You can enable the network encryption of the replication traffic data for new and existing replications to enhance the security of data transfer.

You can enable encryption of replication traffic if your VMware Site Recovery instances are on a VMware Cloud on AWS SDDC version 1.13 or later.

When the network encryption feature is switched on, the agent encrypts the replication data on the source ESXi host and sends it to the vSphere Replication appliance on the target site. The vSphere Replication server decrypts the data and sends it to the target datastore.

Unencrypted traffic goes through port 31031 on the source ESXi hosts and the vSphere Replication appliance on the target site.

Encrypted traffic goes through port 32032 on the source ESXi hosts and the vSphere Replication appliance on the target site.

If you configure a replication of an encrypted VM, the network encryption is automatically turned on and cannot be disabled.

Enabling network encryption has minimal impact on the CPU and memory resource of the host. Enabling network encryption restricts the throughput per host for the replications using encryption. This limit only applies to replications that have encryption enabled, and replications without encryption are not affected.