Encrypting Data In Transit
VPN is recommended for cross-region replications, but is not mandatory. Replications can be configured with data-in-transit encryption leveraging SQL Server level SSL encryption. During configuration of a replication, go to Quick Setup, in the [Advanced Tab] select "Encrypt Data In Transit" for either the source, target or both connections.
For increased security, you may select to encrypt data in transit even if the CloudBasic instance, source and target SQL Servers are deployed within same VPC. Data in transit encryption introduces a negligible computational overhead.
If a replication was initially configured without activating encryption, then to activate data in transit encryption, go to Advanced/Connection Strings, locate the respective source and/or target link, add "Encrypt=True;TrustServerCertificate=True".