Encrypting Multi-AZ HA Cluster Communication
CloudBasic RDS AlwaysOn/Geo-Replicate for SQL Server HA/DR version 8.0 and above features encrypted communication between Multi-AZ High-Availability Cluster instance members. HTTPS/TLS 1.2 communication is handled over port 4431 (444 in versions 8 and 9; 4431 in version 10 and above).
Product version 10.0 and above
If securing Multi-AZ HA Cluster instances communication (port 4432) suffices (i.e. in test environment), a self-signed certificate can be generated and bound to the respective web server site WS (port 4431) with a click-of-a-button. Go to /Configuration, in the top section "SSL Certificate", click [Create]. Note that the same self-signed certificate cloudbasic.local will be bound to sites UI (port 443; browser console access) and API (port 4432; REST API) as well.
To install and bind a CA issued production certificate, RDP (remote desktop) to the CloudBasic Windows server, install the certificate into the Certificate Storage (default storage is [Personal]). Then go to /Configuration and click [Bind]. Note that the same certificate will be bound to sites UI (port 443; browser console access) and API (port 4432; REST API) as well.
Under /Advnaced/Multi-AZ HA Cluster, select port 4431 (https) to activate cluster instance members communication over https TLS 1.2:
Product version 8.0 - 9.nn
In order to configure encrypted communication between HA Cluster members, install a self-signed or signed by a CA certificate on both cluster member instances (see below for instructions) and select the "(444/4431, https ..)" option:
To install a certificate, RDP to the server, install your certificate into the trusted certificate storage, open the IIS manager, select RDS365_WS, then select binding, add https on port 444, select your certificate.
This is one example of how you can create a self-signed certificate using a PowerShell script:
RDP to the CloudBasic server, then execute below PowerShell command. A self-signed certificate will be created with default parameters, placed in certificate storage, and available for selection under IIS/RDS365_WS=>Binding
PS> New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname cloudbasic.internal
For more information, visit: