5.5
Table Of Contents
- Site Recovery Manager Installation and Configuration
- Contents
- About Site Recovery Manager Installation and Configuration
- Overview of VMware vCenter Site Recovery Manager
- Site Recovery Manager System Requirements
- Creating the SRM Database
- SRM Authentication
- Installing SRM
- Upgrading SRM
- Configuring Array-Based Protection
- Installing vSphere Replication
- Deploy the vSphere Replication Appliance
- Configure vSphere Replication Connections
- Reconfigure the vSphere Replication Appliance
- Reconfigure General vSphere Replication Settings
- Change the SSL Certificate of the vSphere Replication Appliance
- Change the Password of the vSphere Replication Appliance
- Change Keystore and Truststore Passwords of the vSphere Replication Appliance
- Configure vSphere Replication Network Settings
- Configure vSphere Replication System Settings
- Reconfigure vSphere Replication to Use an External Database
- Use the Embedded vSphere Replication Database
- Deploy an Additional vSphere Replication Server
- Register an Additional vSphere Replication Server
- Reconfigure vSphere Replication Server Settings
- Unregister and Remove a vSphere Replication Server
- Uninstall vSphere Replication
- Unregister vSphere Replication from vCenter Server if the Appliance Was Deleted
- Upgrading vSphere Replication
- Creating SRM Placeholders and Mappings
- Installing SRM to Use with a Shared Recovery Site
- Limitations of Using SRM in Shared Recovery Site Configuration
- SRM Licenses in a Shared Recovery Site Configuration
- Install SRM In a Shared Recovery Site Configuration
- Install SRM Server on Multiple Protected Sites to Use with a Shared Recovery Site
- Install Multiple SRM Server Instances on a Shared Recovery Site
- Install the SRM Client Plug-In In a Shared Recovery Site Configuration
- Connect to SRM in a Shared Recovery Site Configuration
- Connect the SRM Sites in a Shared Recovery Site Configuration
- Configure Placeholders and Mappings in a Shared Recovery Site Configuration
- Use Array-Based Replication in a Shared Recovery Site Configuration
- Use vSphere Replication in a Shared Recovery Site Configuration
- Troubleshooting SRM Installation and Configuration
- Cannot Restore SQL Database to a 32-Bit Target Virtual Machine During SRM Upgrade
- SRM Server Does Not Start
- vSphere Client Cannot Connect to SRM
- Site Pairing Fails Because of Different Certificate Trust Methods
- Error at vService Bindings When Deploying the vSphere Replication Appliance
- OVF Package is Invalid and Cannot be Deployed
- vSphere Replication Appliance or vSphere Replication Server Does Not Deploy from the SRM Interface
- Connection Errors Between vSphere Replication and SQL Server Cannot be Resolved
- 404 Error Message when Attempting to Pair vSphere Replication Appliances
- vSphere Replication Service Fails with Unresolved Host Error
- Increase the Memory of the vSphere Replication Server for Large Deployments
- vSphere Replication Appliance Extension Cannot Be Deleted
- Uploading a Valid Certificate to vSphere Replication Results in a Warning
- vSphere Replication Status Shows as Disconnected
- vSphere Replication Server Registration Takes Several Minutes
- vSphere Replication is Inaccessible After Changing vCenter Server Certificate
- Index
Requirements When Using Public Key Certificates with SRM
If you installed SSL certificates issued by a trusted certificate authority (CA) on the vCenter Server that
supports SRM, the certificates you create for use by SRM must meet specific criteria.
While SRM uses standard PKCS#12 certificate for authentication, it places a few specific requirements on the
contents of certain fields of those certificates. These requirements apply to the certificates used by both
members of an SRM Server pair.
NOTE The certificate requirements for vSphere Replication differ from those of SRM. If you use
vSphere Replication with public key certificates, see “Requirements When Using a Public Key Certificate
with vSphere Replication,” on page 59.
n
The certificates must have a Subject Name value constructed from the following components.
n
A Common Name (CN) attribute, the value of which must be the same for both members of the
pair. A string such as SRM is appropriate here.
n
An Organization (O) attribute, the value of which must be the same as the value of this attribute in
the supporting vCenter Server certificate.
n
An Organizational Unit (OU) attribute, the value of which must be the same as the value of this
attribute in the supporting vCenter Server certificate.
n
The certificate used by each member of an SRM Server pair must include a Subject Alternative Name
attribute the value of which is the fully-qualified domain name of the SRM Server host. This value will
be different for each member of the SRM Server pair. Because this name is subject to a case-sensitive
comparison, use lowercase letters when specifying the name during SRM installation.
n
If you are using an openssl CA, modify the openssl configuration file to include a line like the
following if the SRM Server host's fully-qualified domain name is srm1.example.com:
subjectAltName = DNS: srm1.example.com
n
If you are using a Microsoft CA, refer to http://support.microsoft.com/kb/931351 for information on
how to set the Subject Alternative Name.
n
If both SRM Server and vCenter Server run on the same host machine, you must provide two
certificates, one for SRM and one for vCenter Server. Each certificate must have the Subject Alternative
Name attribute set to the fully-qualified domain name of the host machine. Consequently, from a
security perspective, it is better to run SRM Server and vCenter Server on different host machines.
n
The certificate used by each member of an SRM Server pair must include an extendedKeyUsage or
enhancedKeyUsage attribute the value of which is serverAuth, clientAuth. If you are using an openssl
CA, modify the openssl configuration file to include a line like the following:
extendedKeyUsage = serverAuth, clientAuth
n
The SRM certificate password must not exceed 31 characters.
n
The SRM certificate key length must be a minimum of 2048-bits.
n
SRM accepts certificates with MD5RSA and SHA1RSA signature algorithms, but these are not
recommended. Use SHA256RSA or stronger signature algorithms.
NOTE vSphere Replication does not support or accept MD5RSA certificates.
Site Recovery Manager Installation and Configuration
28 VMware, Inc.