1.0
Table Of Contents
- Administration Guide
- Contents
- About This Book
- Overview of Site Recovery Manager
- System Requirements
- Installing or Updating Site Recovery Manager
- Managing SRM
- Protected Site Configuration
- Recovery Site Configuration
- Failback
- Alerting and Monitoring
- Protected and Recovery Site Changes
- Preinstallation Checklist
- Failback Checklist
- Use the srm-config command to repair an SRM server connection
- Avoiding Replication of Paging Files and Other Transient Data
- Glossary
- Index
VMware, Inc. 37
Chapter 4 Managing SRM
SRM Users, Groups, Permissions, and Roles
SRMusesthesameauthorizationmodelasVirtualCenterServer.Thesetofpermissions
appliedtoorinheritedbyanobjectdeterminetheoperationsthatareallowedonthe
objectandthelistofrolesthatcanperformthoseoperations.Managedobjectsinthe
SRMinventorycanhavespecificpermissionsapplied.There
aretwowaystocontrol
permissiontoexecuteSRMoperations:
Addingusers–Assignuserstothepredefinedroles.
Addingroles–Createarole,addtheadministrators,andthenaddtheright
permissionstotherole.
Tomanagepermissionsandroles,youmustlogintotheVirtualCenterServerwiththe
administratoraccount.
ThePermissionstabliststheusersandgroupsthathavepermissionsontheselected
objectandat
whatlevelthepermissionwasassigned.
YoumustbeinAdministrationviewfortheRolesmenuitemtobeenabled.
The Permissionstabdisplaysthefollowing:
User/Group—TheuserorgroupthatexistsinSRM.
Role—Setofprivilegesassignedtoanexistinguserorgroup.
Definedin—Theobjectinwhichtheuser,group,androleisdefined.
SRM Permissions
Toobtainthefullabilityofanadministratoroftheprotectedsiteandtherecoverysite,
definethefollowingpermissions:
Protectedsite:
Read‐onlyattheVirtualCenterroot(donotpropagate).
Read‐onlytoDatacenterinventoryobject(donotpropagate).
ProtectionVirtualMachineAdministratorroleattheVirtualMachinelevel
(propagate).
NOTEToconfigureSRM,ausermusthavebothVirtualCenterandSRMpermissions.
SRMrolessuchasSRMProtectionAdministratorandSRMRecoveryAdministratordo
nothavespecificprivilegesforVirtualCenterandthereforedonothaveadequate
permissionstoperformallSRMoperations.Theconverseisalsotrue.VirtualCenter
rolesdo
notprovideanySRMprivileges.EnsurethatSRMusershaveVirtualCenter
andSRMspecificrolesasappropriate.