GoldenGate Deployment for Oracle Transportation and Global Trade Management Cloud (OTM) (Doc ID 2497511.1)

Last updated on NOVEMBER 14, 2022

Applies to:

Purpose

OTM SaaS Cloud provides various methods to extract data from external sources: XML, CSV, REST and DB.XML. If you are performing external reporting or business intelligence and need to populate an external database for SQL access, you can purchase the Oracle OCI GoldenGate Marketplace license and request via  SR to have that connected to the Transportation and Global Trade Management Cloud. This solution replicates the key data from the Transportation and Global Trade Management Cloud database to an external database, either in the Oracle Cloud or on premise. This replication is for reporting purposes only and should not be used for integration or custom applications.

Use this document to prepare your environment to receive data from a Transportation and Global Trade Management Cloud database through a GoldenGate interface after you log an SR.

Overview

OTM/OGG on OCI Marketplace - High Level Architectural Diagram

Requirements for Target

Below softwares, features, and environment are required for customers' target servers. Please reference the architectural diagram in this document.

1. Target database requirements:
    a) must be running on Oracle database Enterprise Edition 19c or above
    b) must be new and dedicated to Goldengate replication and no other functionality can be hosted
    c) can be either standalone or plugable database
    d) must have the license for the Oracle Partitioning
    e) must have the license for the Oracle Edition

    f) database must be in ASM. Otherwise, the client must plan to manage tablespace level DDLs such as CREATE/ALTER tablespace ...
2. Target should be OCI Oracle Goldengate Marketplace Microservices instance or Oracle Golden Gate Service
3. Target NGINX Reverse Proxy Server should be receiving traffic on port 443
4. No custom certificates are allowed on target
5. Certificates must exist on target NGINX default directory
6. The customer must use the target replication parameters, and not change the configuration and parameters without OTM approval
7. Target Receiver Server authentication should be validated by customer before submitting OTM Goldengate service request
8. No change is allowed in target Goldengate after deployment without OTM support approval
9. OTM needs mininum 500GB of disk space for trail file location in target Goldengate server to prevent outages.
10. Reserved and permanent public IP address is required for the target Goldengate server
11. Network requirements:
    a) The Receiving server should be able to directly receive the communication from Oracle Gateway server
    b) OTM Golden Gate Software should be able to directly reach the NGINX server, no middle layers are allowed (Web Application Firewall, Web Gateways, Cloud Load Balancers, etc.)

12. OTM does support Oracle GoldenGate Cloud Service (GGS) for the target servers.
13. OTM does not support on-premise GoldenGate and database target servers.

14. NGINX server and GoldenGate server need to be on the same VM, same as in OCI GoldenGate Markeplace VM.

15. NGINX server and GoldenGate server should be installed on Linux.

Prepare Target Environment

1. Make sure you have obtained OCI GoldenGate Marketplace license
2. Create an OCI Goldengate Marketplace VM instance

   Please make sure you reserve the Public IP address of the OCI Goldengate Marketplace VM instance and that it won't change in the future. Any change in this public IP will cause the source and target Goldengate to fail and everything must be recreated/re-provisioned from scratch.

3. Create an Empty Shell Database
4. Prepare a Target Database.
5. Configure the Target Database within GoldenGate.
6. Configure the OCI Goldengate Marketplace VM instance

   By default, Oracle GoldenGate Microservices on OCI Marketplace is configured behind a Nginx Reverse Proxy. This simplifies the architecture with OCI. Also, the Nginx Reverse Proxy makes the deployment secure. This means that when you connect over a public IP address, the on-premises Oracle GoldenGate Microservices Architecture has to be secure.

   In order to securely connect, perform the following steps on the target OCI compute node:

   On the target OCI Goldengate VM instance:

   In the Administration Service on the Oracle GoldenGate Microservices configuration GUI in OCI, create a network user for the Receiver Server on target:

   a. Create a user that will be allowed to login to the environment and connect to the Receiver Service.

   b. Login to the Administration Service. For this step you will need the ggadmin password out of ogg-credentials.json file , unless password was changed after initial setup.

   https://<public id address>/<deployment name>/adminsrvr

   Example: https://<public ip address>/OCI-BASE/adminsrvr

   c. Open the context menu and select the Administrator option (not Configuration option)

   d. Click the plus ( + ) sign to add a new User

   e. Add a new user as Operator role. This account will be used by the on-premise Distribution Service to login to through the Reverse Proxy

       Provide the following information:

       Username: ggrsuser

       Role: Operator

       Type: Basic

       Info: Network User

       Password: <provide password>

   Important: Above steps are to create new user in the administrator page of Goldengate Administration Server of the Service Manager GUI, it will not create a new Credential under the Configuration page.

   f. To verify the new user, you need to log out of Service Manager GUI and log on to the Receiver Server using the above new user. You should be able to log on to the target Receiver Server using the Service Manager GUI as ggrsuser/<password>

   g. Provide above user details to the Oracle OTM team to configure the Goldengate source.

7. Submit a SR with Oracle OTM team to request Goldengate provisioning. GoldenGate instance on target must be up and running and below needed information shared with Oracle before OTM team can start provisioning the GoldenGate source instance . Creating source GoldenGate instance depends on information provided on this step.
   

   1) Public IP Address and port number of the target receiver server (normally the port number is 443 for GG Marketplace).

   This IP and port should be reachable by the command below:

   openssl s_client -connect xxx.xx.xxx.xxx:443

   Please provide a complete output in a text file for the command below:
   openssl s_client -connect xxx.xx.xxx.xxx:443

   
   
   Note: It will take approximately one week for the network team to open port in firewall for the public IP you provided. As mentioned above, please reserve the Public IP address and make sure it won't change in the future. Any change in this public IP address will cause the source and target Goldengate to fail and everything must be recreated/re-provisioned from scratch.

   2) Target FQDN (Fully Qualified Domain name)

   3) Target Goldengate Deployment name and target GoldenGate Deployment version

   4) Target Server Certificate Common Name

   5) Target Object storage URL, Object storage IP address and port number, Object Storage container name, and logon credentials (username and password) for the Oracle OTM team to upload export and other config files

       Please provide info for either A or B below:

       A. You can provide a Pre-Authenticate Request (PAR) URL (no need for separate login credentials)

       For example,
           OCI Tenancy: testTenancy
           Object Storage Namespace: testOSS
           Bucket Name: OACMigrationStorageBucket
          PAR URL: https://objectstorage.us-phoenix-1.oraclecloud.com/p/EaDR3cZhbWzD05........HWA/n/testOSS/b/OACMigrationStorageBucket/o/

       To put objects in that respective bucket one can use curl / Postman etc., basically any REST client making PUT type requests.
       Example:
       $ curl -X PUT --data-binary '@tablespace.lst'
       https://objectstorage.us-phoenix-1.oraclecloud.com/p/EaDR3cZhbWzD05.........HWA/n/testOSS/b/OACMigrationStorageBucket/o/tablespace.lst

       B. Alternatively, please provide the info below.

           Bucket name for the object storage
           OCI tenancy
           User
           Fingerprint
           Key_file

           For example,

             tenancy=ocid1.tenancy.oc1..aaaaaaaaa7hb424ill..........7gqwfabjck3ijba
             region=us-phoenix-1
             user=ocid1.user.oc1..aaaaaaaaacjv7tpfhov.........rvspjqgyac5cja
             fingerprint=5d:a7:dd:7c:19:59:ba:02:33:................:93
             key_file=/home/ociobj/.oci/oci_api_key.pem

             cat /home/ociobj/.oci/oci_api_key.pem
             -----BEGIN RSA PRIVATE KEY-----
             EDREpAIBAAKCAQEAoSY2fMURP5Ntmgw7rtewah943EXC09QDKLhp7BYCn8RDTAYh
             ...
             ...
             l3yMb3txwssnxRWY3CV2cGJdyzwq3MaGYEGKOtlSmVSOcazgKAx4FT==
              -----END RSA PRIVATE KEY-----

   6) Target Post Implementation Support Contact details (First and Lastname)

   7) OTM Pod name or URL

   8) ggrsuser/<password> from Step 6.e listed above.

          9) Target database version

         10) The Location of target, acceptable values should be one of: OCI GoldenGate Marketplace, OCI GoldenGate Service

Whitelisting

On OCI side please whitelist the OTM egress Public IP address of the source server (to be provided by the Oracle OTM team after firewall port opened). Whitelisting will allow GoldenGate source to connect to the target on port 443

Replication Environment

Goldengate process is designed to handle production replication only. If you want to do stage deployment, you can use the production trail files and copy them to your stage environments in target.

Instantiation

1. Execute Datapump Import.
2. Create a Primary Replicat.

Scope

Your Data Integrator should work with your DBA and Network Managers.

Details

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.