Enterprise replication and high availability network data encryption

You can configure network data encryption for Enterprise Replication and high availability clusters by using configuration parameters.

You can use Enterprise Replication and high availability encryption parameters to encrypt the data traffic between the servers participating in Enterprise Replication and high availability clusters (High-Availability Data Replication, remote stand-alone secondary servers, and shared disk secondary servers). High availability encryption works with Enterprise Replication encryption and each operates whether the other is enabled or not.

The following configuration parameters configure encryption for Enterprise Replication and high availability clusters:

• ENCRYPT_CIPHERS: defines all ciphers and modes that can be used by the current database session
• ENCRYPT_MAC: controls the level of message authentication code (MAC) generation
• ENCRYPT_MACFILE: specifies a list of the full path names of MAC key files
• ENCRYPT_SWITCH: defines the frequency at which ciphers or secret keys are renegotiated
• ENCRYPT_CDR: sets the level of encryption for Enterprise Replication
• ENCRYPT_HDR: enables or disables HDR encryption
• ENCRYPT_SMX: sets the level of encryption for remote stand-alone and shared disk secondary servers

When working with each other, high availability and Enterprise Replication share the same ENCRYPT_CIPHERS, ENCRYPT_MAC, ENCRYPT_MACFILE and ENCRYPT_SWITCH configuration parameters.

While an encrypted high availability or Enterprise Replication connection operates from server to server, CSM network encryption operates between client and server. Both types of encryption can run on the same network if configured as follows:

• One network port must be configured for high availability.
• The other network port must be configured for CSM connections.

For information about these configuration parameters, see HCL OneDB™ Administrator's Reference.