This section defines the two primary components used to manage secure communications between the other product components.
While Connect CDC SQData operates under standard operating system and database level security, communication, particularly between platforms in a heterogeneous environment requires a secure communications architecture to ensure that only trusted connections are used for communication. The Communications Architecture is composed of several elements that provide for authentication of connection requests and optionally encryption of data transferred between systems over TCP/IP networks:
A Public / Private key cryptographic system requiring two separate keys, authenticates the identity of both operational users and the system accounts under which Captures, Publishers, subscribing Apply and Replicator Engines and utility processes execute. The two parts of the key pair are mathematically linked. One key is used to lock or encrypt a plain text request, and the other unlocks or decrypts the cypher text. Neither key can perform both functions. One of these keys is published or public and the other secret key is kept private.
Controller Daemons authenticate communication between all components whether they are running on the same or different platforms as illustrated below.
Encryption of Change Data Capture payloads between systems is optional. It can be accomplished using several techniques including software based encryption using the same routines used for authentication.
The following sections describe the architecture and methods used by Connect CDC SQData to maintain secure cross platform communication between Capture and Engine components:
- Secure Communications Components - describes the individual components and their role in the process
- Encryption of Change Data Payload - describe options for ensuring that the content of captured data cannot be compromised
- Authentication process - describes the process flow from initiation of Capture through the final movement of data to the Target datastore be it a database or messaging system.