Can I disable the use of encrypted RPC by DFSR?

We have been asked by a couple of customers whether it is possible to turn off the use of encrypted RPC by the DFS Replication service. Some of these customers were evaluating WAN acceleration solutions which do not work well with encrypted RPC traffic. Let us try to understand why the DFS Replication service uses encrypted RPC and whether there is any benefit to turning it off from a WAN traffic acceleration perspective.

 

The DFS Replication service uses Remote Procedure Calls (RPC) over TCP to replicate data. Since the service has been designed to use the Remote Differential Compression (RDC) algorithm and since it uses XPRESS compression to compress data prior to transmission, it transfers only a compressed diff over the wire. This means that only the changed blocks between files are compressed and transferred over the network, instead of the entire file being transferred.

 

In other words, the replication protocol itself has been designed to be WAN friendly and to work in high latency scenarios while keeping bandwidth consumption to a strict minimum. Hence, there are no tangible benefits of deploying a WAN acceleration solution in conjunction with the DFS Replication service. Also, in the interest of securing data transfers over the wire, the DFS Replication service has been designed to always use RPC_C_AUTHN_LEVEL_PKT_PRIVACY, thus ensuring that RPC communication over the wire is always encrypted.

 

To summarize, it is not possible to disable the use of encrypted RPC by the DFS Replication service. The DFS Replication service is designed to be efficient over the WAN as a result of the use of RDC in conjunction with XPRESS compression.

 

——-

Mahesh Unnikrishnan