Often there are issues setting up GoldenGate Pump processes due to firewall constraints, corporate restrictions, and/or partner connectivity issues. Here we describe using a SOCKS5 proxy to replicate GoldenGate over SSH (port 22)
By using a port tunnel using SOCKS5, you can tunnel GoldenGate traffic over port 22. Port 22 (SSH) is typical a port that is available for traffic. This is straight-forward and easy to set up. Using the ssh command on your DMZ server you will setup a listening port and a forwarding address to connect incoming GoldenGate pump requests to the GGCS server.
For the tunnel to work you must setup a PKI key pair between the proxy and the target system. This is done using ssh-keygen and copying the .pub record to the authorized_keys file under the .ssh directory on the target.
The ssh command is setup to forward requests via a static connection. The following command is used to setup the SOCKS5 proxy:
ssh -v -N -f -D <DMZ>:<Port> <User>@<Target> -E socks.out
The following parameters are used in this example:
-N do not execute remote command
-f go in to background (like nohup)
-D bind address IP and port to listen on
Addr Connection information. This is where it will tunnel to using PKI
-E logging file
Here is an example for connecting to the cloud. This example uses a server named ptc02 as the proxy gateway and listens on port 9008.
ssh -v -N -f -D ptc02:9008 firstname.lastname@example.org -E socks.out
Once the SOCKS proxy is in place, the GoldenGate pump process is modified to use the SOCKS5 proxy by changing the RMTHOST line in the parameter file like this:
RMTHOST localhost, COMPRESS, MGRPORT 7809, SOCKSPROXY ptc02:9008
Since the SOCKS5 proxy forwards the request to the GGCS server it is essentially connecting to a manager process on the server it is running on. Thus, the target hostname from the forwarded pump perspective is localhost or the local IP address. The SOCKSPROXY is the DMZ server and port.
With this configuration you will not have to open any access other than the SSH access defined using the PKI key. Once this is working, replicating to the cloud is easy.
If you have multiple cloud instances just setup multiple SOCKS5 proxies on different ports.