Your browser does not allow storing cookies. We recommend enabling them.


Securing Database Replication

Database replication is a frequently used operation, and often sensitive information is transmitted between the database server and its clients. The connections between database servers and their clients can be secured with the tunneling feature of Tectia. Tunneling means that data is transmitted in encrypted format and so secured from eavesdroppers.

In this example environment, we have Tectia Server for IBM z/OS running on the database client host, and Tectia Server has been installed on the database server. In addition, non-interactive authentication has been set up and enabled to perform the replication by scripts without user attendance.

Tunneling database replication connections

Figure 5.5. Tunneling database replication connections

The whole procedure of database replication through secure tunnels can be activated on the command line or with JCL scripts. For the purposes of database replication, you will need a script that establishes the tunnels, performs the replication and then closes the tunnels and the Secure Shell connection.

The tunnels can be local or remote. For local tunnels, the client application is configured to connect to a localhost port (2222 in this example) instead of the application server port. The script orders the client tools of Tectia Server for IBM z/OS to listen to local port 2222 and to tunnel its connections to the database server.

For the remote tunnels, you need to allocate a listener port (8880 in this example) on the remote server. Whenever a connection is made to this listener, the Tectia Server for IBM z/OS tunnels the connection over Secure Shell to the local client host and another connection is made from the client to a specified destination host and port.

The actual replication is then performed by the command script, and the data is transmitted securely in encrypted format.




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now