6.1
Table Of Contents
- Site Recovery Manager Security
- Contents
- About VMware Site Recovery Manager Security
- Updated Information
- Site Recovery Manager Security Reference
- Site Recovery Manager Services
- Site Recovery Manager Network Ports
- Site Recovery Manager Configuration Files
- Site Recovery Manager Certificates and Keys
- Site Recovery Manager License and EULA Files
- Site Recovery Manager Log Files
- Site Recovery Manager Accounts
- Site Recovery Manager Security Updates and Patches
- Best Practices For Securing Site Recovery Manager Server
- Index
Site Recovery Manager Services
The operation of Site Recovery Manager depends on several services that run on the
Site Recovery Manager Server host machine.
Table 1‑1. Services that Site Recovery Manager Requires
Service Name Startup Time Description
VMware vCenter
Site Recovery Manager Server
Automatic Provides the core Site Recovery Manager
functions.
VMware vCenter
Site Recovery Manager
Embedded Database
Automatic, if you use the
embedded database
The vPostgres server for the
Site Recovery Manager embedded database.
Server Automatic Windows service that supports file sharing over
the network.
Workstation Automatic Windows service that creates and maintains
connections to remote servers.
Protected Storage Automatic Windows services that store sensitive data.
Site Recovery Manager Network Ports
Site Recovery Manager uses network ports, which you can configure, to communicate with clients and other
servers. You must ensure that firewalls do not block the ports that Site Recovery Manager uses.
Site Recovery Manager Server receives all incoming traffic on one network port. The default port is 9086. If
you configure Site Recovery Manager to use an embedded database, the Site Recovery Manager embedded
database receives the localhost network traffic on the local loopback interface. The default port is 5678.
You can select other ports for Site Recovery Manager and embedded database traffic during the installation
process if the default ports are blocked or other applications use them. You must configure network policies
to enable traffic on the incoming port. For information about the ports that you can change after installation,
see the Modify a Site Recovery Manager Server Installation topic in the Site Recovery Manager Installation and
Configuration documentation.
Site Recovery Manager Server communicates with Platform Services Controller, vCenter Server, ESXi hosts,
and Arrays at the local site. You must verify that the network firewall policies enable the traffic to network
ports of all components at the local site. For the list of the default ports that all VMware products use, see
http://kb.vmware.com/kb/1012382.
The connection between the local and the remote site of a Site Recovery Manager pair must be private such
as VPN. The local Site Recovery Manager Server communicates with Site Recovery Manager Server,
Platform Services Controller, and vCenter Server on the remote site, and your network provider must
ensure the appropriate network policies to enable the traffic.
For a list of all the ports that must be open for Site Recovery Manager, see
http://kb.vmware.com/kb/2119329.
Site Recovery Manager Security
10 VMware, Inc.