Chat now with support
Chat with Support

SharePlex 12.2 - Reference Guide

About this guide Conventions used in this guide SharePlex Commands for Oracle SharePlex parameters SharePlex Commands for PostgreSQL SharePlex Parameters for PostgreSQL Heterogeneous commands General SharePlex utilities Oracle Cloud Infrastructure SharePlex environment variables

SpClient

SpClient

Use the SpClient utility to monitor SharePlex processes and event logs. The utility reports if any processes fail or stop due to errors. It also sends email notifications when issues occur.

Supported operating system:

Windows

Set up configuration

Prerequisites:

  1. Run ora_setup to complete environment setup.

  2. Make sure the sp_cop process is running before you use the SpClient utility.

  3. Start replication.

To set up configuration, open the command prompt and enter the create config command to create the replication configuration.

To monitor SharePlex processes:

  1. Right-click the SpClient icon, and then select Run as administrator.

  2. Sign in to the SpClient application.

  3. In the navigation menu, go to Access and click Local to sign in. The system uses the sp_remote service for authentication.

    After you sign in, the Sp Monitor option becomes available.

  4. In the navigation menu, go to Select and click Sp Monitor.

    The SharePlex Monitor screen opens.

  5. In the Port list, select the port for which you want to start monitoring. The monitor screen shows the current monitoring status.

  6. Click Start to begin monitoring SharePlex processes.

Configure monitoring

  1. Click Configure Monitor on the SharePlex Monitor screen to view monitoring configurations.

  2. The system opens the sp_NT_mon text file. This file shows the default configuration values.

  3. Edit the file as needed to update monitoring settings.

How monitoring works

The SpClient utility checks the status of all SharePlex processes every 60 seconds by default. You can customize this interval. If a process goes down or an error occurs, SpClient displays an alert in the application and sends an email notification if monitoring is active. Otherwise, it logs the details in the monitor.log file.

sp_hsm

sp_hsm

Description

Use the sp_hsm utility to provide the Oracle Wallet password to SharePlex that is stored at external storage (HSM). SharePlex uses the wallet password to access the TDE primary Encryption Key. SharePlex uses the TDE primary Encryption Key to decrypt TDE protected data in the redo log that must be replicated.

Grant read permission on the Oracle Wallet file to the dba group before using sp_hsm.

Notes:

  • The sp_hsm utility supports HSM physical devices that are compatible with the PKCS 11 library.

  • The sp_hsm utility is not supported on the Windows platform.

Supported databases

Oracle

Run the sp_hsm Utility

Run the sp_hsm utility:

  1. Open command prompt.

  2. Enter the Oracle SID or TNS alias if it is an RAC configuration [ORCL1]: ORCL1

  3. Ensure the HSM library is set up correctly:

    HSM opm_is_hsm_library_setup entered for sid o.ORCL1

    HSM opm_is_hsm_library_setup returned true

  4. Enter the Slot ID for the HSM on which the Oracle database is configured.

    HSM Slot ID [0]: 1

  5. Enter the HSM password.

After successfully adding the HSM password to Shareplex, the utility displays the following message:

The HSM password has been successfully added to Shareplex.

Shareplex will automatically connect to HSM upon startup.

The sp_hsm utility will not need to be run again unless you want to change the HSM password.

To change the HSM password, just run sp_hsm and enter the new password.

The old HSM password will replace the existing password.

sp_security

Description

Use the sp_security utility to enable, disable or view the SSL/TLS settings for SharePlex network communication.

Enable SSL/TLS

IMPORTANT! SSL/TLS must be either enabled with a common network password or disabled on all SharePlex installations.

To enable SSL/TLS:

Run sp_security --setup, select the SSL/TLS option, and then enter a network password.

$ ./sp_security --setup

Security Setup Wizard

---------------------

This wizard will walk you through setting up the SharePlex network security.

Setup configuration for '/splex/shareplex/run/var120' and Port 2105 [N]: y

Choose your network security model. Please note the following:

* Cop must be down when the security model is changed, or when the network password is changed

* The same model/protocol must be used among all SharePlex nodes replicating to each other

* For security model [1], the same network password must be set on all SharePlex nodes replicating to each other

[1] Use Basic SSL/TLS connection (TLS 1.2)

[2] Use Non-SSL/TLS connections (default)

[3] Use Advance SSL/TLS connection (TLS 1.3)

Security model [3]: 3

Please enter a network password that will be used for authentication

among the SharePlex nodes. All SharePlex nodes that replicate data to each

other must have the same network password.

Network password [**********]:

Please re-enter the network password

Network password:

Security settings:

Configuration for '/splex/shareplex/run/var120' and Port 2105:

Security model : SSL/TLS

Security Protocol : TLS_1_3

Network password : stored for unattended startup

SSL key file password : stored for unattended startup

SSL key file : key.pem

SSL cert file : cert.pem

Setup complete!

Disable SSL/TLS

IMPORTANT! SSL/TLS must be either enabled with a common network password or disabled on all SharePlex installations.

To disable SSL/TLS:

Run “sp_security --setup” and select non-SSL/TLS connections.

$ ./sp_security --setup
Security Setup Wizard
---------------------
This wizard will walk you through setting up the SharePlex network security.
Setup configuration for '/splex/shareplex/run/var120' and Port 2105 [N]: y
Choose your network security model.  Please note the following:
* Cop must be down when the security model is changed, or when the network password is changed
* The same model/protocol must be used among all SharePlex nodes replicating to each other
* For security model [1], the same network password must be set on all SharePlex nodes replicating to each other
[1] Use Basic SSL/TLS connection (TLS 1.2)
[2] Use Non-SSL/TLS connections (default)
[3] Use Advance SSL/TLS connection (TLS 1.3)
Security model [3]: 2
Security settings:
Configuration for '/splex/shareplex/run/var120' and Port 2105:
Security model            : Un-encrypted
Setup complete!

View current SSL/TLS configuration

To view the current SSL/TLS configuration:

When enabled:

$ ./sp_security --show

Security settings:

Configuration for '/splex/shareplex/run/var120' and Port 2105:

Security model : SSL/TLS

Security Protocol : TLS_1_3

Network password : stored for unattended startup

SSL key file password : stored for unattended startup

SSL key file : key.pem

SSL cert file : cert.pem

When disabled:

$ ./sp_security --show

Security settings:

Configuration for '/splex/aparopka/shareplex/run/var120' and Port 2105:

Security model : Un-encrypted

 

sp_wallet utility

SP_wallet

Description

Use the sp_wallet utility to provide the Oracle Wallet password to SharePlex. SharePlex uses the wallet password to access the TDE primary Encryption Key. SharePlex uses the TDE primary Encryption Key to decrypt TDE-protected data in the redo log that must be replicated.

Grant read permission on the Oracle Wallet file to the dba group before using sp_wallet.

Supported databases

Oracle on Unix, Linux, and Windows

Run sp_wallet

To run sp_wallet and manually supply the password:

  1. On the source system, start SharePlex from the SharePlex product directory. You are prompted to run sp_wallet.

    *** To enable TDE replication, run sp_wallet and provide the wallet password ***

  2. Run sp_wallet.

    ./sp_wallet [-r port_number]

    IMPORTANT! On Windows, if you installed SharePlex on any port other than the default of 2100, use the -r option to specify the port number. For example, in the following command the port number is 9400:

    ./sp_wallet -r 9400

    wallet password: walletpw

    Wallet loaded into SharePlex

To run sp_wallet in auto-open mode:

If you are using an auto-open wallet, you can configure SharePlex to open the TDE wallet automatically. This eliminates the need to run sp_wallet manually at SharePlex startup. The syntax is:

./sp_wallet --auto-open [-r port_number]

Important! Using the auto-open wallet feature has additional security considerations. See the Oracle documentation for more information. In addition, do not back up the SharePlex variable-data directory together with the Oracle wallet and the Oracle data files.

To cancel auto-open mode:

./sp_wallet --no-auto-open [-r port_number]

To change the TDE primary encryption key:

If you need to change the TDE primary Encryption Key while a SharePlex configuration is active, take the following steps to ensure that SharePlex continues to replicate the TDE-protected data after the changes.

  1. Quiesce the source database.
  2. Make sure that Capture finishes processing the remaining data in the redo log.
  3. Shut down SharePlex.
  4. Change the TDE primary Encryption Key.
  5. Restart SharePlex.

  6. Run the sp_wallet utility to provide SharePlex with the new TDE primary Encryption Key.

    ./sp_wallet [-r port_number]

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating