Distributed databases are a significant feature of many modern network applications, including DNS resolution, user validation, financial support, and myriad business activities. One issue common to distributed database applications is the need for data integrity among the various copies of the database, particularly in light of updates, and the like, that cause changes to the data. This issue often involves a balance of many factors, including the nature and volume of the data, the number and function of copies of the database, and rates of change and access to the data.
One example of replicating data in a distributed database involves a master and slave relationship between a primary (master) server and one or more secondary (slave) servers. In these types of configurations, a simple one-way replication may be achieved by distributing changes from the primary server to the secondary server(s). However, these systems are of limited use in many modern services that benefit from capabilities that are not possible using a standard master-slave relationship and updating scheme. For example, in certain services a write ability at more than one primary server may be desirable to improve efficiency of the overall system.
Certain applications, such as distributed authentication networks, may require data replication among multiple provider sites, and also between the service provider and an issuer who hosts a local service node. Existing database replication software products pose a requirement to use VPN between a source and a target site in order to properly communicate across the internet. These products are best suited for replication among sites controlled by the same entity, but can present problems for data replication across two sites managed by two different authorities. For example, there are risks in VPN channels being misused that weigh against one entity opening themselves to other unrelated entities by VPN. There are also tasks with security policy control, support, and maintenance that are more challenging when using VPNs. Different administrative jurisdiction, policies and requirements among different sites also make the use of VPNs problematic.
Additionally, many applications have particular concerns with respect to integrity, performance, and recovery of data in the database. For example, in systems that are relied on to provide critical support services for the internet, concerns such as the reliable availability of the service, the ability to improve access through geographic distribution of operational components, and data backup and recovery are all critical. Known methods for replication fail to address all of these factors in an efficient way, that also allows for acceptable secure exchanges across enterprise boundaries. Finally, known methods are limited in their ability to detect certain types of attacks, such as replay attacks, in a timely and reliable manner in a distributed network.