Active-Passive replicated databases (also known as Replica Of) give applications read-only access to replicas of the data that are hosted in different geographical locations.

The source database can be located in the same Redis Enterprise Software (RS) cluster, in a different cluster, or in an OSS Redis database. Your applications can connect to the source database to read and write data, or to the source or destination databases to read data.

Replica Of can replicate:

  • One-to-many - Configure multiple destinations as Replica Of one source database.
  • Many-to-one - Configure one destination as Replica Of multiple source databases.
Note -
When you add, remove, or edit Replica Of sources, the data is re-replicated from all source databases.

Configuring Replica Of

To configure a destination database as a Replica Of:

  1. Open the database settings:

    1. For a new database, create the database with its settings.
    2. For an existing database:
      1. Go to databases.
      2. Click on the database and go to configuration.
      3. Click Edit.
  2. Select Replica Of to show the icon_add icon.

  3. Click icon_add to show the box for the source database endpoint.

  4. Enter the URL of the source database endpoint:

    Note -
    The order of the Replica Of sources has no impact on replication.
    • For a source database in the same RS cluster - When you click on the box, the available databases are shown in the correct format for the URL of the source endpoint:

      redis://admin:<database_password>@<database_endpoint>:<database_port>
      

      You can select the database that you want to use as the source.

    • For a source database in a different RS cluster:

      1. Log in to the Web UI of the cluster that hosts the source database.

      2. In databases, click on the database and go to configuration.

      3. Under Endpoint, click on Get Replica Of source URL.

        Replica Of source URL

      4. Click Copy to Clipboard to copy the URL of the source endpoint.

        If you want a different internal password, you can click Regenerate Password.

        Warning -
        If you regenerate the password, replication to existing destinations fails until you update their configuration with the new password.
      5. In the destination database, paste the URL of the source endpoint in the Replica Of box, and click Save.

      Note -
      For a source database on a different RS cluster, you can compress the replication data to save bandwidth.
    • For a source database in an OSS Redis cluster - Enter the URL of the source endpoint in the format:

      • If the database has a password -

        redis://:<redis_password>@<hostname>:<database_port>
        

        Where the password is the Redis password represented with URL encoding escape characters.

      • If the database has no password -

        redis://<hostname>:<database_port>
        
Note -
If you used the mDNS protocol for the cluster name (FQDN), make sure that the client mDNS prerequisites are met.

Configuring TLS for Replica Of traffic on the destination database

When you enable TLS for Replica Of, the Replica Of synchronization traffic uses TLS certificates to authenticate the communication between the source and destination clusters. To encrypt the Replica Of synchronization traffic, you must also configure encryption for the source database.

To enable TLS for Replica Of in the destination database:

  1. Hover over the URL of the source endpoint and click Unencrypted:

    Encrypt Replica-of

  2. From the Web UI of the cluster that hosts the source database, go to settings > general and copy the proxy certificate.

  3. Paste it as the Source Cluster Certificate for the destination database:

    Replica-of Destination - Certificate

  4. Click Continue, save the Replica Of endpoint, and click Update to save the changes.

Configuring encryption of Replica Of traffic on the source database

To encrypt Replica Of synchronization traffic, you must also configure encryption for the destination database.

Configuring encryption for only Replica Of communication on the source database

To enable TLS for Replica Of communication only on the source database:

  1. In databases, either:

    • Click icon_add to create a new database.
    • Click on the database that you want to configure and at the bottom of the page click edit.
  2. Enable TLS.

    database-tls-config

  3. Select the communication that you want to secure:

    • For a new database - Require TLS for Replica Of communications only is selected by default.
    • For an existing database that is configured to Require TLS for all communications - Select Require TLS for Replica Of communications only.

    By default, client authentication is enforced so you must enter the syncer certificates of the clusters that host the destination databases.

  4. To enter the syncer certificates:

    1. Copy the syncer certificates for each cluster with a destination database:

      1. Login to the cluster.
      2. Go to Settings.
      3. In the syncer certificates box, copy the entire text of the certificate.
    2. Click icon_add to open the certificate box.

      database-tls-replica-certs

    3. Paste the text of the certificates in the box.

    4. Click icon_save to save the certificates.

    You can also clear Enforce client authentication so that all clusters or clients can connect to your database without authentication.

    To encrypt Replica Of synchronization traffic, you must also configure encryption for the destination database.

Configuring encryption for all communication on the source database

To enable TLS for Replica Of and client communication on the source database:

  1. In databases, either:

    • Click icon_add to create a new database.
    • Click on the database that you want to configure and at the bottom of the database page click edit.
  2. Enable TLS and select Require TLS for all communications.

    database-tls-all

    By default, client authentication is enforced so you must enter the syncer certificates of the clusters that host the destination databases. The certificates of the clients that connect to the database.

  3. To enter the syncer and client certificates:

    1. Copy the entire text of the syncer and client certificates.

      For each cluster with a destination database:

      1. Login to the cluster.
      2. Go to Settings.
      3. In the syncer certificates box, copy the entire text of the certificate.
    2. Click icon_add to open the certificate box.

      database-tls-replica-certs

    3. Paste the text of the certificates in the box.

    4. Click icon_save to save the certificates.

    You can also clear Enforce client authentication so that all clusters or clients can connect to your database without authentication.