Friday, December 10, 2010

GoldenGate Tips and Tricks

GoldenGate was bought out by Oracle last year. Around that time, I was asked to take a look to see how it could be used as a Materialized View (aka Snapshot) replacement. As we took a closer look, we found more and more uses for this great product and the project sprawled. The more its around, the more uses we find for it. Its worth every penny...but like everything else...don't just install it...research, test and find its limitations before you depend on it.

Some of the details are possibly out of date on this post...I've put off writing about GoldenGate for reasons stated below. Forgive me if this seems harsh...I hold the highest respect for the people who work at Oracle and the work they do to bring excellent software to the marketplace. I've made my career off of them, I know many of them and...besides the occasional bug, I've never had a genuine negative experience with them. My complaints below relate to the now merged company Golden Gate, and really, only with Director (licensed by the Golden Gate mgmt pack)...Golden Gate (the product) itself is excellent. I've spoken with employees at Oracle who agree with my opinions, I even had to cover for an Oracle consultant who was threatened with being fired for telling the truth about Director.
Before I get into the details of why GG is great, let me tell you why it isn't (and then I'll tell you how to get past the problems.) The difficult part of it is monitoring and administration. When Oracle purchased GoldenGate, along with it came a product called Director. Director is a Web Logic based application that promises to allow people to make changes to GoldenGate configuration files and monitor their application. This is necessary unless you're ok with your app dba's and developers getting Unix-level access to your database servers. GoldenGate is wonderful, but Director is probably the biggest software disappointment I've ever seen. On one day I launched 13 SR's with bugs to Metalink...not little things...each of them deal breakers. Some of the issues I found:
1. Every few days Director have to restart the WL instance to bring it back up.
2. The security layers (different users can do different things) they have no longer worked in the version we were testing...and I was told they hadn't worked in several previous releases. This means every Director user had full authority to do anything to any configuration on any database, and start and stop replication.
3. If more than 2 people try to use the web app at a time, their GUI configurations become in conflict (due to the shared db connection Director uses to its repository) and the first person in has all their icons moved on top of each other to the top left corner of the screen. We have some complex configurations with hundreds of this means you have to drag the icons back out to where they were one at a time...taking sometimes 20 minutes...and this happens often.
4. There's no logging of who does I can go into your configuration and make changes and nobody will know. Its also very difficult to trace back causality of bugs and issues.
5. [UPDATE 10/6/2011-There is a huge security hole that has been around for many versions.  I brought it up with an SR and I know it was brought to the attention of the GG product manager, but they chose to not correct the issue.  At Openworld 2011 I talked to Mr Screvens, who seemed genuinely concerned about the issue.  I think its finally going to be addressed, but in the meantime, there's an undocumented work around you need to use to protect yourself from the issue.  I'll blog about that asap.]
6. Of the *many* SR's I created in total, very few of them were corrected because Oracle was coming out with a product to replace it called Monitor. I was told at the time it was due out in the fall, now I'm hearing early spring, although the beta is available now. My impression was that Oracle was picking and choosing what they were willing to fix, since they knew it was going away soon. I haven't had a chance to test out Monitor yet, so I can't say if these issues have been corrected...I hope they have been. GoldenGate is a truly great and useful just needs some attention to details that it wasn’t getting under the watch of GoldenGate, the company. Oracle, in my opinion, is usually very good at meeting user needs and correcting security issues, so I hope they'll pay attention to these issues.
The reason I waited almost a year after notifying Oracle of these problems is because I consider publicizing security issues to be irresponsible. I notified Oracle and I put off writing about these issues to give them time to correct them...after a major release (11) and several minor releases, they've hopefully corrected them. If they haven't, people need to know how to protect themselves from vulnerabilities while setting up GoldenGate.
...enough about the bad. How can you get past these issues, what are the tips and tricks? I'll cover them in my next post.

No comments:

Post a Comment