The Replication Server directory service—such as the interfaces file, the Windows Registry, or an LDAP server—defines the server address and port numbers, and determines security protocols that are enforced for client connections. Replication Server implements the SSL protocol as a filter that is appended to master and query lines in the directory service.
All attempts to connect to a master or query entry in a directory service with an SSL filter must support the SSL protocol. For example, suppose a primary Replication Server (SYBSRV1) and a replicate Replication Server (SYBSRV2) use the Transmission Control Protocol (TCP) and the SSL protocol for communication.
Entries in the interfaces file might look like this:
SYBSRV1 query tcp sun-ether sybasehost1 5001 ssl master tcp sun-ether sybasehost1 5001 ssl
SYBSRV2 query tcp sun-ether sybasehost2 4001 ssl master tcp sun-ether sybasehost2 4001 ssl
You can also configure Replication Server to accept SSL connections and, at the same time, have other connections that accept clear text or use security mechanisms such as DCE and Kerberos. To support both SSL and other connection protocols, you must use multiple interfaces files.
For example, a typical interfaces file entry that supports the Transmission Control Protocol (TCP) and both SSL and clear text connections looks like this:
SYBSRV1 query tcp sun-ether sybasehost1 5001 ssl master tcp sun-ether sybasehost1 5001 ssl master tcp sun-ether sybasehost1 5001
The interfaces file master line entries allow SYBSRV1 to listen for both SSL and clear text connections. To make sure that SYBSRV1 sends queries to SYBSRV2 using SSL, there must be a single query entry in the interfaces file for SYBSRV1. To allow SYBSRV1 to send queries to other servers using a different protocol, you must use a separate interfaces file.
