For replication to be robust, well tuned and secure, some
of the out-of-the box settings need to modified. Here is a list of these items,
focusing on the Goldengate Best Practices and Security, in areas such as the
Database, Parameters, processes, etc.
Oracle GoldenGate: Best Practices and Security
Oracle Database
• Ensure that all the tables have Primary keys.
• Do not grant the DBA privilege to the GG user, give only the required privileges.
• Supplemental logging should be enabled using TRANDATA
• Use USECHECKPOINTS with the PURGEOLDEXTRACTS clause in
the mgr.prm file.
• If HANDLECOLLISIONS is being used it should only be set for specific tables ONLY and the remainder tables set to NOHANDLECOLLISIONS.
• Increase read buffer size of dblogreader to 4M
Oracle Golden Gate High Availability
• Add autostart for mgr process
• Add auto restart specifying at least 3 minimum restart attempts
• In PCI environments personal sensitive data should be
excluded by the extract process, to avoid any of this data in the trail files.
• Used password encryption
• Use datapump encryption
• Use trail file encryption
• Write lag messages and warnings to the ggserror.log file
for all the Oracle Goldengate processes.
• Use WARNLONGTRANS 2h, CHECKINTERVAL 10m (example) on extract side to write warnings to the alert log for long running transactions
• Write record count of transactions every 1 hour or so to report log.
Oracle GoldenGate: Best Practices and Security
Oracle Database
• Ensure that all the tables have Primary keys.• Do not grant the DBA privilege to the GG user, give only the required privileges.
• Supplemental logging should be enabled using TRANDATA
• Use USECHECKPOINTS with the PURGEOLDEXTRACTS clause in
the mgr.prm file.PURGEOLDEXTRACTS , USECHECKPOINTS, MINKEEPHOURS 24 MINKEEPFILES
30 • Do not use HANDLECOLLISIONS
unless it is absolutely required and temporary. Read more on effects of using handle collisions• If HANDLECOLLISIONS is being used it should only be set for specific tables ONLY and the remainder tables set to NOHANDLECOLLISIONS.
• Increase read buffer size of dblogreader to 4MTRANLOGOPTIONS DBLOGREADERTRANLOGOPTIONS BUFSIZE
4096000TRANLOGOPTIONS
DBLOGREADERBUFSIZE 4096000 •
Use datapump compression
Oracle Golden Gate High Availability
• Add autostart for mgr process• Add auto restart specifying at least 3 minimum restart attempts
AUTORESTART EXTRACT *, RETRIES , WAITMINUTES , RESETMINUTES • Use checkpoint table not checkpoint file for
checkpoint recovery.
• In PCI environments personal sensitive data should be
excluded by the extract process, to avoid any of this data in the trail files.• Used password encryption
• Use datapump encryption
• Use trail file encryption
• Write lag messages and warnings to the ggserror.log file
for all the Oracle Goldengate processes.LAGREPORTMINUTESLAGCRITICALMINUTES• Use WARNLONGTRANS 2h, CHECKINTERVAL 10m (example) on extract side to write warnings to the alert log for long running transactions
• Write record count of transactions every 1 hour or so to report log.
REPORTCOUNT EVERY HOURS, RATE • Rollover the report for the individual processes
daily.
No comments:
Post a Comment