Skip to main content

​
Overview

XDR security spans three domains: encryption of data in transit across the replication link, access control over who can initiate potentially destructive failover operations, and credential isolation between sites using token-based authentication.
Prerequisites
  • Administrator credentials with the dr-admin role
  • TLS certificates provisioned for site-to-site communication
  • Identity and access management configured in XDeploy

​
Replication Encryption

All replication traffic between primary and DR sites is encrypted in transit.
Configure encryption in Disaster Recovery β†’ Sites β†’ Replication Links β†’ [Link] β†’ Security:
SettingRecommended Value
ProtocolTLS 1.3 minimum (TLS 1.2 allowed for legacy compatibility)
Certificate sourceManaged by XDeploy (auto-renewed 30 days before expiry)
AuthenticationMutual TLS β€” both sites authenticate each other
Cipher suitesXDeploy defaults (AES-256-GCM, ChaCha20-Poly1305)
Verify the current TLS configuration from Disaster Recovery β†’ Sites β†’ Replication Links β†’ [Link] β†’ Security.
XDeploy manages site certificates automatically. Certificates are:
  • Issued per-site at registration time
  • Automatically renewed 30 days before expiry
  • Rotated without interrupting active replication
To manually trigger certificate renewal, navigate to Disaster Recovery β†’ Sites β†’ [Site] β†’ Certificates and click Renew Certificate.Monitor certificate expiry in XIMP by creating an alert rule:
SettingValue
Conditionxdr_cert_days_to_expiry < 30
SeverityWarning
Channelops-alerts
Replicated data at rest on the DR site is encrypted using the same storage encryption policy as the primary site. Configure encryption at rest in XSDS at the pool or volume level β€” XDR inherits the encryption status of the source volumes.See XSDS Admin β€” Security for storage encryption configuration.

​
RBAC Access Control

XDR operations are governed by Xloud identity roles. Failover and failback are potentially disruptive operations β€” restrict them to trained personnel.
RolePermissions
dr-viewerView plan status, replication lag, test reports, and site health
dr-operatorCreate and manage protection plans; run DR tests; initiate failover and failback
dr-adminFull access including site registration, replication link configuration, and compliance report export

​
Assigning DR Roles

Navigate to Identity β†’ Projects β†’ [Project] β†’ Members and assign the appropriate DR role to each user. DR roles apply at the project level β€” a user must have a DR role in both the primary and DR site projects to operate across sites.
Grant dr-operator access only to personnel trained in XDR failover procedures. An untrained operator initiating an unnecessary failover can cause extended service disruption and require a full failback cycle to restore normal operations.

​
Site Token Management

XDR agents authenticate between sites using site-specific tokens, not user credentials. This isolates site-to-site authentication from user identity management.

​
Token Lifecycle

EventAction Required
Initial deploymentToken generated by XDeploy during site registration
Scheduled rotationRotate via the Dashboard on schedule (recommended: quarterly)
Suspected compromiseRotate immediately; review access logs
Token expiry90-day expiry by default; configurable at registration
Manage tokens from Disaster Recovery β†’ Sites β†’ [Site] β†’ Token Management:
  • View token status: Displays token expiry date and current validity for all registered sites
  • Rotate token: Click Rotate Token to generate a new authentication token
  • Update peer: After rotation, navigate to the peer site configuration and enter the new token
Token rotation does not interrupt active replication. The old token remains valid for 15 minutes after rotation to allow the update to propagate before the old token is invalidated.

​
Audit Logging

XDR records all administrative actions and failover events in an immutable audit log.
Event CategoryLogged Information
Site registration / deregistrationAdmin user, timestamp, site details
Plan creation / modificationAdmin user, timestamp, changed fields
Failover initiatedOperator user, timestamp, trigger type (manual/automatic), recovery point
Failback initiatedOperator user, timestamp
DR test started / completedOperator user, timestamp, outcome
Token rotationAdmin user, timestamp, affected site
Navigate to Disaster Recovery β†’ Reports β†’ Audit Log to view and export the audit trail:
  • Filter by event type (failover, failback, test, site registration, token rotation)
  • Set date range for the reporting period
  • Export as PDF or CSV for compliance submissions

​
Network Security

RequirementImplementation
Dedicated replication VLANSeparate replication traffic from production networks
Firewall rulesOpen only required ports (TCP 7000–7002) between site CIDRs
No internet exposureReplication endpoints should not be reachable from the public internet
VPN / MPLSUse a dedicated circuit rather than the public internet for the replication link
Run a connectivity audit from Disaster Recovery β†’ Sites β†’ [Site] β†’ Test Connectivity to verify that only the required replication ports are accessible between sites.

​
Next Steps

Replication Configuration

Configure replication link encryption and bandwidth settings

Compliance

Export audit logs for compliance reporting

XSDS Admin β€” Security

Configure storage encryption that XDR inherits

Identity & Access Admin Guide

Manage Xloud RBAC roles and identity federation