17.9 Using Secure Remote Connections

If the primary storage area or secondary storage area is connected across remote connections, the connection must be secure. For example, use a virtual private network (VPN) or a private WAN connection.

IMPORTANT:iSCSI is the only protocol supported for remote server-to-server connections.

Ensure that authentication, encryption, and data integrity are secure when accessing and transferring data across the network. For example, if sensitive data is written to the primary volume, that data might be written to the secondary volume, depending on shadow policies in place. If there is an anonymous NFS mount for the shadow volume, the data is transferred in the clear over the network, where it might be prone to attacks or capture. In this case, you want to ensure that only authenticated users are able to access the NFS mount and that the connection between the servers is secure.