6.1
Table Of Contents
- Site Recovery Manager Administration
- Contents
- About VMware Site Recovery Manager Administration
- Updated Information
- Site Recovery Manager Privileges, Roles, and Permissions
- How Site Recovery Manager Handles Permissions
- Site Recovery Manager and the vCenter Server Administrator Role
- Site Recovery Manager and vSphere Replication Roles
- Managing Permissions in a Shared Recovery Site Configuration
- Assign Site Recovery Manager Roles and Permissions
- Site Recovery Manager Roles Reference
- Replicating Virtual Machines
- Configuring Mappings
- About Placeholder Virtual Machines
- Creating and Managing Protection Groups
- About Array-Based Replication Protection Groups and Datastore Groups
- About vSphere Replication Protection Groups
- About Storage Policy Protection Groups
- Create Protection Groups
- Organize Protection Groups in Folders
- Add or Remove Datastore Groups or Virtual Machines to or from a Protection Group
- Apply Inventory Mappings to All Members of a Protection Group
- Configure Inventory Mappings for an Individual Virtual Machine in a Protection Group
- Modifying the Settings of a Protected Virtual Machine
- Remove Protection from a Virtual Machine
- Protection Group Status Reference
- Virtual Machine Protection Status Reference
- Creating, Testing, and Running Site Recovery Manager Recovery Plans
- Testing a Recovery Plan
- Performing a Planned Migration or Disaster Recovery By Running a Recovery Plan
- Differences Between Testing and Running a Recovery Plan
- Performing Test Recovery of Virtual Machines Across Multiple Hosts on the Recovery Site
- Create, Test, and Run a Recovery Plan
- Export Recovery Plan Steps
- View and Export a Recovery Plan History
- Delete a Recovery Plan
- Recovery Plan Status Reference
- Configuring a Recovery Plan
- Recovery Plan Steps
- Creating Custom Recovery Steps
- Suspend Virtual Machines When a Recovery Plan Runs
- Specify the Recovery Priority of a Virtual Machine
- Configure Virtual Machine Dependencies
- Enable vSphere vMotion for Planned Migration
- Configure Virtual Machine Startup and Shutdown Options
- Limitations to Protection and Recovery of Virtual Machines
- Customizing IP Properties for Virtual Machines
- Reprotecting Virtual Machines After a Recovery
- How Site Recovery Manager Reprotects Virtual Machines with Array Based Replication
- How Site Recovery Manager Reprotects Virtual Machines with vSphere Replication
- How Site Recovery Manager Reprotects Virtual Machines with Storage Policy Protection
- Preconditions for Performing Reprotect
- Reprotect Virtual Machines
- Reprotect States
- Restoring the Pre-Recovery Site Configuration By Performing Failback
- Interoperability of Site Recovery Manager with Other Software
- Site Recovery Manager and vCenter Server
- Using Site Recovery Manager with VMware Virtual SAN Storage and vSphere Replication
- How Site Recovery Manager Interacts with DPM and DRS During Recovery
- How Site Recovery Manager Interacts with Storage DRS or Storage vMotion
- How Site Recovery Manager Interacts with vSphere High Availability
- How Site Recovery Manager Interacts with Stretched Storage
- Using Site Recovery Manager with VMware NSX
- Site Recovery Manager and vSphere PowerCLI
- Site Recovery Manager and vRealize Orchestrator
- Protecting Microsoft Cluster Server and Fault Tolerant Virtual Machines
- Using Site Recovery Manager with SIOC Datastores
- Using Site Recovery Manager with Admission Control Clusters
- Site Recovery Manager and Virtual Machines Attached to RDM Disk Devices
- Site Recovery Manager and Active Directory Domain Controllers
- Advanced Site Recovery Manager Configuration
- Reconfigure Site Recovery Manager Settings
- Change Connections Settings
- Change Site Recovery Manager History Report Collection Setting
- Change Local Site Settings
- Change Logging Settings
- Change Recovery Settings
- Change Remote Manager Settings
- Change Remote Site Settings
- Change Replication Settings
- Change SSO Setting
- Change Storage Settings
- Change ABR Storage Policy Setting
- Change Storage Provider Settings
- Change vSphere Replication Settings
- Modify Settings to Run Large Site Recovery Manager Environments
- Reconfigure Site Recovery Manager Settings
- Site Recovery Manager Events and Alarms
- Collecting Site Recovery Manager Log Files
- Troubleshooting Site Recovery Manager
- Site Recovery Manager Doubles the Number of Backslashes in the Command Line When Running Callouts
- Powering on Many Virtual Machines Simultaneously on the Recovery Site Can Lead to Errors
- LVM.enableResignature=1 Remains Set After a Site Recovery Manager Test Recovery
- Adding Virtual Machines to a Protection Group Fails with an Unresolved Devices Error
- Configuring Protection fails with Placeholder Creation Error
- Rapid Deletion and Recreation of Placeholders Fails
- Planned Migration Fails Because Host is in an Incorrect State
- Recovery Fails with a Timeout Error During Network Customization for Some Virtual Machines
- Recovery Fails with Unavailable Host and Datastore Error
- Reprotect Fails with a vSphere Replication Timeout Error
- Recovery Plan Times Out While Waiting for VMware Tools
- Synchronization Fails for vSphere Replication Protection Groups
- Rescanning Datastores Fails Because Storage Devices are Not Ready
- Recovery Sticks at 36% During Planned Migration
- Operations Fail with Error About a Nonreplicated Configuration File
- Index
n
Managing Permissions in a Shared Recovery Site Configuration on page 14
You can configure permissions on Site Recovery Manager to use a shared recovery site. The
vCenter Server administrator on the shared recovery site must manage permissions so that each user
has sufficient privileges to configure and use Site Recovery Manager, but no user has access to
resources that belong to another user.
n
Assign Site Recovery Manager Roles and Permissions on page 15
During installation of Site Recovery Manager, users with the vCenter Server administrator role are
granted the administrator role on Site Recovery Manager. At this time, only vCenter Server
administrators can log in to Site Recovery Manager, unless they explicitly grant access to other users.
n
Site Recovery Manager Roles Reference on page 17
Site Recovery Manager includes a set of roles. Each role includes a set of privileges, which allow users
with those roles to complete different actions.
How Site Recovery Manager Handles Permissions
Site Recovery Manager determines whether a user has permission to perform an operation, such as
configuring protection or running the individual steps in a recovery plan. This permission check ensures the
correct authentication of the user, but it does not represent the security context in which the operation is
performed.
Site Recovery Manager performs operations in the security context of the user ID that is used to connect the
sites, or in the context of the ID under which the Site Recovery Manager service is running, for example, the
local system ID.
After Site Recovery Manager verifies that a user has the appropriate permissions on the target vSphere
resources, Site Recovery Manager performs operations on behalf of users by using the vSphere
administrator role.
For operations that configure protection on virtual machines, Site Recovery Manager validates the user
permissions when the user requests the operation. Operations require two phases of validation.
1 During configuration, Site Recovery Manager verifies that the user configuring the system has the
correct permissions to complete the configuration on the vCenter Server object. For example, a user
must have permission to protect a virtual machine and use resources on the secondary vCenter Server
instance that the recovered virtual machine uses.
2 The user performing the configuration must have the correct permissions to complete the task that they
are configuring. For example, a user must have permissions to run a recovery plan.
Site Recovery Manager then completes the task on behalf of the user as a vCenter Server administrator.
As a result, a user who completes a particular task, such as a recovery, does not necessarily require
permissions to act on vSphere resources. The user only requires the permission to run a recovery in
Site Recovery Manager. The role authorizes the action, but the action is performed by
Site Recovery Manager acting as an administrator. Site Recovery Manager performs the operations by using
the administrator credentials that you provide when you connect the protected and recovery sites.
Site Recovery Manager maintains a database of permissions for internal Site Recovery Manager objects that
uses a model similar to the one the vCenter Server uses. Site Recovery Manager verifies its own
Site Recovery Manager privileges even on vCenter Server objects. For example, Site Recovery Manager
checks for the Resource.Recovery Use permission on the target datastore rather than checking multiple low-
level permissions, such as Allocate space. Site Recovery Manager also verifies the permissions on the
remote vCenter Server instance.
To use Site Recovery Manager with vSphere Replication, you must assign vSphere Replication roles to users
as well as Site Recovery Manager roles. For information about vSphere Replication roles, see
vSphere Replication Administration.
Site Recovery Manager Administration
12 VMware, Inc.