Cloning/HA Replication Security

Whether automatic or manual, object replication security is based on the use of the Luna cloning protocol to provide mutual authentication, confidentiality and integrity for each object that is copied from one partition to another.

When partition objects are synchronized, the Luna client is used as a secure conduit to coordinate the duplication of these objects across all partitions. An object created on LunaA partition#1A is duplicated on LunaB Partition#1B using the following process:

The object is created on LunaA.
The duplicated object is then encrypted using a key derived from common Domain material (Red Key) shared by each Luna SA in the HA group.
LunaA transfers the encrypted object to the Luna Client utilizing the encrypted NTL connection between itself and the client (the object is now double encrypted).
The client then securely transfers the object to LunaB.
LunaB decrypts the object and stores it in the partition

The cloning protocol is such that it must be invoked separately for each object to be cloned and the sequence of calls required to implement the protocol must be issued by an authorized client library (residing on a client platform that has been authenticated to each of the Luna SAs involved in the HA group). This ensures that the use of the cloning function calls is controlled and the protocol cannot be misused to permit the unauthorized transfer of objects to or from one of the partitions in the HA group.