程序師世界是廣大編程愛好者互助、分享、學習的平台,程序師世界有你更精彩!
首頁
編程語言
C語言|JAVA編程
Python編程
網頁編程
ASP編程|PHP編程
JSP編程
數據庫知識
MYSQL數據庫|SqlServer數據庫
Oracle數據庫|DB2數據庫
 程式師世界 >> 數據庫知識 >> Oracle數據庫 >> Oracle教程 >> Oracle GoldenGate 三、加密,oraclegoldengate

Oracle GoldenGate 三、加密,oraclegoldengate

編輯:Oracle教程

Oracle GoldenGate 三、加密,oraclegoldengate


寫在開始前

  從上周開始,我花了大量的業余時間閱讀GoldenGate官方文檔,並根據文檔實踐和進一步學習了解GoldenGate,以下便是根據官方文檔理解總結的GoldenGate學習內容:
Oracle GoldenGate 一、介紹和安裝
Oracle GoldenGate 二、配置和使用
在[美] 莫提默·J.艾德勒,[美] 查爾斯·范多倫著的【How to Read a Book】一書中,作者強調如果你每天所學的知識你不能用你自己的語言去描述或記憶它,那說明你未真正學習和了解所學的知識,So 那以後我改變了我的學習方式,把生搬硬套的學習方式改變為用自己的語言用、自己的了解去描述和記憶知識,描述難免有錯,請諒解,也請指導,謝謝!

1 加密的使用場景

  • GoldenGate參數文件
      在每個Extract進程和Replicat進程的USERID、TRANLOGOPTIONS、DDLOPTIONS、DBOPTIONS參數中都要指定密碼,密碼是比較敏感又比較重要的信息,因為GoldenGate用戶具有比較多的數據庫權限,所以有效的保護密碼是GoldenGate關於安全的首要之一。
  • trail文件
      主抽取進程(Primary Extract)從數據庫中抽取變更信息並加密寫入到trail文件,然後再由Data Pump(Secondly Extract)進程解密實現復雜操作,加密成最終trail文件通過網絡發送到目標端,目標端GoldenGate後台collector進程將trail文件保存到目標端trail文件,replicat進程讀取文件內容並將其解密、重構、應用到目標庫。
  • GGSCI命令行
      使用DBLOGIN登錄數據庫時提供的密碼。

2 GoldenGate提供的加密算法

  • AES128
      使用AES 128加密,具有128位的密鑰大小
  • AES192
      使用AES 192加密,具有192位的密鑰大小
  • AES256
      使用AES 256加密,具有256位的密鑰大小
  • BLOWFISH
      使用64位塊大小和從32位到128位的可變長度密鑰的Blowfish加密,建議只在GoldenGate較早版本中使用,僅在ENCRYPTKEY為DEFAULT時可使用此種加密方式。

3 產生密鑰

必須先產生密鑰並且保存在ENCKEYS LookUp文件中然後才能使用以下功能

  • 使用ENCRYPT PASSWORD PWD ENCRYPTKEY 生成加密密碼
  • 在配置文件參數ENCRYPTTRAIL KEYNAME 中指定trail文件加密方式和密鑰名
  • 在配置文件參數RMHOST或RMTHOSTOPTIONS ENCRYPT 中指定加密方式和密鑰名

產生密鑰
切換到GoldenGate home 目錄,使用KEYGEN工具產生密鑰;語法:

./keygen <key length> <n>

key length 表示加密密鑰的長度;
n 表示產生多少個key;

[oracle@sywu ogg_src]$ ./keygen 128 2
0xDEE44B0133536B0DA1B858620E4A240D

0x71DF8D01C352097FC76BBA31232DA95A

每一次產生的key都是不一樣的,產生key後為每一個key定義一個名稱(keyName)復制保存到GoldenGate home根目錄的ENCKEYS文件內。ENCKEYS文件是一個lookup file。
保存key到ENCKEYS文件

[oracle@sywu ogg_src]$ vim ENCKEYS 
#GoldenGate encryption key
#keyName       key
securekey1 0xDEE44B0133536B0DA1B858620E4A240D
securekey2 0x71DF8D01C352097FC76BBA31232DA95A

在GGSCI命令行通過key對密碼加密

GGSCI (sywu) 8> encrypt password ogg_owner aes128 encryptkey securekey1
Encrypted password:  AADAAAAAAAAAAAJATJEEYELAGIQFZDWHQAMDMCCHGIVGFIPHOCABMAYCHGSCPHGILCPCLCXCCHUEFGOC
Algorithm used:  AES128

GGSCI (sywu) 9> encrypt password ogg_owner aes128 encryptkey securekey1
Encrypted password:  AADAAAAAAAAAAAJANJBHVDBAGCCBOIUCTJHJVIOCVGBFSGNJFFAAGIOHBJNBWAPANGWILCPFGIXBOIXB
Algorithm used:  AES128

密碼加密後可以嘗試使用dblogin登錄數據庫,驗證密碼

GGSCI (sywu as ogg_owner@sydb) 11> dblogin userid ogg_owner,password AADAAAAAAAAAAAJANJBHVDBAGCCBOIUCTJHJVIOCVGBFSGNJFFAAGIOHBJNBWAPANGWILCPFGIXBOIXB aes128 encryptkey securekey1
Successfully logged into database.

注意:因為在創建key時指定了key的長度,所以使用時指定的加密類型密鑰長度也必須一致。

4 源端加密配置

源端配置主抽取進程加密和Data Pump進程加密。

4.1 配置主抽取進程

GGSCI (sywu as ogg_owner@sydb) 31> EDIT PaRAM ESYDB001

extract ESYDB001
SETENV(ORACLE_SID="sydb")
SETENV(NLS_LANG=AMERICAN_AMERICA.AL32UTF8)
userid ogg_owner,password AADAAAAAAAAAAAJANJBHVDBAGCCBOIUCTJHJVIOCVGBFSGNJFFAAGIOHBJNBWAPANGWILCPFGIXBOIXB &
aes128,ENCRYPTKEY securekey1
ENCRYPTTRAIL aes128,KEYNAME securekey1
EXTTRAIL /u01/app/product/ogg_src/dirdat/es
table ogg_owner.togg;

userid 中將password由原來的明碼用加密後的密碼代替,後面指定加密類型和密鑰名稱(ENCRYPTKEY);
ENCRYPTTRAIL 指定trail文件的加密類型和密鑰名稱(KEYNAME);

4.2 配置Data Pump進程

GGSCI (sywu) 10> edit param PSYDB001

extract psydb001
SETENV(ORACLE_SID="sydb")
SETENV (NLS_LANG=AMERICAN_AMERICA.AL32UTF8)
userid ogg_owner,password AADAAAAAAAAAAAJANJBHVDBAGCCBOIUCTJHJVIOCVGBFSGNJFFAAGIOHBJNBWAPANGWILCPFGIXBOIXB aes128 encryptkey securekey1
DECRYPTTRAIL aes128 KEYNAME securekey1
RMTHOST sywu,mgrport 7909
ENCRYPTTRAIL aes128 KEYNAME securekey1
RMTTRAIL /u01/app/product/ogg_trg/dirdat/ps
TABLE ogg_owner.togg;

因為Data Pump要讀取主抽取進程保存的trail文件數據並且提供了對數據的操作功能如實現過濾、運算等復雜的工作,所以在讀取後必須先對原數據進行解密再處理,最後再次加密發送到目標端;
DECRYPTTRAIL 定義將要解密的文件的加密類型和加密key(KEYNAME);
ENCRYPTTRAIL 定義最終處理後的數據加密類型和加密key(KEYNAME);
注意:解密類型和keyname必須和主進程配置的相同。
啟動進程

GGSCI (sywu as ogg_owner@sydb) 42> start *

Sending START request to MANAGER ...
EXTRACT ESYDB001 starting
EXTRACT PSYDB001 is already running.

GGSCI (sywu as ogg_owner@sydb) 43> info all

Program     Status      Group       Lag at Chkpt  Time Since Chkpt

MANAGER     RUNNING                                           
EXTRACT     RUNNING     ESYDB001    00:01:31      00:00:08    
EXTRACT     RUNNING     PSYDB001    00:00:00      116:02:26  

5 目標端解密配置

目標端後台Collector進程在接受到源端的發送請求後將數據寫入到目標端trail文件中,再由replicat進程讀取、解密、重構dml或ddl語句應用到數據庫,so 如果源端配置了加密則目標端必須進行解密配置,並且解密的類型和key必須和源端相同,操作步驟:

  • 1 將源端創建的ENCKEYS文件發送到目標端GoldenGate根目錄
  • 2 Replicat進程配置解密操作
  • 3 重啟replicat進程

發送源端ENCKEYS文件到目標端可以scp或復制粘貼到目標端,此處省略其操作。

5.1 Replicat進程配置解密操作

[oracle@sywu ~]$ tggsci

Oracle GoldenGate Command Interpreter for Oracle
Version 12.1.2.1.0 OGGCORE_12.1.2.1.0_PLATFORMS_140727.2135.1_FBO
Linux, x64, 64bit (optimized), Oracle 11g on Aug  7 2014 09:14:25
Operating system character set identified as UTF-8.

Copyright (C) 1995, 2014, Oracle and/or its affiliates. All rights reserved.

GGSCI (sywu) 1> edit param RSYDB001

REPLICAT rsydb001
SETENV(ORACLE_SID="sydb")
SETENV (NLS_LANG=AMERICAN_AMERICA.AL32UTF8)
USERID ogg_trg,password AADAAAAAAAAAAAHABDQFVJMADCAFECACYEPIQEJCFGDGMDHBRJXCUBOBQJEGLBPEBDMCOAACDILGAJKA  &
aes128,ENCRYPTKEY securekey1
DISCARDFILE /u01/app/product/ogg_trg/discrd/reptr.desc,append,megabytes 512
DECRYPTTRAIL AES128, KEYNAME securekey1
ALLOWNOOPUPDATES
ASSUMETARGETDEFS
MAP OGG_OWNER.TOGG,target OGG_TRG.TOGG;

DECRYPTTRAIL 定義將要解密的文件的加密類型和加密密鑰(KEYNAME),這裡和源端必須相同;
這些都配置好了,重啟replicat 進程。

6 未加密和加密trail文件對比分析

6.1 未加密trail文件分析

[oracle@sywu ~]$ strings  /u01/app/product/ogg_src/dirdat/es000004
*uri:sywu::u01:app:product:ogg_src:ESYDB0016
(/u01/app/product/ogg_src/dirdat/es0000047
575523
575169
,............................................
Linux1
sywu2
2.6.32-431.23.3.el6.x86_643
##1 SMP Thu Jul 31 17:20:51 UTC 20144
x86_642
SYDB2
sydb3
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
PL/SQL Release 11.2.0.3.0 - Production
CORE    11.2.0.3.0      Production
TNS for Linux: Version 11.2.0.3.0 - Production
NLSRTL Version 11.2.0.3.0 - Production
11.2.0.3.09
+08:003
ESYDB0011
AVersion 12.1.2.1.0 OGGCORE_12.1.2.1.0_PLATFORMS_140727.2135.1_FBO4
ESYDB001Z
OGG_OWNER.TOGG
1003
1900-01-01:00:00:00
1900-01-01:00:00:00T
AAADX2AAGAAAAA2AAA
5755236
        2.138.127Z
OGG_OWNER.TOGG
1004
sywu
user
1900-01-01:00:00:00
1900-01-01:00:00:00T
AAADX2AAGAAAAA2AAB

以上的trail文件來自上次未加密的測試環境中,具體的dml

OGG_OWNER@sydb>insert into togg(id,name)values(1003,'tt') ;

1 row created.

Elapsed: 00:00:00.00
OGG_OWNER@sydb>insert into togg(id,name,type)values(1004,'sywu','user');

1 row created.

Elapsed: 00:00:00.01

So 在未加密情況下可以清楚的看到新增的id(1003,1004)和rowid(AAADX2AAGAAAAA2AAA,AAADX2AAGAAAAA2AAB);

6.2 加密trail文件分析

在源端插入如下數據:

SYS@sydb>conn ogg_owner/ogg_owner
Connected.
OGG_OWNER@sydb>insert into togg(id,name,type)values(1005,'sywu','user');

1 row created.

Elapsed: 00:00:00.09
OGG_OWNER@sydb>insert into togg(id,name,type)values(1006,'sywu','user');

1 row created.

Elapsed: 00:00:00.01
OGG_OWNER@sydb>commit;

Commit complete.

Elapsed: 00:00:00.00

分析GoldenGate Data Pump進程

GGSCI (sywu) 11> stats PSYDB001

Sending STATS request to EXTRACT PSYDB001 ...

Start of Statistics at 2015-08-31 17:32:14.

Output to /u01/app/product/ogg_trg/dirdat/ps:

Extracting from OGG_OWNER.TOGG to OGG_OWNER.TOGG:

*** Total statistics since 2015-08-31 17:29:53 ***
        Total inserts                                      2.00
        Total updates                                      0.00
        Total deletes                                      0.00
        Total discards                                     0.00
        Total operations                                   2.00

*** Daily statistics since 2015-08-31 17:29:53 ***
        Total inserts                                      2.00
        Total updates                                      0.00
        Total deletes                                      0.00
        Total discards                                     0.00
        Total operations                                   2.00

*** Hourly statistics since 2015-08-31 17:29:53 ***
        Total inserts                                      2.00
        Total updates                                      0.00
        Total deletes                                      0.00
        Total discards                                     0.00
        Total operations                                   2.00

*** Latest statistics since 2015-08-31 17:29:53 ***
        Total inserts                                      2.00
        Total updates                                      0.00
        Total deletes                                      0.00
        Total discards                                     0.00
        Total operations                                   2.00

End of Statistics.

GGSCI (sywu) 12> info PSYDB001,detail

EXTRACT    PSYDB001  Last Started 2015-08-31 17:17   Status RUNNING
Checkpoint Lag       00:00:00 (updated 00:00:01 ago)
Process ID           31884
Log Read Checkpoint  File /u01/app/product/ogg_src/dirdat/es000007
                     2015-08-31 17:29:49.000000  RBA 1865

  Target Extract Trails:

  Trail Name                                       Seqno        RBA     Max MB Trail Type

  /u01/app/product/ogg_trg/dirdat/ps                  10       2043        100 RMTTRAIL  

  Extract Source                          Begin             End             

  /u01/app/product/ogg_src/dirdat/es000007  2015-08-26 10:04  2015-08-31 17:29
  /u01/app/product/ogg_src/dirdat/es000004  2015-08-26 10:04  2015-08-26 10:04
  /u01/app/product/ogg_src/dirdat/es000004  2015-08-26 10:04  2015-08-26 10:04
  /u01/app/product/ogg_src/dirdat/es000004  2015-08-26 10:04  2015-08-26 10:04
  /u01/app/product/ogg_src/dirdat/es000004  2015-08-26 10:04  2015-08-26 10:04
  /u01/app/product/ogg_src/dirdat/es000004  2015-08-26 10:04  2015-08-26 10:04
  /u01/app/product/ogg_src/dirdat/es000004  * Initialized *   2015-08-26 10:04
  /u01/app/product/ogg_src/dirdat/es000000  * Initialized *   First Record    
  /u01/app/product/ogg_src/dirdat/es000000  * Initialized *   First Record    
  /u01/app/product/ogg_src/dirdat/es000000  * Initialized *   First Record    
  /u01/app/product/ogg_src/dirdat/es000000  * Initialized *   First Record

Current directory    /u01/app/product/ogg_src

Report file          /u01/app/product/ogg_src/dirrpt/PSYDB001.rpt
Parameter file       /u01/app/product/ogg_src/dirprm/psydb001.prm
Checkpoint file      /u01/app/product/ogg_src/dirchk/PSYDB001.cpe
Process file         /u01/app/product/ogg_src/dirpcs/PSYDB001.pce
Error log            /u01/app/product/ogg_src/ggserr.log

源端Data Pump進程從主抽取進程保存的trail文件中讀取到兩條插入信息,它讀取的trail文件是:/u01/app/product/ogg_src/dirdat/es000007;注意它們的工作原理,主抽取進程抽取數據加密並保存到trail文件,Data Pump進程讀取trail文件解密再進行數據操作,最後發送;

[oracle@sywu ~]$ strings /u01/app/product/ogg_src/dirdat/es000007
*uri:sywu::u01:app:product:ogg_src:ESYDB0016
(/u01/app/product/ogg_src/dirdat/es0000077
597066
,............................................
Linux1
sywu2
2.6.32-431.23.3.el6.x86_643
##1 SMP Thu Jul 31 17:20:51 UTC 20144
x86_642
SYDB2
sydb3
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
PL/SQL Release 11.2.0.3.0 - Production
CORE    11.2.0.3.0      Production
TNS for Linux: Version 11.2.0.3.0 - Production
NLSRTL Version 11.2.0.3.0 - Production
11.2.0.3.09
+08:003
ESYDB0011
AVersion 12.1.2.1.0 OGGCORE_12.1.2.1.0_PLATFORMS_140727.2135.1_FBO4
ESYDB001Z
OGG_OWNER.TOGG
AAADX2AAGAAAAA7AAA
5981816
1.86.100Z
OGG_OWNER.TOGG
uaDL
AAADX2AAGAAAAA7AAB

數據加密了,看不到了。
源端replicat進程信息

[oracle@sywu ogg_src]$ tggsci 

Oracle GoldenGate Command Interpreter for Oracle
Version 12.1.2.1.0 OGGCORE_12.1.2.1.0_PLATFORMS_140727.2135.1_FBO
Linux, x64, 64bit (optimized), Oracle 11g on Aug  7 2014 09:14:25
Operating system character set identified as UTF-8.

Copyright (C) 1995, 2014, Oracle and/or its affiliates. All rights reserved.

GGSCI (sywu) 1> info all

Program     Status      Group       Lag at Chkpt  Time Since Chkpt

MANAGER     RUNNING                                           
REPLICAT    RUNNING     RSYDB001    00:00:00      00:00:03    

GGSCI (sywu) 4> stats RSYDB001

Sending STATS request to REPLICAT RSYDB001 ...

Start of Statistics at 2015-08-31 18:40:08.

Replicating from OGG_OWNER.TOGG to OGG_TRG.TOGG:

*** Total statistics since 2015-08-31 17:30:03 ***
        Total inserts                                      2.00
        Total updates                                      0.00
        Total deletes                                      0.00
        Total discards                                     0.00
        Total operations                                   2.00

*** Daily statistics since 2015-08-31 17:30:03 ***
        Total inserts                                      2.00
        Total updates                                      0.00
        Total deletes                                      0.00
        Total discards                                     0.00
        Total operations                                   2.00

*** Hourly statistics since 2015-08-31 18:00:00 ***

        No database operations have been performed.

*** Latest statistics since 2015-08-31 17:30:03 ***
        Total inserts                                      2.00
        Total updates                                      0.00
        Total deletes                                      0.00
        Total discards                                     0.00
        Total operations                                   2.00
End of Statistics.

GGSCI (sywu) 2> info RSYDB001,detail

REPLICAT   RSYDB001  Last Started 2015-08-31 17:16   Status RUNNING
Checkpoint Lag       00:00:00 (updated 00:00:05 ago)
Process ID           31615
Log Read Checkpoint  File /u01/app/product/ogg_trg/dirdat/ps000010
                     2015-08-31 17:29:49.000465  RBA 2043

Current Log BSN value: (requires database login)

Last Committed Transaction CSN value: (requires database login)

  Extract Source                          Begin             End             

  /u01/app/product/ogg_trg/dirdat/ps000010  2015-08-26 10:04  2015-08-31 17:29
  /u01/app/product/ogg_trg/dirdat/ps000008  2015-08-26 09:52  2015-08-26 10:04
  /u01/app/product/ogg_trg/dirdat/ps000008  2015-08-25 13:58  2015-08-26 09:52
  /u01/app/product/ogg_trg/dirdat/ps000006  2015-08-25 13:49  2015-08-25 13:58
  /u01/app/product/ogg_trg/dirdat/ps000006  2015-08-25 13:49  2015-08-25 13:49
  /u01/app/product/ogg_trg/dirdat/ps000006  2015-08-25 13:49  2015-08-25 13:49
  /u01/app/product/ogg_trg/dirdat/ps000006  * Initialized *   2015-08-25 13:49
  /u01/app/product/ogg_trg/dirdat/ps000006  * Initialized *   First Record    
  /u01/app/product/ogg_trg/dirdat/ps000000  * Initialized *   First Record    
  /u01/app/product/ogg_trg/dirdat/ps000000  * Initialized *   First Record    
  /u01/app/product/ogg_trg/dirdat/ps000000  * Initialized *   First Record    
  /u01/app/product/ogg_trg/dirdat/ps000000  * Initialized *   First Record    

Current directory    /u01/app/product/ogg_trg

Report file          /u01/app/product/ogg_trg/dirrpt/RSYDB001.rpt
Parameter file       /u01/app/product/ogg_trg/dirprm/rsydb001.prm
Checkpoint file      /u01/app/product/ogg_trg/dirchk/RSYDB001.cpr
Checkpoint table     OGG_TRG.OGG_CHK
Process file         /u01/app/product/ogg_trg/dirpcs/RSYDB001.pcr
Error log            /u01/app/product/ogg_trg/ggserr.log

目標端同樣插入兩條數據,replicate進程從/u01/app/product/ogg_trg/dirdat/ps000010文件中讀取了後台collector進程接受到的trail數據。

[oracle@sywu ~]$ strings /u01/app/product/ogg_trg/dirdat/ps000010
*uri:sywu::u01:app:product:ogg_src:PSYDB0015
*uri:sywu::u01:app:product:ogg_src:ESYDB0016
(/u01/app/product/ogg_trg/dirdat/ps0000107
598181
594135
,............................................
Linux1
sywu2
2.6.32-431.23.3.el6.x86_643
##1 SMP Thu Jul 31 17:20:51 UTC 20144
x86_642
SYDB2
sydb3
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
PL/SQL Release 11.2.0.3.0 - Production
CORE    11.2.0.3.0      Production
TNS for Linux: Version 11.2.0.3.0 - Production
NLSRTL Version 11.2.0.3.0 - Production
11.2.0.3.09
+08:003
ESYDB0011
AVersion 12.1.2.1.0 OGGCORE_12.1.2.1.0_PLATFORMS_140727.2135.1_FBO4
ESYDB001Z
ESYDB001Z
ESYDB001Z
OGG_OWNER.TOGG
AAADX2AAGAAAAA7AAA
5981816
1.86.100Z
OGG_OWNER.TOGG
uaDL
AAADX2AAGAAAAA7AAB

文件的信息同樣是加密的,replicate讀取後進行解密、重構、應用到目標庫。

7 OBEY文件

  GodlenGate的每個Extract、Replicat進程都需要配置數據庫連接,隨著進程的增加和各自分工不同或數據交換的目標地不同,如果每個都這樣配置,那當數據庫用戶密碼改變了,那豈不是要大動干戈的修改,有沒有什麼方式可以像面向對象設計一樣把公共的部分提取出來呢?肯定有了,GoldenGate提供了一個叫OBEY的參數,允許將公共常用的部分提取保存到獨立的文件中實現共享和重用,例如下面的進程配置:

GGSCI (sywu) 2> view param PSYDB001

extract psydb001
SETENV(ORACLE_SID="sydb")
SETENV (NLS_LANG=AMERICAN_AMERICA.AL32UTF8)
userid ogg_owner,password AADAAAAAAAAAAAJANJBHVDBAGCCBOIUCTJHJVIOCVGBFSGNJFFAAGIOHBJNBWAPANGWILCPFGIXBOIXB aes128 encrypt
key securekey1
DECRYPTTRAIL aes128 KEYNAME securekey1
RMTHOST sywu,mgrport 7909
ENCRYPTTRAIL aes128 KEYNAME securekey1
RMTTRAIL /u01/app/product/ogg_trg/dirdat/ps
TABLE ogg_owner.togg;

數據庫連接、DECRYPTTRAIL、RMTHOST這些參數基本都是共用和不常變的,so 可以將其保存到獨立的文件中;

[oracle@sywu dirdef]$ vim /u01/app/product/ogg_src/dirdef/dbConnect.obey

userid ogg_owner,password AADAAAAAAAAAAAJANJBHVDBAGCCBOIUCTJHJVIOCVGBFSGNJFFAAGIOHBJNBWAPANGWILCPFGIXBOIXB aes128 encrypt
key securekey1
DECRYPTTRAIL aes128 KEYNAME securekey1
RMTHOST sywu,mgrport 7909

然後在進程參數配置文件中通過OBEY引用該文件;

extract psydb001
SETENV(ORACLE_SID="sydb")
SETENV (NLS_LANG=AMERICAN_AMERICA.AL32UTF8)
OBEY /u01/app/product/ogg_src/dirdef/dbConnect.obey
ENCRYPTTRAIL aes128 KEYNAME securekey1
RMTTRAIL /u01/app/product/ogg_trg/dirdat/ps
TABLE ogg_owner.togg;

這樣以後涉及數據庫連接的信息就只用更改該文件了,GoldenGate支持16級子文件遞歸調用,這也就意外著可以將更多的配置細化管理。

8 總結

  GoldenGate提供了AES128、AES192、AES256和BLOWFISH類型加密,BLOWFISH在keyname為default時可用,一般用於較早版本中,AES類型的加密更為安全。主抽取進程的加密是可選的,可以只在Data Pump進程中進行數據加密。進程的加密要考慮到加密的長度和密鑰名稱,必須先用GoldenGate提供的工具keygen或其它的工具生成密鑰保存在ENCKEYS lookUp文件中,然後在GGSCI命令行中根據密碼類型和ENCKEYS中的密鑰名稱生成加密密碼,最後在配置文件或GGSCI命令中使用加密密碼。目標端必須具有和源端相同的ENCKEYS lookUp文件並且在配置解密時,加密解密的類型和密鑰名稱要一致。

--The end(2015-08-31)

  1. 上一頁:
  2. 下一頁:
Copyright © 程式師世界 All Rights Reserved