Compatibility requirements for ZDM Proxy

True zero downtime migration with ZDM Proxy is possible only if your clusters, data model, and application logic meet the compatibility requirements described on this page.

You might need to adjust your data model or application logic to ensure compatibility between the origin and target clusters during the migration, as well as ongoing compatibility with the target cluster after the migration.

If you cannot meet these requirements, particularly the cluster and schema compatibility requirements, see Incompatible clusters and migrations with some downtime for alternatives.

Supported Cassandra Native Protocol versions

ZDM Proxy supports protocol V2, V3, V4, V5, DSE_V1, and DSE_V2. However, your clusters might not support these protocol versions.

When a specific protocol version is requested, ZDM Proxy handles protocol negotiation to ensure the requested version is supported by both clusters. For example, to use protocol V5 with ZDM Proxy, both the origin and target clusters must support V5. This includes HCD and open source Apache Cassandra® 4.0 or later. Otherwise, a lower protocol version must be used.

If the requested version isn’t mutually supported, then ZDM Proxy can force the client application to downgrade to a mutually supported protocol version. If automatic forced downgrade isn’t possible, then the connection fails, and you must modify your client application to request a different protocol version.

Determine your client application’s supported and negotiated protocol versions

Outside of a migration scenario (without ZDM Proxy), the supported protocol versions depend on your origin cluster’s version and client application’s driver version.

Generally, when connecting to a cluster, the driver requests the highest protocol version that it supports. If the cluster supports that version, then the connection uses that version. If the cluster doesn’t support that version, then the driver progressively requests lower versions until it finds a mutually supported version.

For example, if the cluster and driver both support V5, then your client application uses V5 automatically unless you explicitly disable V5 in your driver configuration.

If you upgrade your cluster, driver, or both to a version with a higher mutually supported protocol version, then the driver automatically starts using the higher version unless you explicitly disable it in your driver configuration.

When you introduce ZDM Proxy, the target cluster is integrated into the protocol negotiation process to ensure that the negotiated protocol version is supported by the origin cluster, target cluster, and driver.

Considerations and requirements for V5

Required ZDM Proxy version

Official support for V5 requires ZDM Proxy version 2.4.0 or later.

Use cases requiring V5

You are required to use V5 only if your client application uses V5-specific functionality.

Potential performance impact between V5 and earlier versions

Protocol V5 has improved integrity checks compared to earlier versions. This can cause slight performance degradation when your client application begins to use V5 after using an earlier version.

DataStax performance tests showed potential throughput reductions ranging from 0 to 15 percent. This performance impact can occur with and without ZDM Proxy.

If your client application already uses V5, it is likely that you already adjusted to any potential performance impact, and the protocol version will have little or no impact on performance during your migration.

If you plan to upgrade to a V5-compatible driver before or during your migration, then the potential performance impact depends on which clusters support V5:

  • Neither cluster supports V5: You won’t notice any protocol-related performance impact before or during the migration because the driver and ZDM Proxy cannot negotiate V5 in this scenario.

  • Only the target cluster supports V5: You won’t notice any protocol-related performance impact during the migration because ZDM Proxy must negotiate a protocol version that is supported by both clusters. If the origin cluster doesn’t support V5, then ZDM Proxy cannot negotiate V5 during the migration, and the driver cannot negotiate V5 before the migration.

    However, you might experience a protocol-related performance impact at the end of the migration when you connect your client application directly to the target cluster. This phase removes ZDM Proxy and the origin cluster from the protocol negotiation, allowing the driver to negotiate directly with the target cluster. If the target cluster supports V5, the driver can use V5 automatically.

  • Both clusters support V5: Unless you block V5, you might experience performance impacts because the driver and ZDM Proxy can use V5 automatically in this scenario. Consider upgrading the driver before or after the migration so you can isolate the impact of that change without the added complexity of the migration. As a best practice for any significant version upgrade, run performance tests in lower environments to evaluate the potential impact before making the change in production.

Disallow or explicitly downgrade the protocol version

You can restrict protocol versions in the driver and ZDM Proxy configuration:

Driver configuration

You can explicitly downgrade the protocol version in your client application’s driver configuration. Make sure the enforced protocol version is supported by both clusters.

Use this option if you need to enforce the protocol version outside of the migration. For example:

  • Both clusters and the driver support V5 but you don’t want to use V5: Configure the protocol version in the driver before the migration if you haven’t done so already.

  • The origin cluster doesn’t support V5 and you want to ensure V5 isn’t used automatically after the migration: Configure the protocol version in the driver at any point before the end of the migration when you connect your client application directly to the target cluster.

  • You observe unacceptable performance degradation when using V5 before the migration (without ZDM Proxy): Either mitigate the performance issues before the migration, or configure the protocol version in the driver before the migration.

ZDM Proxy configuration

You can use the blocked_protocol_versions configuration variable to block specific protocol versions at the proxy level. Make sure at least one mutually supported protocol version isn’t blocked.

This option applies only while ZDM Proxy is in use. It doesn’t persist after the migration.

Use this option if you observe unacceptable performance degradation when ZDM Proxy is active and it negotiates V5. If unacceptable performance degradation occurs without ZDM Proxy, then configure the protocol version in the driver instead. However, be aware that ZDM Proxy itself can have a performance impact, regardless of the protocol version.

Thrift isn’t supported by ZDM Proxy

If you are using an earlier driver or cluster version that only supports Thrift, you must change your client application to use Cassandra Query Language (CQL) statements, and, if needed, upgrade your cluster before starting the migration process.

Cluster compatibility for ZDM Proxy

To successfully use the ZDM Proxy and migrate with no downtime, your origin (source) and target (destination) clusters must be compatible.

You can use ZDM Proxy to support migrations between Astra, DataStax Enterprise (DSE), Hyper-Converged Database (HCD), open-source Apache Cassandra, and and other Cassandra-based databases. Supported migration paths include cross-platform migrations and same-platform upgrades.

The following information assumes you are migrating to DSE. If that is not the case, see the ZDM documentation for your actual target cluster.

Supported ZDM migration paths

  • Astra DB Serverless to DSE 6.8.

    This migration path isn’t recommended if you use dynamic-schema collections or the Data API extensively. Consider migrating to Hyper-Converged Database (HCD) instead.

  • Astra Managed Clusters (Astra DB Classic) to DSE 6.8.

  • HCD 1.1 or later to DSE 6.8.

  • Open-source Apache Cassandra 2.1.6 or later to DSE 6.8.

    You might need to adjust your data model and application logic to prepare for this migration:

    • Check the built-in Cassandra version for DSE 6.8.

    • Review the release notes for all Cassandra versions from your current Cassandra version up to (and including) the built-in Cassandra version.

    • Review the migration paths and warnings in the Apache Cassandra to DSE in-place upgrade guide. Although this guide is for in-place upgrades, the information about configuration and breaking changes can help you prepare for your ZDM migration.

  • DSE 4.7.1 or later to DSE 6.8.

    For upgrades across multiple major versions or with disruptive breaking changes, the ZDM tools are recommended over in-place upgrades.

    ZDM Proxy cannot resolve breaking changes across major versions. Before migrating, review the release notes for all versions from your current DSE version up to (and including) your target DSE version.

    Make adjustments to your data model and application logic as needed for any deprecated features or breaking changes that might affect your migration.

    You might need to migrate to an intermediate version of DSE before migrating to your target version if there are breaking changes that you cannot address preemptively in your current DSE version.

    If you are running a DSE version earlier than 4.7.1, contact IBM Support for assistance with upgrading to a latest or LTS version.

  • Other Cassandra-based or CQL-compatible databases, such as ScyllaDB and Yugabyte, that share a common protocol version with DSE 6.8.

    DataStax tests ZDM Proxy compatibility with Astra, DSE, HCD, and open-source Cassandra. DataStax doesn’t guarantee support for any untested cluster aside from the platforms and versions listed here. As with any migration, DataStax recommends that you run isolated tests before attempting a full-scale production migration.

Incompatible clusters and migrations with some downtime

If your origin cluster isn’t compatible with ZDM Proxy, you can still migrate to DSE, but some downtime might be necessary to finish the migration.

For example, you can use standalone data migration tools or scripts to copy data to your new DSE cluster. To avoid complications caused by ongoing writes during the migration, you might want to schedule downtime to migrate all data and reconnect your applications to the new cluster.

If you need to modify the schema, data types, or CQL statements for compatibility with your new cluster, try to resolve these issues in your origin cluster. This minimizes the amount of work required during the actual migration period, ultimately reducing the total downtime for your migration.

For more complex migrations, such as RDBMS-to-NoSQL migrations, your migration will probably require extended downtime for additional processing, such as extract, transform, and load (ETL) operations.

For assistance with incompatible and partially compatible migrations, contact your DataStax account representative or IBM Support.

Schema and keyspace alignment

To successfully migrate with ZDM Proxy, the origin and target clusters must have matching schemas, including keyspace names, table names, column names, and data types. A CQL statement produced by your client application must be able to succeed without modification on both clusters because ZDM Proxy routes the exact same CQL statements to both clusters.

Even without ZDM Proxy, matching schemas are required for most CQL-based data migration tools, such as Astra DB Sideloader and Cassandra Data Migrator (CDM). If it is impossible to match the schemas, your migration cannot use ZDM Proxy. See Incompatible clusters and migrations with some downtime for alternatives.

ZDM Proxy doesn’t modify or transform CQL statements with the exception of optional replacement for now().

A CQL statement that your client application sends to ZDM Proxy must be able to succeed on both clusters. This means that any keyspace that your client application uses must exist on both the origin and target clusters with the same keyspace name, table names, column names, and compatible data types. However, the keyspaces can have different replication strategies and durable write settings.

At the column level, the schema doesn’t need to be a one-to-one match as long as the CQL statements can be executed successfully on both clusters. For example, if a table has 10 columns, and your client application uses only five of those columns, then you can re-create the table on the target cluster with only the five required columns. However, the data from the other columns won’t be migrated to the target cluster if those columns don’t exist on the target cluster. Before you decide to omit a column from the target cluster, make sure that it is acceptable to permanently lose that data after the migration.

In some cases, you can change the primary key on the target cluster. For example, if your compound primary key is PRIMARY KEY (A, B), and you always provide parameters for the A and B columns in your CQL statements, then you could change the key to PRIMARY KEY (B, A) when creating the schema on the target because your CQL statements will still run successfully.

Request and error handling with ZDM Proxy

See How ZDM Proxy handles reads and writes.

Lightweight Transactions and other non-idempotent operations

Non-idempotent CQL operations don’t produce the exact same result each time the request is executed. Whether the request is executed and the actual value written to the database depend on the column’s current value or other conditions at the time of the request. Examples of non-idempotent operations include the following:

By design, a ZDM migration involves two separate clusters, and it is possible for the clusters to have differences due to non-idempotent operations.

If you use non-idempotent operations, DataStax recommends adding a reconciliation phase to your migration before and after Phase 4. This allows you an additional opportunity to resolve any data inconsistencies that are produced by non-idempotent operations. CDM is ideal for detecting and reconciling these types of inconsistencies.

However, if your application workloads can tolerate inconsistencies produced by LWTs and non-idempotent operations, you might not need to perform any additional validation or reconciliation steps. This depends entirely on your application business logic and requirements. It is your responsibility to determine whether your workloads can tolerate these inconsistencies and to what extent.

Lightweight Transactions and the applied flag

ZDM Proxy handles LWTs in the same way as other write requests: It sends the request to both clusters concurrently, and then it waits for both to respond. ZDM Proxy returns a success status to the client only if both clusters send successful acknowledgements; otherwise, it returns a failure status.

However, clusters can consider an LWT to be successful with or without data modification, because LWTs modify data only if a specific condition is met, and they don’t fail if the condition isn’t met. With ZDM Proxy, this means both clusters can return successful acknowledgements with different outcomes on each cluster. This is because the evaluation of an LWT’s condition is based on the state of the data on the cluster at the time of the request. For example, if the condition is met on the origin cluster but not on the target cluster, then the data is modified on the origin cluster only.

If your application logic includes LWTs, you must reconcile any inconsistences caused by LWTs, and understand how the applied flag is handled by ZDM Proxy:

Repeatedly validate and reconcile data to catch all inconsistencies

During the ZDM process, the clusters aren’t fully synchronized until the data has been completely replicated and thoroughly validated at the end of Phase 2. Up to that point, LWTs can produce inconsistent data that you must reconcile at the end of Phase 2. Furthermore, because ZDM Proxy is designed to continuously route writes to both clusters, you might need to validate and reconcile the data multiple times to catch additional inconsistencies that occurred while you were reconciling previous inconsistencies.

Don’t rely on the applied flag

A cluster’s response to an LWT includes an applied flag. If applied is True, then the LWT’s condition was met and the data was actually modified. If applied is False, then the condition wasn’t met and the data wasn’t modified.

Outside of a migration scenario, this flag is passed to the client application from the one cluster that the client is connected to. However, with ZDM Proxy, the responses from both clusters are passed to ZDM Proxy, which then passes only one response back to the client application. This is intentional because ZDM Proxy is designed to be transparent to the client application: The client application believes it is interacting with a single cluster.

Specifically, ZDM Proxy returns the response, including the applied flag, from the primary cluster. For the majority of the migration process, the origin cluster is the primary cluster. Near the end of the migration (Phase 4), the target cluster becomes the primary cluster.

If your application logic depends on the applied flag, be aware that, during the migration, your application receives the applied flag from the primary cluster only. It cannot access the applied flag from the secondary cluster. If needed, modify your application logic in anticipation of this behavior. Or, plan to thoroughly reconcile inconsistencies that occur due to LWTs before the final phases of the migration (Phase 4 and Phase 5) where the target cluster becomes the primary cluster and your applications stop using the origin cluster.

Server-side non-deterministic functions in the primary key

Statements with UUID and timeuuid functions, like now() and uuid(), create data inconsistencies between the origin and target clusters because the values are computed at the cluster level.

If these functions are used for regular non-primary key columns, you must determine if it is acceptable to have different values in the two clusters depending on your application business logic. However, if these functions are used in any primary key column, then your data migration phase will fail because of data inconsistencies between the two clusters. Effectively, the clusters will never be truly in sync from a programmatic perspective.

ZDM Proxy has an option to replace now() with a timeUUID calculated at the proxy level to ensure that these records write the same value to both clusters.

To enable this feature, set replace_cql_functions to true. For more information, see Change a mutable configuration variable.

The replace_cql_functions option only replaces the now() function.

This feature is disabled by default because it has a noticeable impact on performance. DataStax recommends that you test this feature extensively before using it in production.

If the performance impact is unacceptable for your application, or you are using functions other than now(), then you must change your client application to use values calculated locally at the client-level before the statement is sent to the database. Most drivers have utility methods that help you compute these values locally. For more information, see your driver’s documentation and Query timestamps in Cassandra drivers.

Driver retry policy and query idempotence

The ZDM process requires you to perform rolling restarts of your client applications during the migration. This is standard practice for client applications that are deployed over multiple instances, and it is a widely used approach to roll out releases and configuration changes.

Throughout the migration process, you must restart ZDM Proxy instances to apply configuration changes. Client applications handle this in the same way as typical rolling restarts of Cassandra-based clusters.

If your applications already tolerate rolling restarts of your origin cluster, then you shouldn’t expect any issues during rolling restarts of ZDM Proxy instances.

To ensure that your client application retries requests that fail due to connection errors caused by the rolling restart process, check your driver’s retry policies and whether your requests are marked as idempotent. Most drivers treat all statements as non-idempotent by default, and they don’t automatically retry them. This means that you must explicitly mark statements as idempotent to trigger retries after connection errors. For more information, see Query idempotence in Cassandra drivers and Retry policies for Cassandra drivers.

Client compression

LZ4 and Snappy compression algorithms require ZDM Proxy version 2.4.0 or later.

The binary protocol used by Cassandra-based databases supports optional compression of transport-level requests and responses that reduces network traffic at the cost of CPU overhead.

When establishing connections from client applications, ZDM Proxy responds with a list of compression algorithms supported by both clusters. The compression algorithm configured in your Cassandra driver must match any item from the common list, or CQL request compression must be disabled completely. ZDM Proxy cannot decompress and recompress CQL requests using different compression algorithms.

This isn’t related to storage compression, which you can configure on specific tables with the compression table property. Storage/table compression doesn’t affect the client application or ZDM Proxy in any way.

ZDM Proxy ignores token-aware routing

Token-aware routing isn’t enforced when connecting through ZDM Proxy because these instances don’t hold actual token ranges in the same way as database nodes. Instead, each ZDM Proxy instance has a unique, non-overlapping set of synthetic tokens that simulate token ownership and enable balanced load distribution across the instances.

Upon receiving a request, a ZDM Proxy instance routes the request to appropriate origin and target database nodes, independent of token ownership.

If your clients have token-aware routing enabled, you don’t need to disable this behavior while using ZDM Proxy. Clients can continue to operate with token-aware routing enabled without negative impacts to functionality or performance.

Authenticator and authorizer configuration

A cluster’s authorizer doesn’t affect client applications or ZDM Proxy, which means that you can use any kind of authorizer configuration on your clusters, and they can use different authorizers.

In contrast, a cluster’s authenticator must be compatible with ZDM Proxy. ZDM Proxy supports the following cluster authenticator configurations:

  • No authenticator

  • PasswordAuthenticator

  • DseAuthenticator with internal or ldap scheme

ZDM Proxy doesn’t support DseAuthenticator with kerberos scheme.

The origin and target clusters can have different authentication configurations because ZDM Proxy treats them independently.

DSE advanced workloads

If your migration includes a DSE cluster that supports DSE Search or DSE Graph workloads, it is important that you understand how ZDM Proxy handles DSE advanced workloads:

DSE Graph

ZDM Proxy handles all DSE Graph requests as write requests even if the traversals are read-only. There is no special handling for these requests, so you must consider the traversals that your client application sends and determine whether the traversals are idempotent. If the traversals are non-idempotent, then your must thoroughly validate and reconcile the data and the end of Phase 2 to ensure that the target cluster is truly consistent with the origin cluster. For more information, see Lightweight Transactions and other non-idempotent operations.

DataStax’s recommended tools for data migration and reconciliation are CQL-based, so they only support migrations where the origin cluster is a database that uses the new DSE Graph engine (DSE 6.8 and later). They cannot be used with the earlier Graph engine in DSE versions prior to 6.8.

DSE Search

Read-only DSE Search workloads can be moved directly from the origin to the target without ZDM Proxy being involved. If your client application uses Search and also issues writes, or if you need the read routing capabilities from ZDM Proxy, then you can connect your Search workloads to ZDM Proxy as long as you are using DSE-compatible drivers to submit these queries. This approach means the queries are regular CQL SELECT statements, so ZDM Proxy handles them as regular read requests.

If you use the HTTP API then you can either modify your applications to use the CQL API instead, or you must move those applications directly from the origin to the target when the migration is complete, if that is acceptable for your use case.

For more DSE-specific migration considerations, see Migrate to DataStax Enterprise (DSE).

Multi-datacenter clusters and other complex migrations

Complex migration scenarios, such as multi-datacenter migrations and many-to-one migrations, require additional planning to properly configure migration tools and effectively migrate the data.

Factors that can make a migration more complicated include the following:

  • Number of regions

  • Cross-region data transfers

  • Amount of data

  • Type or nature of the data

  • Airgapped environments

  • Data consistency thresholds (such as tolerance for dropped writes or zombie data when a migration requires downtime)

  • Volume of traffic

Multi-region migrations, also known as multi-datacenter migrations, can include one or more of the following scenarios:

  • Your origin cluster is deployed to multiple regions, with or without enforced data consistency.

  • Your origin cluster is deployed to multiple regions, with multiple client application instances deployed to each region.

  • Your target database is, or will be, deployed to multiple regions.

  • You need to support multiple regions in a live migration scenario.

For relatively small migrations to DSE with consistent data across all regions, you can migrate the primary region first, and then deploy additional datacenters after the initial migration is complete, using an appropriate replication strategy to copy the data to the additional datacenters. However, this approach isn’t suitable for all migrations because replication strategies, like eventual consistency, can be inefficient when replicating large amounts of data across geographically distant regions.

It is difficult to provide a one-size-fits-all solution for multi-region migrations due to the potential complexity and variability of these scenarios. For assistance with your migration, contact your DataStax account representative or IBM Support.

To configure ZDM Proxy for a multi-datacenter migration, see the ZDM Proxy infrastructure guidelines for multi-datacenter clusters.

Next steps

Next, prepare the ZDM Proxy infrastructure.

Was this helpful?

Give Feedback

How can we improve the documentation?

© Copyright IBM Corporation 2026 | Privacy policy | Terms of use Manage Privacy Choices

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: Contact IBM