Network Encryption

Home | Previous Page | Next Page Introducing Enterprise Replication > About IBM Informix Enterprise Replication > IBM Informix Enterprise Replication >

Network Encryption

Enterprise Replication supports the same network encryption that you can use with client/server communications to provide complete data encryption with the OpenSSL library. A message authentication code (MAC) is transmitted as part of the encrypted data transmission to ensure data integrity. A MAC is an encrypted message digest. The encryption algorithms use OpenSSL 0.9.6 as the code base.

However, encryption is implemented differently for Enterprise Replication than for client/server communications:

Client/server network encryption uses the ENCCSM communications support module (CSM) that is specified in the SQLHOSTS file.
Enterprise Replication encryption requires setting encryption configuration parameters.

Enterprise Replication cannot accept a connection that is configured with a CSM. To combine client/server network encryption with Enterprise Replication encryption, configure two network connections for each database server, one with CSM and one without. For more information, see Network Encryption and SQLHOSTS.

Important:

HDR does not support encryption. If you combine Enterprise Replication with HDR, communication between Enterprise Replication servers and the HDR primary server can be encrypted, but the communication between the HDR primary server and the HDR secondary server cannot be encrypted.

Enterprise Replication encryption configuration parameters are documented in Appendix B. Configuration Parameter and Environment Variable Reference.