Oracle Database initial setup

The following applies to both initial load and any approach to continuous replication.

You need to establish proper network connectivity between your Striim environment and the Oracle database. This involves configuring network access, firewall rules, and connection parameters to ensure reliable communication.

Ensure that the Striim server can connect to your Oracle database on the correct port (typically 1521). If your Oracle database is behind a firewall, you need to configure the necessary firewall rules to allow inbound connections from the Striim server. For cloud deployments, such as Amazon RDS for Oracle, you need to configure security groups to allow access from your Striim instance.

Also consider network latency and bandwidth requirements, especially for high-volume CDC scenarios. For optimal performance, minimize the network latency between Striim and Oracle. If you're using Oracle RAC, you need to configure proper load balancing and failover settings in your connection strings.

For secure connections, you can configure SSL/TLS encryption between Striim and Oracle. This requires setting up SSL certificates and configuring both Oracle and Striim to use encrypted connections. You should also consider using Oracle Native Network Encryption for an additional layer of security.

Security configuration for Oracle integration involves multiple layers, including authentication, authorization, network security, and data protection measures.

You must implement proper authentication mechanisms between Striim and Oracle. This includes creating dedicated database users with minimal required privileges following the principle of least privilege. You should avoid using administrative accounts and instead create specific users for Striim operations with only the necessary permissions for the tables and operations required.

For enhanced security, you can implement SSL/TLS encryption for all communication between Striim and Oracle. This protects data in transit, ensuring that credentials and sensitive data are not transmitted in clear text. You should also consider implementing Oracle Advanced Security features, such as Transparent Data Encryption (TDE), for data-at-rest protection.

Network security considerations include configuring Oracle Net Services with appropriate security settings, implementing proper firewall rules, and using Oracle Connection Manager for additional connection security and monitoring. You should also consider implementing Oracle Database Vault for additional access controls and Oracle Audit Vault for comprehensive auditing of database access.

You should implement access control at multiple levels, including database-level permissions, schema-level access controls, and table-level privileges. You should regularly review and audit the permissions granted to Striim users and implement proper password policies and rotation procedures for service accounts.

You can read from Oracle directly from the Striim server. Alternatively, you can install a Forwarding Agent on the source Oracle server or, to reduce the load on the Oracle server, on another server in the Oracle environment. This is particularly useful when your Oracle database is in a different network segment or when you need to process data closer to the source. Depending on your deployment architecture, you will need to configure the Forwarding Agent to optimize data flow and meet security requirements. In any case, the Forwarding Agent must be able to make network connections with both the Oracle host and the main Striim cluster.

You can deploy a Forwarding Agent in scenarios where direct connectivity between the main Striim cluster and Oracle is not possible or optimal. This can include situations where Oracle is behind strict firewalls, in air-gapped networks, or when you want to reduce network traffic by processing data locally before sending it to the main Striim cluster.

You can use the same Forwarding Agent for both initial load and continuous replication. When setting up the Forwarding Agent, you must install the appropriate drivers on the Forwarding Agent server. For Oracle connectivity, this includes installing the Oracle JDBC driver and, for OJet, the Oracle Instant Client (see Installing third-party drivers in the Forwarding Agent).