Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia

Securing Database Replication

Database replication is a frequently used operation, and often sensitive information is transmitted between the database server and its clients. The connections between database servers and their clients can be secured with the tunneling feature of SSH Tectia. Tunneling means that data is transmitted in encrypted format and so secured from eavesdroppers.

In this example environment, we have SSH Tectia Server for IBM z/OS running on the database client host, and SSH Tectia Server has been installed on the database server. In addition, non-interactive authentication has been set up and enabled to perform the replication by scripts without user attendance.

Tunneling database replication connections

Figure 5.4. Tunneling database replication connections

The whole procedure of database replication through secure tunnels can be activated on the command line or with JCL scripts. For the purposes of database replication, you will need a script that establishes the tunnels, performs the replication and then closes the tunnels and the Secure Shell connection.

The tunnels can be local or remote. For local tunnels, the client application is configured to connect to a localhost port (2222 in this example) instead of the application server port. The script orders the client tools of SSH Tectia Server for IBM z/OS to listen to local port 2222 and to tunnel its connections to the database server.

For the remote tunnels, you need to allocate a listener port (8880 in this example) on the remote server. Whenever a connection is made to this listener, the SSH Tectia Server for IBM z/OS tunnels the connection over Secure Shell to the local client host and another connection is made from the client to a specified destination host and port.

The actual replication is then performed by the command script, and the data is transmitted securely in encrypted format.


 

 
Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more