GoldenGate Air‑Gap Replication for Secure Networks

Overview of GoldenGate Air‑Gap Replication

GGAirGap

In high-security environments, organizations like federal defense and intelligence agencies often maintain air-gapped networks – systems with no direct connectivity to other networks, ensuring sensitive data is physically isolated. Providing a unified intelligence picture leveraging sensitive data across these multiple security domains has historically been impeded by lack of technical solutions. Maintaining data consistency across classified networks continues to be a challenge that is further complicated by exponential growth trends in both volume and velocity of data. Oracle’s answer to this challenge is Oracle GoldenGate Data Event Streams for Air Gap Security, a new capability that enables secure, near real-time data replication across air-gapped environments to provide missions with a more timely and complete view of data across security networks. This solution extends Oracle GoldenGate – a real-time data replication platform – to meet the stringent privacy and security needs of classified and mission-critical systems.

How it works (High-Level): GoldenGate’s extract, the data capture process, continuously reads transactions from a source end point and writes them to its internal transaction log, GoldenGate trail file. With the Oracle GoldenGate Data Event Streams for Air Gap Security feature, GoldenGate’s Distribution Service then encodes the trail data into a secure, cross domain consumable format, like XML A certified Cross Domain Solution (CDS) guard or content filter can scan this XML for any policy violations or malware and once validated, moves the file across the air gap to the target network. On the receiving side, GoldenGate consumes the file and decodes it back into the original trail file format, ensuring transnationality, applying each to the target endpoint preserving full transactional consistency. The approach provides near real-time data movement without ever exposing the secure network to direct connections.

Oracle GoldenGate Data Event Streams for Air Gap Security replicates your heterogeneous data source transactions in near real time across multiple security domains, quickly providing your missions with a more timely and complete view of your data across security networks. Changes in your database on one network are quickly and automatically replicated to another database on another classified network, providing for a shared view of your data.  Never before has working with cross domain data been more accessible.

 

Why Air-Gaps Are Needed (Air-Gaps must be real-time!)

Traditional security mechanisms like firewalls, VLAN segmentation, and ACLs provide logical separation between networks, but they still depend on software rules and configurations to maintain that isolation. Even in tightly controlled environments, there’s always some level of exposure when both directions of communication remain open.

Air-gapped networks are commonplace in defense, intelligence, and other federal contexts for good reason – they prevent cyber threats on one network from reaching another. For example, a Department of Defense classified network (like SIPRNet for Secret information) is physically separated from the unclassified network (NIPRNet) and the public internet. This separation dramatically reduces the risk of espionage or malware crossing into secure systems. An “air gap” means no direct cables or wireless links connect the two sides, much like a literal gap of air acting as a barrier. Such setups are seen in military command centers, nuclear facilities, and any environment handling sensitive or classified data.

Despite this isolation, there is often a critical need for real-time data to be replicated across these disconnected networks. Operational data generated on a less sensitive network might be required on a classified network for analysis (or vice versa) to support missions and decision-making. For instance, an intelligence analyst might need data from a field collection system on an unclassified domain replicated to a classified analytics system to identify threats. Similarly, agencies under strict compliance (FedRAMP High, Impact Level 4/5, etc.) might segregate workloads but still require certain data to flow to a central repository. In short, security mandates separation, but mission demands information sharing.

Traditionally, moving data across an air gap meant using removable media, batch exports, or custom one-off solutions – all slow, labor-intensive, and prone to error. This is where Oracle GoldenGate Data Event Streams for Air Gap Security new solution shines. It was developed specifically for U.S. Department of Defense and Intelligence Community use cases, recognizing that even Top Secret environments need timely data from elsewhere. GoldenGate’s approach enables data replication and event streaming across security network devices, like one-way diodes and Cross Domain Solutions, to prevent information leakage and block malicious content.  The system supports multiple security levels (Unclassified, Secret, Top Secret, etc.) and works with NCDSMO “Raise-The-Bar” compliant cross-domain solutions that agencies trust. If an application inserts a record into a database on one security network, GoldenGate can securely transmit that new record through a guard device and apply it to a database on a different security network, e.g. from a NIPR (unclassified) database to a SIPR (classified) database. This capability is invaluable for defense and intel organizations: it maintains strict network separation while delivering the data consistency and freshness that modern operations and analytics demand.

 

Upcoming –  GoldenGate 26ai Data Event Streams for Air Gap Security

The upcoming Oracle GoldenGate 26ai release introduces the Oracle GoldenGate Data Event Streams for Air Gap Security replication features as a fully supported capability. This release brings several enhancements designed for secure cross-network data movement:

  • Cross-Domain Solution Integration: GoldenGate 26ai’s Distribution Service can output the captured data into CDS-consumable formats, like XML. These formats are approved for scanning by security filters and guard hardware to enforce strict content policies. This means GoldenGate is now compatible with CDS guard appliances and data diodes. The data streams include control information, the data changes (DML/DDL), and even large objects, all encoded in a safe format for inspection.
  • One-Way Secure Transfer Workflows: The GoldenGate platform works in a one-directional “low-to-high” configuration, aligning with security protocols that forbid bi-directional exchange. Support for one-way network traffic through physical data diodes and guard software is built in. GoldenGate’s process ensures that no acknowledgments or reverse traffic are needed from the high-side, which is crucial for highly secure networks. The replication workflow has been enhanced to tolerate latency from guard scanning and to queue data safely until transfer is permitted, so even if the link is intermittent, no transactions are lost.
  • Oracle Cloud (OCI) Integration: GoldenGate 26ai is designed to run seamlessly in Oracle Cloud Infrastructure, including Oracle US Defense Cloud and Oracle National Security Regions (ONSRs) – Oracle’s isolated classified cloud regions – and other isolated or GovCloud environments. It also integrates with Oracle Cloud storage services to stage the encrypted data files for transfer. Agencies can deploy GoldenGate in a FedRAMP High/DoD IL4 cloud, or even in tactical edge scenarios, and still use this replication feature. Broad technology support is maintained: the solution supports hundreds of data sources and targets. So not just Oracle Database, but various commercial and open-source databases, data warehouses, analytic platforms, AI platforms and messaging systems. This broad compatibility means that whether the source is a legacy system or a modern AI cloud solution, GoldenGate can capture the changes and include them in the air-gap data stream.
  • Enhanced Security and Auditability: The 26ai release builds on GoldenGate’s robust security foundations.  With encryption in transit and at rest, role-based access control, authentication integration, etc., GoldenGate ensures that data remains protected throughout the air-gap transfer. All transactions moved via Data Event Streams are fully encrypted and signed, and the system maintains an audit log of what was transferred and applied. Additionally, GoldenGate preserves transaction boundaries and order, so the target database remains a consistent replica of the source even across the air-gapped transfer process. 

 

The Oracle GDI Advantage

Oracle’s Government, Defense & Intelligence (GDI) team has played a pivotal role in bringing this air-gap replication solution to life. The GDI organization works closely with federal customers and Oracle’s product engineering to ensure that GoldenGate meets the unique needs of national security use cases. Here are a few key contributions and enhancements from Oracle GDI:

  • Oracle GoldenGate Data Event Streams for Air Gap Security can be deployed with Oracle Cloud Cross Domain Services in Oracle Defense Cloud and Oracle National Security Regions (ONSRs). These regions adhere to the highest U.S. government security standards, and GDI’s involvement means GoldenGate is ready to operate within them – aligning with government-mandated architectures and connectivity restrictions. Whether the target is an OCI Classified Region or an isolated on-premises network, the GDI team has validated that the GoldenGate solution will function reliably and securely for Government use.
  • Tactical Edge and Disconnected Operations: Recognizing that many defense scenarios involve forward-deployed systems with little or no connectivity, Oracle GDI made compatibility with Oracle Roving Edge Infrastructure a priority. Oracle Roving Edge is a portable ruggedized appliance that brings OCI services to the field. GoldenGate can be run on Roving Edge devices, collecting data in remote or disconnected locations and later synchronizing through Data Event Streams when a connection (even intermittent or low-bandwidth) becomes available. This capability is crucial for military and homeland security users who operate in austere environments – they can gather data on the edge and trust that GoldenGate will propagate it securely to central systems when possible, following the air-gap transfer protocols.
     
  • Wide Support for Guard Integration: Support with heterogeneous cross domain systems is possible due to the portable and common file formats used by Oracle GoldenGate Data Event Streams for Air Gap Security.  Oracle GDI offers integration support for a wide set of cross domain systems and content filters, across many defense and intelligence ecosystems. 

Overall, Oracle GDI’s contributions ensure that Oracle GoldenGate Data Event Streams for Air Gap Security is not just a theoretical capability, but a practical solution ready for deployment in the most secure federal environments. The GDI team’s involvement offers an extra layer of confidence for government customers, as the solution has been co-developed and tested with real-world defense and intelligence scenarios in mind.

Conclusion

In conclusion, GoldenGate 26ai Air-Gap Replication with Data Event Streams delivers a groundbreaking combination of security and efficiency for organizations that must operate segregated networks. It allows data to flow to where it’s needed – from lower classification systems to higher ones or from field systems to central servers – without compromising the sanctity of the air gap. Federal agencies and other security-focused enterprises can finally eliminate manual data swap processes and instead rely on an automated, proven Oracle technology that has been engineered for their unique needs.

If your organization faces the challenge of sharing data across classified or isolated networks, now is the time to explore how Oracle GoldenGate Data Event Streams for Air Gap Security can fit into your architecture. Oracle and its GDI team are inviting agencies to learn more about this capability and to engage in an assessment or pilot. By working together with Oracle, you can evaluate how Oracle GoldenGate Data Event Streams for Air Gap Security would integrate with your current systems and security controls, and ensure that your mission-critical data is available wherever it’s needed, when it’s needed – all while upholding the highest standards of security. Contact Oracle today to discuss your use case and take the next step toward a safer, more efficient data replication strategy for your air-gapped networks.