Overview
The Server is the engine and the Client is the Remote Host. The protocol can be used for SnapSync, Oracle V2P (Virtual to Physical), and remote host connections. Once either of these options is enabled, the steps for setting up the remote keystore/truststore must be done for any future environments added to the engine.
Enabling Server Authentication
To enable Server Authentication, do the following:
Replace the desired certificate for DSP (Delphix Session Protocol) in the engine KeyStore. For more details, refer to KeyStore Settings.
Create a JKS or PKCS#12 keystore on the remote host with the full CA chain of the replaced certificate. Make sure the created keystore has permissions such that it is readable by all environment users, then enter the keystore details into the host’s truststore configuration on the engine. For more details, refer to Host DSP Configuration.
Select the option Perform Server (this engine) authorization for remote connections.
Enabling Client Authentication
To enable Client Authentication, enable Server Authentication (refer to above steps), then do the following:
Create a JKS or PKCS#12 keystore on the remote host with the desired key pair. Make sure the created keystore has permissions such that it is readable by all environment users, then enter the keystore details into the host’s keystore configuration on the engine. For more details, refer to Host DSP Configuration.
Add the full CA chain of the remote host’s key pair to the TrustStore on the engine. For more details, refer to TrustStore Settings.
Select the option Perform Client (the target host) authorization for remote connections.
Once the configurations have been set as desired, you will be presented with a summary page. Clicking Submit will trigger a stack restart as that is necessary for the configuration changes to take effect. Note: all jobs will be stopped, but VDBs will continue to run.