Concept
Replication Transport And Routing
How DR replication data moves between sites: the hub-routed path via SHA, the direct site-to-site path, and how routes are chosen.
Roles On The Replication Data Path
Four roles participate in every controller-backed replication sync. SHA is the control plane: it schedules the sync, selects healthy appliances at each site, chooses the data route, and tracks progress and errors. The source SNA reads protected workload data at the protected site. The target SNA is the replication ingress at the recovery site. The Sendense Controller is the per-VM destination appliance that holds the replica disks.
The final hop is the same on every route: the target SNA hands the replication stream to the Sendense Controller inside the recovery site. Controller traffic stays within the recovery site network.
DR replication topology
Both replication routes end the same way: the target SNA receives the replication stream and passes it to the Sendense Controller for that VM inside the recovery site.
Route A: Via SHA
Source SNA to SHA to target SNA to Sendense Controller. Replication data travels inside the always-on encrypted appliance connections, so each site only needs its normal outbound connection to SHA.
Route B: Direct P2P
Source SNA directly to target SNA to Sendense Controller. Replication data crosses the site-to-site network after a live reachability probe. In Automatic mode, a failed probe falls back to Route A.
The Two Data Routes
Route Policy
The route is controlled per replication pattern with the replication route policy, and it is evaluated for each sync.
Choosing A Route Policy
- Use Automatic unless there is a specific reason not to. It prefers the direct path when it is reachable and falls back safely to the hub route.
- Use Via SHA when there is no network path between the sites, when firewall policy only allows outbound connections to SHA, or when replication data must stay inside the Sendense encrypted appliance connections end to end.
- Use Direct P2P when the sites are connected by a private, high-bandwidth link, replication traffic should stay off the SHA data path, and a hard failure is preferred over silent rerouting.
Connectivity Requirements
- Every SNA maintains a single always-on outbound encrypted connection to SHA, using one outbound TCP port (443 by default). This carries control, health, backup, and hub-routed replication traffic.
- The hub route needs no inbound connections at either site and no site-to-site network.
- The direct route additionally requires that the source SNA can reach the target SNA across the site-to-site network on the replication ports Sendense assigns to that appliance. Reachability is verified with a live probe.
- Replication traffic between the target SNA and Sendense Controllers stays inside the recovery site on the replication network selected in the pattern.
Transport security
The hub route carries replication data inside the encrypted appliance connections end to end. The direct route inherits the security characteristics of the site-to-site network it crosses, so use it over private or trusted links. Control and orchestration traffic always flows through SHA on either route.
What SHA Does For Every Sync
SHA orchestrates every sync regardless of which data route is used.
- Resolves a healthy SNA at the source site and at the recovery site. Sites can run multiple SNAs; SHA balances work across the healthy ones and skips appliances that are unhealthy, stale, or in maintenance mode.
- Applies the pattern's replication route policy and, where relevant, the reachability probe result to select the route.
- Prepares the target-side ingress on the target SNA and confirms the Sendense Controller for the VM is ready to receive data.
- Starts and monitors the sync, records sync and checkpoint recovery state, and reports progress, RPO status, and errors through the GUI and API.
Scope Of The Routing Choice
- The route policy controls how replication data travels during sync. Failover behavior is defined by the failover operation, not the route.
- The direct route is not a separate feature to license or install. It is a per-pattern routing choice.
- The hub route relays the replication stream through SHA; SHA does not keep a copy.
- Operators set the policy on the pattern; Sendense applies it to each sync. There is no manual per-sync route selection.
Related Docs