Security and Replication

Describes how to replicate data between secure clusters.

Security is configured at all locations in the replication stream.

On clusters

You can replicate between clusters that are all secure. See Configuring Secure Clusters for Cross-Cluster Mirroring and Replication for more information about replication between secure clusters.

At source tables

The -replperm parameter lets you specify an Access Control Expression (ACE) to declare who has permission to replicate data from a table. This parameter is available in the maprcli table create and maprcli table edit commands.

Across a network

You can send data encrypted or unencrypted when replicating between secure clusters by using the -networkencryption parameter when adding a replica to a source table.

At gateways

Gateways ensure that replicas receive updates only from source tables that are designated as upstream sources.

Moreover, gateways handle authentication with secure destination clusters.

At replicas

Because of the several upstream security checks, no parameters are needed for setting ACE to declare who has permission to update a replica through a replication stream. However, before replication begins, replicas can be loaded with a snapshot of the data in corresponding source tables. Permission to perform such a load is controlled by the ACE that you set in the -bulkloadperm parameter for a replica. You can set the ACE with either the maprcli table create or the maprcli table edit command.

All other ACE defined for a replica still apply for local updates and reads.