PostgreSQL initial setup

The following applies to both initial load and any approach to continuous replication.

You need to establish proper network connectivity between your Striim environment and the PostgreSQL database. This involves configuring network access, firewall rules, and connection parameters to ensure reliable communication.

Ensure that the Striim server can connect to your PostgreSQL database on the correct port (typically 3306). If your PostgreSQL database is behind a firewall, you need to configure the necessary firewall rules to allow inbound connections from the Striim server. For cloud deployments, such as Amazon RDS for PostgreSQL, you need to configure security groups to allow access from your Striim instance.

Also consider network latency and bandwidth requirements, especially for high-volume CDC scenarios. For optimal performance, minimize the network latency between Striim and PostgreSQL.

For secure connections, you can configure SSL/TLS encryption between Striim and PostgreSQL. This requires setting up SSL certificates and configuring both PostgreSQL and Striim to use encrypted connections.

Security configuration for PostgreSQL integration involves multiple layers, including authentication, authorization, network security, and data protection measures.

You must implement proper authentication mechanisms between Striim and PostgreSQL. This includes creating dedicated database users with minimal required privileges following the principle of least privilege. You should avoid using administrative accounts and instead create specific users for Striim operations with only the necessary permissions for the tables and operations required.

For enhanced security, you can implement SSL/TLS encryption for all communication between Striim and PostgreSQL. This protects data in transit, ensuring that credentials and sensitive data are not transmitted in clear text.

You should implement access control at multiple levels, including database-level permissions, schema-level access controls, and table-level privileges. You should regularly review and audit the permissions granted to Striim users and implement proper password policies and rotation procedures for service accounts.

You can read from PostgreSQL directly from the Striim server. Alternatively, you can install a Forwarding Agent on the PostgreSQL server or, to reduce the load on the PostgreSQL server, on another server in the PostgreSQL environment. This is particularly useful when your PostgreSQL database is in a different network segment or when you need to process data closer to the source. Depending on your deployment architecture, you will need to configure the Forwarding Agent to optimize data flow and meet security requirements. In any case, the Forwarding Agent must be able to make network connections with both the PostgreSQL host and the main Striim cluster.

You can deploy a Forwarding Agent in scenarios where direct connectivity between the main Striim cluster and PostgreSQL is not possible or optimal. This can include situations where PostgreSQL is behind strict firewalls, in air-gapped networks, or when you want to reduce network traffic by processing data locally before sending it to the main Striim cluster.

You can use the same Forwarding Agent for both initial load and continuous replication. When setting up the Forwarding Agent, you must install the PostgreSQL JDBC driver (see Install the PostgreSQL JDBC driver in a Forwarding Agent).