Solved: NSO CDB replication secure?

khgrant · ‎08-11-2015

Hi,

We are currently implementing NCS HA between two DCs and we are seeing that by default the CDB replication traffic is not encrypted. Do we already have a secure solution for NCS HA suitable for cross site?

Many thanks,
Rich

khgrant · ‎08-11-2015

Richard,

We are currently implementing NCS HA between two DCs and we are seeing that by default the CDB replication traffic is not encrypted. Do we already have a secure solution for NCS HA suitable for cross site?

I'd suggest using an SSH tunnel for this traffic. The same is true for any NCS applications that might run off the NCS node.

The NCS management interfaces, where operators, OSS systems, etc above NCS come in are encrypted with SSH or TLS. The device communication is often encrypted using SSH or other schemes, but depending on the device/NED type your mileage may vary.

Best Regards,

/jan

View solution in original post

khgrant · ‎08-11-2015

Richard,

We are currently implementing NCS HA between two DCs and we are seeing that by default the CDB replication traffic is not encrypted. Do we already have a secure solution for NCS HA suitable for cross site?

I'd suggest using an SSH tunnel for this traffic. The same is true for any NCS applications that might run off the NCS node.

The NCS management interfaces, where operators, OSS systems, etc above NCS come in are encrypted with SSH or TLS. The device communication is often encrypted using SSH or other schemes, but depending on the device/NED type your mileage may vary.

Best Regards,

/jan

View solution in original post