Encrypting communications between Replicate and ARC data sources
You can encrypt sessions between Replicate and ARC data sources. When a session is encrypted, all communications between Replicate and the selected ARC data source will be encrypted using AES-256 bit encryption. When capturing changes from a relational data source, the encryption key needs to be defined in two locations: The Qlik Replicate ARC database and the ARC Agent machine. However, when capturing changes from a nonrelational database, the encryption key needs to be defined in four different locations: The Qlik Replicate ARC database, the ARC Agent machine, the ARC Router machine, and the Router Authenticator.
To encrypt communications between Replicate and ARC data sources:
-
On the Agent machine, create an encryption key as follows:
- Open Attunity Studio in Design view.
- In the Configuration tab, expand the machine on which your ARC Solution’s Agent is installed.
-
Expand the Users folder and select NAV.
The User: NAV tab opens.
-
To the right of the Encryption Keys list (in the lower half of the screen), click the Add button.
The Encryption Key dialog opens.
- Enter an encryption key name and value and then click OK.
Information noteSteps 2-4 apply to non-relational ARC data sources only (e.g. VSAM). If you are working with a relational ARC data source, continue to Step 5.
-
On the Router machine, create an encryption key which has the same values as the encryption key that you created on the Agent machine. The procedure is the same as described in Step 1, but instead of expanding the machine on which your ARC Solution’s Agent is installed, expand the machine on which your ARC Solution’s Router is installed.
-
On the Router machine, define the Agent as an authenticator according to the following steps:
- In the Configuration tab, expand the machine on which the Router is installed. Then, right-click your solution’s Router binding (e.g vsam_router) and select Open.
-
In the Machines tab, click the Security button.
The NAV tab opens.
-
To the right of the Authenticators list, click the Add button.
The Add Authenticator dialog box opens.
- From the Resource type, drop-down list, select Adapter.
- In the Resource name field, specify the name of your solution’s Agent as it appears under the Adapters folder (e.g VSAM_ag).
- At the bottom of the dialog box, select the Encryption key check box and then specify the encryption key name and value in the designated fields. These values must be the same as the encryption key values defined in Step 1.
-
In the Router’s Properties tab, expand the comm property and set the defaultEncryptionMethod property to AES.
Information noteIf the Properties tab is not displayed, open the Preferences dialog box (by selecting Preferences from the Windows menu), navigate to Studio and then select the Show advanced environment parameters option in the Advanced tab.
-
In the Advanced tab of the Replicate ARC database, specify the encryption key name and value. These values must be the same as the encryption key values defined in Step 1.
For more information on the Advanced tab, see Using ARC CDC agents as endpoints.
See also: Using ARC CDC agents as endpoints.