation Link: http://docs.oracle.com/cloud/latest/goldengate-cloud/index.html