Encrypted replication refer to encrypting data that is transmitted between two or more eDirectory 8.8 servers.
Encrypted replication is complimentary to the normal synchronization in eDirectory.
This section includes the following information:
Prior to eDirectory 8.8, data was transmitted through the wire during replication in clear text. There was a need to protect confidential data over the wire by encrypting it, especially if the replicas were separated geographically and connected through the Internet.
This feature can be used in the following scenarios:
If the directory servers are spread across geographical locations through WAN and the Internet and there is a need to encrypt sensitive data on wire.
If you want only some partitions of your tree to be protected, you can selectively indicate the partitions holding the sensitive data to be encrypted for replication.
If you require encrypted replication between specific replicas of a partition that contain sensitive data.
If you feel the network in your setup is hostile, you might want to protect sensitive data during replication.
You can enable encrypted replication using iManager. You can enable encrypted replication at the partition level and replica level.
IMPORTANT:Before enabling encrypted replication, ensure that both source and destination servers have the default certificates. If you have made any changes to the certificates, like renaming them, encrypted replication fails.