Quick Recap
In the previous post on implementation, we were deep diving into the need of Oracle Audit Vault and Database Firewall (AVDF) in current business scenarios of the organizations, Architecture and its highlights, AVDF in action, Business Use Case, Key Business Benefits.
The Implementation Architecture
- Source Architecture: From which the data to be captured, in this scenario it is Oracle E-Business Suite (EBS) application
- Oracle GoldenGate Architecture: It is configured to fetch the data from the source (EBS) for AVDF system to read the source data using the AVDF agent deployed in this GoldenGate architecture
- AVDF Architecture: It reads the source data from the GoldenGate Architecture and prepares the audit information required
Data Flow: Source to Reports
A) EBS business transaction updates application tables; Oracle DB writes redo entries
B) Integrated Extract captures configured DML and DDL from redo or downstream mining and rotates XML trail files
C) AVDF trail type is set to TRANSACTION LOG and trail location points to the XML directory
D) Audit Vault Agent reads accessible XML files and forwards records to the Audit Vault Server repository
E) Reports expose DDL in All Activity and DML before/after values in Data Modification Before-After Values
Key flow: GoldenGate Integrated extract moves redo log data to XML files, AVDF Transaction Log collector reads those XML files, and Audit Vault Server surfaces DML before/after values and DDL activity in reports.
Sizing and Topology
Oracle AVDF is delivered as software appliance images that are ready to deploy on physical hardware or in virtualized environments, such as Oracle VM Server or VMware.
Note:
-
Install each Audit Vault Server and each Database Firewall onto its own dedicated x86 64-bit server or virtual machine (VM)
-
Don’t install the Audit Vault Server or Database Firewall on a server or VM that is used for other activities, because the installation process formats the server, which deletes existing data and operating systems
-
Provided sizing may differ according to the requirement/environment, feel free to increase/decrease as required
- Oracle VM Server for x86, release 3.2.8, 3.2.9, 3.4.4, and 3.4.6
- VMWare VSphere, release 6.0, 6.7, and 7.0 (starting with Oracle AVDF 20.7)
- VMWare VSphere, release 8.0 (starting with Oracle AVDF 20.13)
- Oracle VM VirtualBox, release 5.2, 6.0, 6.1, and 7.0 (starting with Oracle AVDF 20.9)
- Kernel-based virtual machine (KVM)
CPU, Memory, Space and Network Requirements
| Component | Audit Vault Server | Database Firewall | GoldenGate Microservices |
|---|---|---|---|
| CPU |
Minimum – 2
Recommended – 4
|
Minimum – 2
Recommended – 2 to 4
|
Minimum – 2
Recommended – Based on the number of extracts to be configured
|
| Memory |
Minimum – 8 GB
Recommended – 16 GB
|
Minimum – 8 GB
Recommended – 16 GB
|
Minimum – 16 GB
Recommended – 32 GB or Based on the number of extracts to be configured
|
| Disk Space |
Minimum – 370 GB
Recommended – 2 TB
|
Minimum – 220 GB
Recommended – 500 GB
|
Minimum – 1 TB
Recommended – 2 TB
|
| NFS Storage (For Backup & Archive) |
Minimum – 500 GB
Recommended – 1 TB
|
NA | NA |
| Network Interface Cards (NICs) | 1 |
|
1 |
Audit Collection and Database Firewall Support for Databases
| Supported Database | Versions Supported | Audit Collection Support | Database Firewall Support |
|---|---|---|---|
|
Oracle Database (Enterprise and Standard editions) Oracle AVDF's support of Oracle Database 11g is deprecated in AVDF 20.14, and will be desupported in a future release.
|
|
Yes | Yes |
|
Oracle Autonomous AI Database Serverless (ADB-S, ATP-S, ADW-S) |
|
Yes | Yes (Starting with Oracle AVDF 20.8) |
|
Oracle Autonomous AI Database on Dedicated Exadata Infrastructure (ADB-D, ATP-D, ADW-D) |
|
Yes (Starting with Oracle AVDF 20.3) | Yes (Starting with Oracle AVDF 20.8) |
|
Oracle Exadata Database Service on Dedicated Infrastructure (ExaDB-D) |
|
Yes | Yes (Starting with Oracle AVDF 20.8) |
| Oracle Base Database Service |
|
Yes | Yes (Starting with Oracle AVDF 20.8) |
|
Oracle Database running on Exadata
Oracle AVDF's support of Oracle Database 11g is deprecated in AVDF 20.14, and will be desupported in a future release.
|
|
Yes | Yes |
|
Oracle Real Application Clusters (Oracle RAC)
Oracle AVDF's support of Oracle Database 11g is deprecated in AVDF 20.14, and will be desupported in a future release.
|
|
Yes | Yes |
| MySQL (Enterprise Edition) |
|
Yes | Yes |
|
Microsoft SQL Server (Windows) Enterprise Edition Microsoft SQL Server 2012 was deprecated in Oracle AVDF 20.12, and it will be desupported in one of the future releases.
|
|
Yes | Yes |
|
Microsoft SQL Server (Windows) Standard Edition |
|
Yes | Yes (Starting with Oracle AVDF 20.8 support for Standard Edition 2019) |
|
Microsoft SQL Server Cluster (Windows Failover Cluster)
Microsoft SQL Server 2012 was deprecated in Oracle AVDF 20.12, and it will be desupported in one of the future releases.
|
|
Yes | Yes (Starting with Oracle AVDF 20.6 support for SQL Server Cluster 2019) |
|
Microsoft SQL Server Always On Availability Group (Starting with Oracle AVDF 20.3) Microsoft SQL Server 2012 was deprecated in Oracle AVDF 20.12, and it will be desupported in one of the future releases.
|
|
Yes | Yes (Starting with Oracle AVDF 20.11) |
|
MongoDB (By configuring Quick JSON collector) |
|
Yes | No |
|
PostgreSQL (Open source only) |
|
Yes | No |
| IBM Db2 |
|
Yes | Yes |
|
IBM Db2 Cluster HADR (High Availability and Disaster Recovery) on OL 7.x |
|
Yes | Yes |
|
IBM Db2 for AIX (7.2 TL1 and above / 7.1 TL4 and TL5) |
|
Yes | Yes (Starting with Oracle AVDF 20.4) |
| IBM DB2 Database Partitioning Feature (DPF) on Linux and AIX |
|
Yes | No |
| SAP Sybase ASE |
|
Yes | Yes |
Support for Transaction Log Audit Collection Using Oracle GoldenGate
| Minimum Supported Oracle GoldenGate Version | Supported Target Databases and Versions | Supported Oracle AVDF Release |
|---|---|---|
| Oracle GoldenGate 19c (19.1.0.0.4) |
Oracle Database 11.2 to 19c
Oracle AVDF's support of Oracle Database 11g is deprecated in AVDF 20.14, and will be de-supported in a future release.
|
Oracle AVDF 20.1 to 20.9 |
| Oracle GoldenGate 19c (19.1.0.0.200414) |
Microsoft SQL Server 2012, 2014, 2016, 2017, 2019
Microsoft SQL Server 2012 was deprecated in Oracle AVDF 20.12, and it will be de-supported in one of the future releases.
|
Oracle AVDF 20.9 |
| Oracle GoldenGate 21c (21.4) | Microsoft SQL Server 2017, 2019 | Oracle AVDF 20.10 and later |
| Oracle GoldenGate 21c (21.9) | Oracle Database 19c | Oracle AVDF 20.10 and later |
| Oracle GoldenGate 21c (21.11) | MySQL 8.0 | Oracle AVDF 20.11 and later |
| Oracle GoldenGate 26ai (23.4.2.24.06) on Linux x86-64 |
Microsoft SQL Server 2022 | Oracle AVDF 20.17 and later |
| Oracle GoldenGate 26ai (23.4.2.24.06) on Linux x86-64 |
MySQL 8.4 | Oracle AVDF 20.17 and later |
| Oracle GoldenGate 26ai (23.26.1.0.0) on Linux x86-64 |
Oracle Database 19c, Oracle Database 26ai | Oracle AVDF 20.17 and later |
To Be Continued. . .
In next post, we’ll be diving into the Hands-on Installation and Configurations, etc.,
