5.5
Table Of Contents
- Site Recovery Manager Administration
- Contents
- About VMware vCenter Site Recovery Manager Administration
- SRM Privileges, Roles, and Permissions
- Replicating Virtual Machines
- How the Recovery Point Objective Affects Replication Scheduling
- Replicating a Virtual Machine and Enabling Multiple Point in Time Instances
- Configure Replication for a Single Virtual Machine
- Configure Replication for Multiple Virtual Machines
- Replicate Virtual Machines By Using Replication Seeds
- Reconfigure Replications
- Stop Replicating a Virtual Machine
- Creating Protection Groups
- Creating, Testing, and Running Recovery Plans
- Testing a Recovery Plan
- Performing a Planned Migration or Disaster Recovery By Running a Recovery Plan
- Differences Between Testing and Running a Recovery Plan
- How SRM Interacts with DPM and DRS During Recovery
- How SRM Interacts with Storage DRS or Storage vMotion
- How SRM Interacts with vSphere High Availability
- Protecting Microsoft Cluster Server and Fault Tolerant Virtual Machines
- Create, Test, and Run a Recovery Plan
- Export Recovery Plan Steps
- View and Export Recovery Plan History
- Cancel a Test or Recovery
- Delete a Recovery Plan
- Reprotecting Virtual Machines After a Recovery
- Restoring the Pre-Recovery Site Configuration By Performing Failback
- Customizing a Recovery Plan
- Recovery Plan Steps
- Specify the Recovery Priority of a Virtual Machine
- Creating Custom Recovery Steps
- Types of Custom Recovery Steps
- How SRM Handles Custom Recovery Steps
- Create Top-Level Command Steps
- Create Top-Level Message Prompt Steps
- Create Command Steps for Individual Virtual Machines
- Create Message Prompt Steps for Individual Virtual Machines
- Guidelines for Writing Command Steps
- Environment Variables for Command Steps
- Customize the Recovery of an Individual Virtual Machine
- Customizing IP Properties for Virtual Machines
- Advanced SRM Configuration
- Configure Protection for a Virtual Machine or Template
- Configure Resource Mappings for a Virtual Machine
- Specify a Nonreplicated Datastore for Swap Files
- Recovering Virtual Machines Across Multiple Hosts on the Recovery Site
- Resize Virtual Machine Disk Files During Replication Using Replication Seeds
- Resize Virtual Machine Disk Files During Replication Without Using Replication Seeds
- Reconfigure SRM Settings
- Change Local Site Settings
- Change Logging Settings
- Change Recovery Settings
- Change Remote Site Settings
- Change the Timeout for the Creation of Placeholder Virtual Machines
- Change Storage Settings
- Change Storage Provider Settings
- Change vSphere Replication Settings
- Modify Settings to Run Large SRM Environments
- Troubleshooting SRM Administration
- Limitations to Protection and Recovery of Virtual Machines
- SRM Events and Alarms
- vSphere Replication Events and Alarms
- Collecting SRM Log Files
- Access the vSphere Replication Logs
- Resolve SRM Operational Issues
- SRM Doubles the Number of Backslashes in the Command Line When Running Callouts
- Powering on Many Virtual Machines Simultaneously on the Recovery Site Can Lead to Errors
- LVM.enableResignature=1 Remains Set After a SRM Test Failover
- Adding Virtual Machines to a Protection Group Fails with an Unresolved Devices Error
- Configuring Protection fails with Placeholder Creation Error
- Planned Migration Fails Because Host is in an Incorrect State
- Recovery Fails with a Timeout Error During Network Customization for Some Virtual Machines
- Recovery Fails with Unavailable Host and Datastore Error
- Reprotect Fails with a vSphere Replication Timeout Error
- Recovery Plan Times Out While Waiting for VMware Tools
- Reprotect Fails After Restarting vCenter Server
- Rescanning Datastores Fails Because Storage Devices are Not Ready
- Scalability Problems when Replicating Many Virtual Machines with a Short RPO to a Shared VMFS Datastore on ESXi Server 5.0
- Application Quiescing Changes to File System Quiescing During vMotion to an Older Host
- Reconfigure Replication on Virtual Machines with No Datastore Mapping
- Configuring Replication Fails for Virtual Machines with Two Disks on Different Datastores
- vSphere Replication RPO Violations
- vSphere Replication Does Not Start After Moving the Host
- Unexpected vSphere Replication Failure Results in a Generic Error
- Generating Support Bundles Disrupts vSphere Replication Recovery
- Recovery Plan Times Out While Waiting for VMware Tools
- Index
n
Assign SRM Roles and Permissions on page 13
During installation, SRM administrator rights are assigned to the vCenter Server administrator role. At
this time, only vCenter Server administrators can log in to SRM, unless they explicitly grant access to
other users.
n
SRM Roles Reference on page 14
SRM includes a set of roles. Each role includes a set of privileges, which allow users with those roles to
complete different actions.
How SRM Handles Permissions
SRM determines whether a user has permission to perform an operation, such as configuring protection or
running the individual steps in a recovery plan. This permission check ensures the correct authentication of
the user, but it does not represent the security context in which the operation is performed.
SRM performs operations in the security context of the user ID that is used to connect the sites, or in the
context of the ID under which the SRM service is running, for example, the local system ID.
After SRM verifies that a user has the appropriate permissions on the target vSphere resources, SRM
performs operations on behalf of users by using the vSphere administrator role.
For configuration operations, SRM validates user permissions when the user requests the operation.
Operations other than configuration operations require two phases of validation.
1 During configuration, SRM verifies that the user configuring the system has the correct permissions to
complete the configuration on the vCenter Server object. For example, a user must have permission to
protect a virtual machine and use resources on a secondary vCenter Server that the recovered virtual
machine uses.
2 The user performing the configuration must have the correct permissions to complete the task that they
are configuring. For example, a user must have permissions to run a recovery plan. SRM then
completes the task on behalf of the user as a vCenter Server administrator.
As a result, a user who completes a particular task, such as a recovery, does not necessarily require
permissions to act on vSphere resources. The role authorizes the action, but the action is performed by SRM
acting as an administrator. SRM performs the operations by using the administrator credentials that you
provide when you connect the protected and recovery sites.
SRM maintains a database of permissions for internal SRM objects that uses a model similar to the one the
vCenter Server uses. SRM verifies its own SRM privileges even on vCenter Server objects. For example, SRM
checks for the Resource.Recovery Use permission on the target datastore rather than checking multiple low-
level permissions, such as Allocate space.
SRM and the vCenter Server Administrator Role
If a user or user group has the vCenter Server administrator role on a vCenter Server instance when you
install SRM, that user or user group obtains all SRM privileges.
SRM does not perform verification of roles or permissions after installation. If you assign the vCenter Server
administrator role to users or user groups after you install SRM, you must manually assign the SRM roles to
those users.
You can assign SRM roles to users or user groups that do not have the vCenter Server administrator role. In
this case, those users have permission to perform SRM operations, but they do not have permission to
perform all vCenter Server operations.
Site Recovery Manager Administration
10 VMware, Inc.