7.5. Deployment Security

Tungsten Replicator supports and is by default configured to use SSL, TLS and certificates for both communication and authentication for all components within the system. This security is enabled by default and includes:

  • Authentication between command-line tools (trepctl), and between and background services.

  • SSL/TLS between command-line tools and background services.

  • SSL/TLS between Tungsten Replicator and datasources.

  • File permissions and access by all components.

If you are using a single staging directory to handle your complete installation, tpm will automatically create the necessary certificates for you. If you fit in the below categories, you will need to use manually generated certificates.

  • Installing via INI File

  • Installing heterogeneous replication using independent configurations

  • MSMM, Cluster-Slave replication or anything using multiple Continuent packages

  • Installing from multiple Staging Directories

Installing from a staging host will automatically generate certificates and configuration for a secured installation. No further changes or actions are required.