Securing Database Replication

Database replication is a frequently used operation, and often sensitive information is transmitted between the database server and its clients. The connections between database servers and their clients can be secured with the tunneling feature of Tectia. Tunneling means that data is transmitted in encrypted format and so secured from eavesdroppers.

In this example environment, we have Tectia Server for IBM z/OS running on the database client host, and Tectia Server has been installed on the database server. In addition, non-interactive authentication has been set up and enabled to perform the replication by scripts without user attendance.

Tunneling database replication connections

Figure 5.5. Tunneling database replication connections

The whole procedure of database replication through secure tunnels can be activated on the command line or with JCL scripts. For the purposes of database replication, you will need a script that establishes the tunnels, performs the replication and then closes the tunnels and the Secure Shell connection.

The tunnels can be local or remote. For local tunnels, the client application is configured to connect to a localhost port (2222 in this example) instead of the application server port. The script orders the client tools of Tectia Server for IBM z/OS to listen to local port 2222 and to tunnel its connections to the database server.

For the remote tunnels, you need to allocate a listener port (8880 in this example) on the remote server. Whenever a connection is made to this listener, the Tectia Server for IBM z/OS tunnels the connection over Secure Shell to the local client host and another connection is made from the client to a specified destination host and port.

The actual replication is then performed by the command script, and the data is transmitted securely in encrypted format.