For replication to be robust, well tuned and secure, some of the out-of-the box settings need to modified. Here is a list of these items, focusing on the Goldengate Best Practices and Security, in areas such as the Database, Parameters, processes, etc.
Oracle GoldenGate: Best Practices and Security
• Ensure that all the tables have Primary keys.
• Do not grant the DBA privilege to the GG user, give only the required privileges.
• Supplemental logging should be enabled using TRANDATA
Oracle Golden Gate Parameter files
• Use USECHECKPOINTS with the PURGEOLDEXTRACTS clause in the mgr.prm file.
PURGEOLDEXTRACTS , USECHECKPOINTS, MINKEEPHOURS 24 MINKEEPFILES 30
• Do not use HANDLECOLLISIONS unless it is absolutely required and temporary. Read more on effects of using handle collisions
• If HANDLECOLLISIONS is being used it should only be set for specific tables ONLY and the remainder tables set to NOHANDLECOLLISIONS.
Oracle Golden Gate Performance
• Increase read buffer size of dblogreader to 4M
• Use datapump compression
TRANLOGOPTIONS BUFSIZE 4096000
TRANLOGOPTIONS DBLOGREADERBUFSIZE 4096000
Oracle Golden Gate High Availability
• Add autostart for mgr process
• Add auto restart specifying at least 3 minimum restart attempts
AUTORESTART EXTRACT *, RETRIES , WAITMINUTES , RESETMINUTES
• Use checkpoint table not checkpoint file for checkpoint recovery.
Oracle GoldenGate Security
• In PCI environments personal sensitive data should be excluded by the extract process, to avoid any of this data in the trail files.
• Used password encryption
• Use datapump encryption
• Use trail file encryption
• Write lag messages and warnings to the ggserror.log file for all the Oracle Goldengate processes.
• Use WARNLONGTRANS 2h, CHECKINTERVAL 10m (example) on extract side to write warnings to the alert log for long running transactions
• Write record count of transactions every 1 hour or so to report log.
REPORTCOUNT EVERY HOURS, RATE
• Rollover the report for the individual processes daily.
REPORTROLLOVER AT on