Encrypting Data In Transit
VPN is recommended for cross-region replications, but is not mandatory. Replications can be configured with data-in-transit encryption leveraging SQL Server level TLS/SSL encryption. For connections to SQL Server 2016 and above, TLS 1.2 is activated. For connections to SQL Server 2014 and below, TLS 1.1/1.0 or SSL is activated depending on the SQL Server version and applied updates. For more information see https://support.microsoft.com/en-us/help/3135244/tls-1-2-support-for-microsoft-sql-server
In CloudBasic 10.0 and above all connections are encrypted by default. In CloudBasic versions 9.11 and below, during configuration of a replication, go to Quick Setup, in the [Advanced Tab] select "Encrypt Data In Transit" for either the source, target or both connections.
For increased security, you may select to encrypt data in transit even if the CloudBasic instance, source and target SQL Servers are deployed within same VPC. Data in transit encryption introduces a negligible computational overhead.
If a replication was initially configured without activating encryption, then to activate data in transit encryption, go to Advanced/Connection Strings, locate the respective source and/or target link, add "Encrypt=True;TrustServerCertificate=True".