SharePlex uses the SSH® Secure ShellTM utility to provide encryption for network services such as secure remote login and other services over an insecure network.
To set up SharePlex to use SSH
On the source system, issue the following command from the command prompt. This command connects to the target system to set up the tunnel.
$ ssh -L source_port:target_host:target_port userid@target_host -N -f
where:
Refer to your SSH documentation for more information about these commands.
(If using multiple SharePlex instances) On the source system, export the correct variable-data directory for the instance of sp_cop for which you are setting up SSH.
ksh shell:
export SP_SYS_VARDIR=/full_path_of_variable-data_directory
csh shell:
setenv SP_SYS_VARDIR /full_path_of_variable-data_directory
In sp_ctrl, set the SP_XPT_USE_LOCALHOST parameter in one of the following ways.
sp_ctrl> set param SP_XPT_USE_LOCALHOST 1
sp_ctrl> set param SP_XPT_USE_LOCALHOST to host 1
where: host is the name of the target system that will use the tunnel.
In sp_ctrl, use the list param command with the modified option to verify the parameter setting. If the setting is correct, you can activate a configuration at this point.
sp_ctrl> list param modified
If there is an active configuration, stop and then start sp_cop to make the new parameter setting active.
To stop sp_cop:
sp_ctrl> shutdown /productdir/bin/sp_cop &
To start sp_cop:
$ /productdir/bin/sp_cop &
SharePlex encryption provides the ability to encrypt replicated data across the network. SharePlex uses industry-standard Advanced Encryption Standard (AES) encryption.
The Export process controls whether encryption is performed and the size of the key. It communicates these factors to the Import process.
To configure encryption
On the source system:
On the source and target systems:
On the source system:
Set the Export parameter SP_XPT_ENABLE_AES to 1 on the source system. By default, this parameter is set to 0 (encryption is disabled).
sp_ctrl> set param sp_xpt_enable_aes 1
Restart Export to activate this setting after you finish configuring encryption.
By default the AES key size is 128 bits. To increase the key size to 192 or 256 bits, set the Export parameter SP_XPT_AES_KEY_LENGTH to the desired length on the source system. The parameter takes effect the next time that Export starts.
sp_ctrl> set param sp_xpt_aes_key_length {128 | 192 | 256}
Run the following command in sp_ctrl on the source system:
sp_ctrl> create encryption key
The command returns a randomly generated AES key, for example: E5F5D4CBA329D2C86B5D7ABA096C18600595490129F55A1422AAB0248B28D0E4.
Note: This command only generates the key. You must set the key on all systems. For more information, see Set the key on the source and target.
The encryption key must be set on the source system plus all of the target systems.
To set a key
Run the following command in sp_ctrl on the source and target systems.
sp_ctrl> set encryption key key
| Component | Description |
|---|---|
| key |
The encryption key that was generated by the create encryption key command. The key must be set to the entire value that was generated by create encryption key. It must be 64 bytes long. Without further options, the command affects all routes. Example: sp_ctrl> set encryption key E5F5D4CBA329D2C86B5D7ABA096C18600595490129F55A1422AAB0248B28D0E4 |
The following example creates and sets the encryption key.
On the source:
sp_ctrl> create encryption key
On target 1:
sp_ctrl> set encryption key E5F5D4CBA329D2C86B5D7ABA096C18600595490129F55A1422AAB0248B28D0E4
On target 2:
sp_ctrl>set encryption key E5F5D4CBA329D2C86B5D7ABA096C18600595490129F55A1422AAB0248B28D0E4
To view the encryption key
Use the show encryption key command to view the key that is being used by SharePlex.
sp_ctrl> show encryption key
To reset the encryption key
Use the reset encryption key command to remove the encryption key.
sp_ctrl> reset encryption key
The SharePlex security groups provide access control to the SharePlex command and control system. Without proper configuration of these groups, anyone with permissions on the system can use the commands that view, configure, and control data replication.
To monitor, control, or change SharePlex replication, a person must be assigned to one of the SharePlex security groups on the systems where he or she will be issuing commands. Each group corresponds to an authorization level, which determines which SharePlex commands a person can issue. To execute a command, a user must have that command’s authorization level or higher.
Use the authlevel command to determine your authorization level for issuing SharePlex commands on a system.
Refer to the following table to determine the group and authorization level that you want to grant each SharePlex user.
| Auth level | User type | User group | User roles |
|---|---|---|---|
| 1 | Administration | spadmin* |
You need at least one user with Administrator rights on each source and target system. Can issue all SharePlex commands. Commands that can only be issued by a SharePlex Administrator are:
The SharePlex Administrator user must be in the Oracle dba group. For Oracle RAC and ASM 11gR2 and above, the user must also be in the Oracle Inventory group. For example: $ useradd –g spadmin –G dba,oinstall. The membership in Oracle Inventory group must be listed explicitly in the etc/group file. On Unix and Linux, unless you install SharePlex as a root user, the SharePlex Administrator user and the SharePlex admin group must exist prior to installation. |
| 2 | Operator | spopr | Can issue all SharePlex commands except those listed above. |
| 3 | Viewer | spview | Can view lists, status screens, and logs to monitor replication only. |
Note: The default name for the SharePlex administrator group is spadmin, but you can designate any group or specify any name for that group during installation.
© 2023 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy
