Raw Crypto Replication

Raw crypto replication improves the security and efficiency of replicating encrypted data by avoiding both decrypting the data on the source appliance and reencrypting it on the target appliance. Security is enhanced by sending the data encrypted instead of unencrypted.

The raw crypto option is enabled by default for new replication actions if the raw crypto replication deferred update has been applied. Once enabled, raw crypto replication can be disabled before the initial update.

The Raw Crypto Replication Deferred Update is available in Oracle ZFS Storage software version OS8.8.57 or later. To use raw crypto replication, both the source and target appliances must have accepted the deferred update. It is recommended to accept the deferred update on the targets first to avoid action update delays. Updates will fail if the source appliance's replication action uses the raw crypto feature but the deferred update has not been accepted on the target appliance. For information on applying deferred updates, see Deferred Updates in Oracle ZFS Storage Appliance Customer Service Manual, Release OS8.8.x.

Additional restrictions: 1) Both the source and target appliances must have identical encryption keys in each dataset's keyname property (same name and same contents); and 2) When using raw crypto replication with the multi-target reversal feature, all members must use raw crypto replication.

To disable the raw crypto property for a new replication action, select check box Disable rawcrypto mode in the BUI or set rawcrypto to off in CLI node shares project action-number.