MariaDB initial setup

The following applies to both initial load and any approach to continuous replication.

You need to establish proper network connectivity between your Striim environment and the MariaDB database. This involves configuring network access, firewall rules, and connection parameters to ensure reliable communication.

Ensure that the Striim server can connect to your MariaDB database on the correct port (typically 3306). If your MariaDB database is behind a firewall, you need to configure the necessary firewall rules to allow inbound connections from the Striim server. For cloud deployments, such as Amazon RDS for MariaDB, you need to configure security groups to allow access from your Striim instance.

Also consider network latency and bandwidth requirements, especially for high-volume CDC scenarios. For optimal performance, minimize the network latency between Striim and MariaDB. If you're using MariaDB Galera Cluster, you need to configure proper load balancing and failover settings in your connection strings.

For secure connections, you can configure SSL/TLS encryption between Striim and SkySQL. This requires setting up SSL certificates and configuring both MariaDB and Striim to use encrypted connections.

Security configuration for MariaDB integration involves multiple layers, including authentication, authorization, network security, and data protection measures.

You must implement proper authentication mechanisms between Striim and MariaDB. This includes creating dedicated database users with minimal required privileges following the principle of least privilege. You should avoid using administrative accounts and instead create specific users for Striim operations with only the necessary permissions for the tables and operations required.

You should implement access control at multiple levels, including database-level permissions, schema-level access controls, and table-level privileges. You should regularly review and audit the permissions granted to Striim users and implement proper password policies and rotation procedures for service accounts.

You can read from MariaDB directly from the Striim server. Alternatively, you can install a Forwarding Agent on the sourceMariaDB server or, to reduce the load on the MariaDB server, on another server in the MariaDB environment. This is particularly useful when your MariaDB database is in a different network segment or when you need to process data closer to the source. Depending on your deployment architecture, you will need to configure the Forwarding Agent to optimize data flow and meet security requirements. In any case, the Forwarding Agent must be able to make network connections with both the MariaDB host and the main Striim cluster.

You can deploy a Forwarding Agent in scenarios where direct connectivity between the main Striim cluster and MariaDB is not possible or optimal. This can include situations where MariaDB is behind strict firewalls, in air-gapped networks, or when you want to reduce network traffic by processing data locally before sending it to the main Striim cluster.

You can use the same Forwarding Agent for both initial load and continuous replication. When setting up the Forwarding Agent, you must install the MariaDB JDBC driver (see Install the MariaDB JDBC driver in a Forwarding Agent).