Traditionally CDC data was often sent via TCP/IP as "clear text" since the network between the systems running the Capture / Publisher and Engines were nearly always internal networks. Often those systems were also in the same physical room with dedicated high bandwidth connectivity. Distributed processing on remote systems makes encryption of the CDC payload data even on internal networks desirable if not mandatory. Four options are available to provide that encryption:
- VPN
- SSH Tunnel
- NaCl Payload encryption
- TLS Encryption (Requires implementation of IBM's Application Transparent Transport Layer Security (AT-TLS) and supports z/OS sources and Linux based Apply and Replicator engines only, at this time)
Notes:
- Precisely highly recommends the use of VPN or SSH Tunnel connections between systems both to simplify their administration and because the CPU intensive encryption task can be performed by dedicated network hardware.
- Customers utilizing NaCL encryption for z/OS based Captures/Publishers are encouraged to utilize zIIP processors to reduce the CPU cost associated with software encryption.