Go to main content
Oracle® ZFS Storage Appliance Security Guide, Release 2013.1.4.0

Exit Print View

Updated: April 2015
 
 

Remote Replication Data Service

Oracle ZFS Storage Appliance remote replication facilitates replication of projects and shares. This service enables you to view which appliances have replicated data to a specific appliance, and to control to which appliances a specific appliance can replicate.

When this service is enabled, the appliance receives replication updates from other appliances and sends replication updates for local projects and shares according to their configured actions. When the service is disabled, incoming replication updates fail, and no local projects and shares are replicated.

The root password for the remote appliance is required to configure remote replication targets for the appliance. These targets are used to set up a replication peer connection that enables the appliances to communicate.

During target creation, the root password is used to confirm request authenticity and to produce and exchange security keys that will be used to identify the appliances in subsequent communications.

The generated keys are stored persistently as part of appliance configuration. The root password is never stored persistently nor transmitted unencrypted. All appliance communications, including this initial identity exchange, are protected with SSL.

The Oracle ZFS Storage Appliance offline replication feature reduces time, resources, and potential data errors when replicating a large dataset over a network with limited bandwidth. Offline replication exports the replication stream to a file on an NFS server, which can be physically moved to the remote target site, or optionally copied to external media for shipping. At the target site, the administrator imports the file containing the replication stream to the target appliance.

To limit access to the exported replication stream, expose the NFS share only to the IP address of the source and target appliances. To encrypt the data, enable on-disk encryption for the NFS share on the NFS server. Refer to your NFS server documentation for more information. Note that an exported replication stream is never encrypted by the appliance.