Replicator Data Folders
When configuring Replicator during the initial setup, a file share is created to store inbound and outbound replication packages. The permissions on both the share and the physical folder location should be modified to limit access to the SharePoint access account and authorized administrators. This can be further secured by removing the SharePoint access account and using a separate storage access account. This account is identified at the Configure Web Application level, under Replicator Data Folders.
In the diagram at the beginning of this document, this security setting is applied on both the source and target web applications, securing the creation of replication packages on both ends. Furthermore, the data folders are commonly located on a network drive, like a SAN.
Connections
Replication functionality requires that each web application in a pair needs to have a connection created to the other one. Without a connection going each way there is no data access. This is clearly demonstrated in the above diagram, where we have two web applications connected with two connections, one in each direction, allowing for the transfer and reception of packages from both sides. Replicator also offers users the ability to secure their connections through the use of a passphrase, set up at the Web Application Configuration level, and applied for security settings at the Connection Configuration level.
The exception to this rule is when your connections are set up in firewalled mode. Since the server outside the firewall cannot connect to the server inside the firewall, Replicator only requires a single connection. In these cases, you must set a passphrase on the web application outside the firewall and specify it when creating the connection on the web application inside the firewall. This passphrase confirms that the farm administrator creating the connection is authorized by a farm administrator on the other farm.
1.Set a passphrase at the web application level, under Advanced Settings.
2.Apply the passphrase when creating a firewalled connection, under Target Web Application.
3.Finally, when setting up Replicator, the account specified on the connection configuration page is the only account with permission to download packages from the target web application. This ensures that packages are only downloaded by the allotted account and cannot be downloaded by others.
Offline Replication
When setting up a connection to Transport in offline mode, replicator restricts replication to a specific target using an ID field. This ensures that once replication is brought back online, only the specified target will be able to receive packages during the import procedure.
Packages
As changes are made in SharePoint, Replicator captures these as events and extracts the changes into Replication Packages. These packages are stored on disk as zip files that contain proprietary wrappers that further protect the SharePoint changes from being read.
Farm administrators can specify passwords that will be used to encrypt these packages, ensuring another layer of security. The encrypted zip files are stored in the Replicator Data Folders, transferred to target servers, and then decrypted and applied on the target web applications.