5.5
Table Of Contents
- Site Recovery Manager Installation and Configuration
- Contents
- About Site Recovery Manager Installation and Configuration
- Overview of VMware vCenter Site Recovery Manager
- Site Recovery Manager System Requirements
- Creating the SRM Database
- SRM Authentication
- Installing SRM
- Upgrading SRM
- Configuring Array-Based Protection
- Installing vSphere Replication
- Deploy the vSphere Replication Appliance
- Configure vSphere Replication Connections
- Reconfigure the vSphere Replication Appliance
- Reconfigure General vSphere Replication Settings
- Change the SSL Certificate of the vSphere Replication Appliance
- Change the Password of the vSphere Replication Appliance
- Change Keystore and Truststore Passwords of the vSphere Replication Appliance
- Configure vSphere Replication Network Settings
- Configure vSphere Replication System Settings
- Reconfigure vSphere Replication to Use an External Database
- Use the Embedded vSphere Replication Database
- Deploy an Additional vSphere Replication Server
- Register an Additional vSphere Replication Server
- Reconfigure vSphere Replication Server Settings
- Unregister and Remove a vSphere Replication Server
- Uninstall vSphere Replication
- Unregister vSphere Replication from vCenter Server if the Appliance Was Deleted
- Upgrading vSphere Replication
- Creating SRM Placeholders and Mappings
- Installing SRM to Use with a Shared Recovery Site
- Limitations of Using SRM in Shared Recovery Site Configuration
- SRM Licenses in a Shared Recovery Site Configuration
- Install SRM In a Shared Recovery Site Configuration
- Install SRM Server on Multiple Protected Sites to Use with a Shared Recovery Site
- Install Multiple SRM Server Instances on a Shared Recovery Site
- Install the SRM Client Plug-In In a Shared Recovery Site Configuration
- Connect to SRM in a Shared Recovery Site Configuration
- Connect the SRM Sites in a Shared Recovery Site Configuration
- Configure Placeholders and Mappings in a Shared Recovery Site Configuration
- Use Array-Based Replication in a Shared Recovery Site Configuration
- Use vSphere Replication in a Shared Recovery Site Configuration
- Troubleshooting SRM Installation and Configuration
- Cannot Restore SQL Database to a 32-Bit Target Virtual Machine During SRM Upgrade
- SRM Server Does Not Start
- vSphere Client Cannot Connect to SRM
- Site Pairing Fails Because of Different Certificate Trust Methods
- Error at vService Bindings When Deploying the vSphere Replication Appliance
- OVF Package is Invalid and Cannot be Deployed
- vSphere Replication Appliance or vSphere Replication Server Does Not Deploy from the SRM Interface
- Connection Errors Between vSphere Replication and SQL Server Cannot be Resolved
- 404 Error Message when Attempting to Pair vSphere Replication Appliances
- vSphere Replication Service Fails with Unresolved Host Error
- Increase the Memory of the vSphere Replication Server for Large Deployments
- vSphere Replication Appliance Extension Cannot Be Deleted
- Uploading a Valid Certificate to vSphere Replication Results in a Warning
- vSphere Replication Status Shows as Disconnected
- vSphere Replication Server Registration Takes Several Minutes
- vSphere Replication is Inaccessible After Changing vCenter Server Certificate
- Index
SRM Authentication 4
All communications between SRM and vCenter Server instances take place over SSL connections and are
authenticated by public key certificates or stored credentials.
When you install an SRM Server, you must choose either credential-based authentication or custom
certificate-based authentication. By default, SRM uses credential-based authentication, but custom
certificate-based authentication can alternatively be selected. The authentication method you choose when
installing the SRM Server is used to authenticate connections between the SRM Server instances at the
protected and recovery sites, and between SRM and vCenter Server.
IMPORTANT You cannot mix authentication methods between SRM Server instances at different sites and
between SRM and vCenter Server.
Credential-Based Authentication
This is the default authentication method that SRM uses. If you are using credential-based authentication,
SRM stores a user name and password that you specify during installation, and then uses those credentials
when connecting to vCenter Server. SRM also creates a special-purpose certificate for its own use. This
certificate includes additional information that you supply during installation.
NOTE Even though SRM creates and uses this special-purpose certificate when you choose credential-based
authentication, credential-based authentication is not equivalent to certificate-based authentication in either
security or operational simplicity.
Custom Certificate-Based Authentication
If you have or can acquire a PKCS#12 certificate signed by a trusted authority, use custom certificate-based
authentication. Public key certificates signed by a trusted authority streamline many SRM operations and
provide the highest level of security. Custom certificates that SRM uses have special requirements. See
“Requirements When Using Public Key Certificates with SRM,” on page 28.
If you use custom certificate-based authentication, you must use certificates signed by trusted authority on
the vCenter Server and SRM Server instances on both the protected site and the recovery site.
Certificate Warnings
If you are using credential-based authentication, attempts by the SRM Server to connect to vCenter Server
produce a certificate warning because the trust relationship asserted by the special-purpose certificates
created by SRM and vCenter Server cannot be verified by SSL. A warning allows you to verify the
thumbprint of the certificate used by the other server and confirm its identity. To avoid these warnings, use
certificate-based authentication and obtain your certificate from a trusted certificate authority.
VMware, Inc.
27