4.1
Table Of Contents
- Site Recovery Manager Administration Guide
- Contents
- About This Book
- Administering VMware vCenter Site Recovery Manager
- Installing and Updating Site Recovery Manager
- Configuring the Protected and Recovery Sites
- Test Recovery, Recovery, and Failback
- Customizing Site Recovery Manager
- Assign Roles and Permissions
- Customizing a Recovery Plan
- Configure Protection for a Virtual Machine or Template
- Configure SRM Alarms
- Working with Advanced Settings
- Avoiding Replication of Paging Files and Other Transient Data
- Troubleshooting SRM
- Index
SRM Authentication
All communications between SRM and vCenter servers take place over an SSL connection and are
authenticated by public key certificates or stored credentials.
When you install an SRM server, you must choose either credential-based authentication or certificate-based
authentication. You cannot mix authentication methods. The authentication method you choose when
installing the SRM server is used to authenticate connections between the SRM servers at the protected and
recovery sites, and between SRM and vCenter.
Certificate-Based Authentication
If you have or can acquire a PKCS#12 certificate signed by a trusted authority, use certificate-based
authentication. Public key certificates signed by a trusted authority streamline many SRM operations and
provide the highest
level of security. Certificates used by SRM have special requirements. See “Requirements
When Using Public Key Certificates,” on page 16.
Credential-Based Authentication
If you are using credential-based authentication, SRM stores a user name and password that you specify during
installation, and then uses those credentials when connecting to vCenter or another SRM server. SRM also
creates a special-purpose certificate for its own use. This certificate includes additional information that you
supply during installation. That information, an Organization name and Organization Unit name, must be
identical for both members of an SRM server pair.
NOTE Even though SRM creates and uses this special-purpose certificate when you choose credential-based
authentication, credential-based authentication is not equivalent to certificate-based authentication in either
security or operational simplicity.
Certificate Warnings
If
you
are
using credential-based authentication, attempts by the SRM server to connect to vCenter produce a
certificate warning because the trust relationship asserted by the special-purpose certificates created by SRM
and vCenter cannot be verified by SSL. The warning dialog allows you to specify a disposition for the current
instance of the problem, for all instances of the problem when making connection to a specific host, or for all
instances of the problem for all hosts. To avoid these warnings, use certificate-based authentication and obtain
your certificate from a trusted certificate authority.
Chapter 1 Administering VMware vCenter Site Recovery Manager
VMware, Inc. 15