Configuring network encryption for replication servers

You encrypt client/server network communication by specifying the ENCCSM module with the communications support module (CSM) option in the sqlhosts file. You encrypt Enterprise Replication communication by setting encryption configuration parameters. The ENCRYPT_CDR configuration parameter must be set to 1 or 2 to allow encryption.

You cannot configure an Enterprise Replication connection with a CSM.

To combine client/server network encryption with Enterprise Replication encryption, configure two network connections for each database server. The configuration in the SQLHOSTS file would look like the following example.

#dbservername  nettype   hostname    servicename  options
 gserv1        group     -           -            i=143
 serv1         ontlitcp  ny.usa.com  ertest1      g=gserv1
 c_serv1       ontlitcp  ny.usa.com  ertest10     csm=(ENCCSM)

In this example, serv1 and c_serv1 are two connection ports on the same database server. Encrypted client/server communication uses the c_serv1 port, while encrypted Enterprise Replication uses the serv1 port.

For more information on encrypting client/server network communications, see the HCL OneDB™ Administrator's Guide.