user13407224 wrote:Hi Robert,
We have a product which has long use Berkeley DB JE for its storage layer. We are now experimenting with JE HA, with nodes in a replication group connecting over the public internet.
Note that for us, writes are rare, and we believe write performance is unlikely to be a bottleneck.
One particular issue is controlling access to the ports used for replication. Is there any sensible way to add authentication to the replication protocol? Or do we just need to configure firewalls to restrict access only to the other nodes by their IP addresses? (That would be somewhat unfortunate as we hope to make the replication group easily extensible.) What do other groups using JE HA over the public internet do?