I am interested in encrypting the replication data in order to protect it in transit. Anyone have ideas for accomplishing this?
Our customers almost all use external [to the array] VPN-encryption, which I'd say is probably the best/easiest way to do this if required. Encrypting packets for replication is a fairly arduous process, and although some platforms offer this I'd rather my storage array handles I/O particularly when there are viable alternatives.
However, once the initial replication is complete (perhaps using a local replica for the bulk transfer of data), is there actually any need to encrypt replicated deltas? Thinking about it, we're replicating compressed, changed blocks only from a custom-designed/implemented filesystem. One for the Nimble engineering team perhaps...
VPN encryption seems to be a common solution for protecting replication traffic.
We are planning to create a VPN tunnel between our primary and secondary Nimble units. I was hoping to hear the approach taken by other Nimble customers.
We use OpenVPN for tunneling: It's fast, free and relatively easy to setup. Currently we are also using dark fiber to a remote location.
You could probably also use VLAN's if your data stays locally ?
We are using an IPsec vpn tunnel between our Palo Alto Firewalls and replicating traffic across it.
Retrieving data ...