MySQL initial setup

The following applies to both initial load and any approach to continuous replication.

You need to establish proper network connectivity between your Striim environment and the MySQL database. This involves configuring network access, firewall rules, and connection parameters to ensure reliable communication.

Ensure that the Striim server can connect to your MySQL database on the correct port (typically 3306). If your MySQL database is behind a firewall, you need to configure the necessary firewall rules to allow inbound connections from the Striim server. For cloud deployments, such as Amazon RDS for MySQL, you need to configure security groups to allow access from your Striim instance.

Also consider network latency and bandwidth requirements, especially for high-volume CDC scenarios. For optimal performance, minimize the network latency between Striim and MySQL.

For secure connections, you can configure SSL/TLS encryption between Striim and MySQL. This requires setting up SSL certificates and configuring both MySQL and Striim to use encrypted connections.

Security configuration for MySQL integration involves multiple layers, including authentication, authorization, network security, and data protection measures.

You must implement proper authentication mechanisms between Striim and MySQL. This includes creating dedicated database users with minimal required privileges following the principle of least privilege. You should avoid using administrative accounts and instead create specific users for Striim operations with only the necessary permissions for the tables and operations required.

For enhanced security, you can implement SSL/TLS encryption for all communication between Striim and MySQL. This protects data in transit, ensuring that credentials and sensitive data are not transmitted in clear text.

Network security considerations include implementing proper firewall rules.

You should implement access control at multiple levels, including database-level permissions, schema-level access controls, and table-level privileges. You should regularly review and audit the permissions granted to Striim users and implement proper password policies and rotation procedures for service accounts.

You can read from MySQL directly from the Striim server. Alternatively, you can install a Forwarding Agent on the source MySQL server or, to reduce the load on the MySQL server, on another server in the MySQL environment. This is particularly useful when your MySQL database is in a different network segment or when you need to process data closer to the source. Depending on your deployment architecture, you will need to configure the Forwarding Agent to optimize data flow and meet security requirements. In any case, the Forwarding Agent must be able to make network connections with both the MySQL host and the main Striim cluster.

You can deploy a Forwarding Agent in scenarios where direct connectivity between the main Striim cluster and MySQL is not possible or optimal. This can include situations where MySQL is behind strict firewalls, in air-gapped networks, or when you want to reduce network traffic by processing data locally before sending it to the main Striim cluster.

You can use the same Forwarding Agent for both initial load and continuous replication. When setting up the Forwarding Agent, you must install the MySQL JDBC driver (see Installing the JDBC driver for MySQL).