A DMZ (demilitarized zone) server is a public-facing computer host placed on a separate or isolated network segment. The intention of this DMZ server is to provide an additional layer of network security between servers in the trusted network and servers in the public network.
In this article we shall discuss how to configure Oracle GoldenGate (OGG) replication between On-Premises and GoldenGate Cloud Service (GGCS) via DMZ Server. This discussion will include a sample configuration setup.
The GoldenGate Cloud Service (GGCS), is a cloud based real-time data integration and replication service, which provides seamless and easy data movement from various on-premises relational databases to databases in the cloud with sub-second latency while maintaining data consistency and offering fault tolerance and resiliency.
Here's an architecture diagram of Oracle GoldenGate Cloud Services (GGCS):
In a typical simple implementation of on-premises on-premises to GGCS, there’s a direct secure connection between the on-premises to the GGCS server. The on-premises server communicates directly to the GGCS server through the use of SOCKS proxy.
Here’s a diagram of a typical on-premises to GGCS replication:
However, in case the security policy dictates that a direct secure connection is not allowed between on-premises and the GoldenGate Cloud Service (GGCS) server, or the on-premises server needs to stay in the trusted network and can't be located or accessible from the public network, then the use of a DMZ server in between could be an alternative.
Here's a diagram of On-Prem to GGCS via a mid-tier public facing server or DMZ server:
In this scenario, you will be running the SOCKS proxy server on the DMZ server and there's no need to install OGG software on the DMZ server since the only thing needed on the DMZ server is the SSH proxy.
Here are the four high level steps for configuring OGG Replication from On-Premises to GGCS via DMZ server:
On the source/on-premises server, create the online change capture (extract) process using the following GGCS commands:
GGCSI> add extract etpcadb, tranlog, begin now
GGSCI> add exttrail ./dirdat/ea, extract etpcadb, megabytes 100
GGSCI> start extract etpcadb
GGSCI> info extract etpcadb detail
Sample Change Capture (Extract) Parameter File (etpcadb.prm):
userid TPCADB, password TPCADB
DISCARDFILE ./dirrpt/etpcadb.dsc, purge
On the source/on-premises server, create the datapump (extract) process using the following GGCS commands:
GGCSI> add extract ptpcadb, exttrailsource ./dirdat/ea
GGSCI> add rmttrail ./dirdat/pa, extract ptpcadb, megabytes 100
GGSCI> start extract ptpcadb
GGSCI> info extract ptpcadb detail
Sample DataPump Extract Parameter File (ptpcadb.prm):
RMTHOST opc-ggcs-server, COMPRESS, MGRPORT 7744, SOCKSPROXY dmz-server:1080
DISCARDFILE ./dirrpt/ptpcadb.dsc, purge
On the GoldenGate Cloud Service (GGCS) server, create the Change Delivery process (Replicat) using the following GGCS commands:
GGCSI> dblogin useridaalias ggcsuser_alias
GGSCI> add replicat rtpcadb integrated, exttrail ./dirdat/pa
GGSCI> start replicat rtpcadb
GGSCI> info replicat rtpcadb detail
Sample Change Delivery (Replicat) parameter file (rtpcadb.prm):
SETENV (ORACLE_HOME = '/u02/data/oci')
SETENV (LD_LIBRARY_PATH = '/u02/data/oci')
DBOPTIONS INTEGRATEDPARAMS (parallelism 3)
DISCARDFILE ./dirrpt/rtpcadb.dsc, APPEND Megabytes 50
REPORTCOUNT EVERY 1 MINUTES, RATE
MAP TPCADB.ACCTN, TARGET MPTPCADB.ACCTN;
MAP TPCADB.ACCTS, TARGET MPTPCADB.ACCTS;
MAP TPCADB.BRANCH, TARGET MPTPCADB.BRANCH;
MAP TPCADB.HISTORY, TARGET MPTPCADB.HISTORY;
MAP TPCADB.TELLER, TARGET MPTPCADB.TELLER;
MAP TPCADB.SUSPECT, TARGET MPTPCADB.SUSPECT;
In this article, we showed an alternative way of configuring OGG replication between the on-premises server and GoldenGate Cloud Service (GGCS) server with the use of a DMZ server as an additional layer of network security. Additionally, we have illustrated the steps necessary for its configuration.
Oracle GoldenGate Cloud Service (GGCS) : https://cloud.oracle.com/goldengate
GGCS User Guide Documentation Link: http://docs.oracle.com/cloud/latest/goldengate-cloud/index.html