SharePlex provides host authorization security that verifies whether or not SharePlex processes on specific remote systems are authorized to connect to the local system for service and command requests. To implement host authorization, you create an ASCII text file named auth_hosts in the data sub-directory of the SharePlex variable-data directory and then populate it with the names of systems being granted connection permission.
To configure the auth_hosts file
Note: Begin comment lines with a pound character (#).
On the next non-commented line, enter one of the following:
Value | Description |
---|---|
all | Grants connection authorization to processes on all remote systems. |
hostname | Grants connection authorization to the specified host. Enter the fully qualified machine name, for example remotehost.mycorp.com. Specify as many host names as needed, each on its own line. |
Note the name of the local host is on the first non-commented line.
#Comment: first line is local host name. Localhost.mycorp.com #Comment: remaining lines are remote hosts. remotehost.mycorp.com remotehost2.mycorp.com remotehost3.mycorp.com |
SharePlex uses the SSH® Secure ShellTM utility to provide encryption for network services such as secure remote login and other services over an insecure network.
To set up SharePlex to use SSH
On the source system, issue the following command from the command prompt. This command connects to the target system to set up the tunnel.
$ ssh -L source_port:target_host:target_port userid@target_host -N -f
where:
Refer to your SSH documentation for more information about these commands.
(If using multiple SharePlex instances) On the source system, export the correct variable-data directory for the instance of sp_cop for which you are setting up SSH.
ksh shell:
export SP_SYS_VARDIR=/full_path_of_variable-data_directory
csh shell:
setenv SP_SYS_VARDIR=/full_path_of_variable-data_directory
In sp_ctrl, set the SP_XPT_USE_LOCALHOST parameter in one of the following ways.
sp_ctrl> set param SP_XPT_USE_LOCALHOST 1
sp_ctrl> set param SP_XPT_USE_LOCALHOST to host 1
where: host is the name of the target system that will use the tunnel.
In sp_ctrl, use the list param command with the modified option to verify the parameter setting. If the setting is correct, you can activate a configuration at this point.
sp_ctrl> list param modified
If there is an active configuration, stop and then start sp_cop to make the new parameter setting active.
To stop sp_cop:
sp_ctrl> shutdown /productdir/bin/sp_cop &
To start sp_cop:
$ /productdir/bin/sp_cop &
If you do not want to use SSL/TLS but still want to encrypt data between Export and Import, you might do so using this feature.
SharePlex can be configured to encrypt replicated data across the network. SharePlex uses Advanced Encryption Standard (AES) encryption.
Encryption must be enabled on the source and target systems. You enable encryption and set the size of the key through the Export process. You configure the Import process to ensure that encryption is enabled on the source, so that no data is sent across the network unless it is encrypted.
When configuring encryption, follow these guidelines:
On the source system
Set the Export parameter SP_XPT_ENABLE_AES to 1. This enables encryption.
sp_ctrl> set param sp_xpt_enable_aes 1
Run the create encryption key command to create the key.
sp_ctrl> create encryption key
The following is an example key:
E5F5D4CBA329D2C86B5D7ABA096C18600595490129F55A1422AAB0248B28D0E4
(Optional) Set the SP_XPT_AES_KEY_LENGTH parameter to increase the key size.
The create encryption key command returns a randomly generated, 256-bit AES key. By default, SharePlex uses 128 bits of that length to encrypt the data.
To increase the key length that SharePlex uses, set the SP_XPT_AES_KEY_LENGTH parameter to 192 or 256 bits. When you increase the length, the key is harder to hack but requires more CPU power.
sp_ctrl> set param sp_xpt_aes_key_length {192 | 256}
Example: set param sp_xpt_aes_key_length 256
Run the set encryption key command. This adds the key to the Export configuration.
sp_ctrl> set encryption key key_value
Example: set encryption key E5F5D4CBA329D2C86B5D7ABA096C18600595490129F55A1422AAB0248B28D0E4
Restart Export to activate the settings.
sp_ctrl> stop export
sp_ctrl> start export
On the target system
Set the SP_IMP_ENABLE_AES parameter to 1. This prevents SharePlex on the target from accepting data that is not encrypted.
Run the set encryption key command with the same key value that you set for Export. The key values on the source and target must match.
sp_ctrl>set encryption key key_value
Example: set encryption key E5F5D4CBA329D2C86B5D7ABA096C18600595490129F55A1422AAB0248B28D0E4
Restart Import to activate the settings.
sp_ctrl> stop import
sp_ctrl> start import
Issue this command on the source and target systems to ensure that both key values match.
sp_ctrl> show encryption key
The SharePlex security groups provide access control to the SharePlex command and control system. Without proper configuration of these groups, anyone with permissions on the system can use the commands that view, configure, and control data replication.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center