6.1
Table Of Contents
- Site Recovery Manager Installation and Configuration
- Contents
- About VMware Site Recovery Manager Installation and Configuration
- Updated Information
- Overview of VMware Site Recovery Manager
- Site Recovery Manager System Requirements
- Creating the Site Recovery Manager Database
- Site Recovery Manager Authentication
- Creating SSL/TLS Server Endpoint Certificates for Site Recovery Manager
- Installing Site Recovery Manager
- Site Recovery Manager and vCenter Server Deployment Models
- Site Recovery Manager in a Two-Site Topology with One vCenter Server Instance per Platform Services Controller
- Site Recovery Manager in a Two-Site Topology with Multiple vCenter Server Instances per Platform Services Controller
- Site Recovery Manager in a Single Site Topology with a Shared Platform Services Controller
- Prerequisites and Best Practices for Site Recovery Manager Server Installation
- Install Site Recovery Manager Server
- Connect the Site Recovery Manager Server Instances on the Protected and Recovery Sites
- Establish a Client Connection to the Remote Site Recovery Manager Server Instance
- Install the Site Recovery Manager License Key
- Site Recovery Manager Server Does Not Start
- Unregister an Incompatible Version of vSphere Replication
- Site Recovery Manager and vCenter Server Deployment Models
- Modifying and Uninstalling Site Recovery Manager
- Modify a Site Recovery Manager Server Installation
- Reconfigure the Connection Between Sites
- Break the Site Pairing and Connect to a New Remote Site
- Repair a Site Recovery Manager Server Installation
- Rename a Site Recovery Manager Site
- Uninstall Site Recovery Manager
- Uninstall and Reinstall the Same Version of Site Recovery Manager
- Upgrading Site Recovery Manager
- Information That Site Recovery Manager Upgrade Preserves
- Types of Upgrade that Site Recovery Manager Supports
- Upgrade Site Recovery Manager
- Order of Upgrading vSphere and Site Recovery Manager Components
- Prerequisites and Best Practices for Site Recovery Manager Upgrade
- In-Place Upgrade of Site Recovery Manager Server
- Upgrade Site Recovery Manager Server with Migration
- Configure and Verify the Upgraded Site Recovery Manager Installation
- Revert to a Previous Release of Site Recovery Manager
- Installing Site Recovery Manager to Use with a Shared Recovery Site
- Shared Recovery Sites and vCenter Server Deployment Models
- Limitations of Using Site Recovery Manager in Shared Recovery Site Configuration
- Site Recovery Manager Licenses in a Shared Recovery Site Configuration
- Install Site Recovery Manager In a Shared Recovery Site Configuration
- Use vSphere Replication in a Shared Recovery Site Configuration
- Install Site Recovery Manager Server on Multiple Protected Sites to Use with a Shared Recovery Site
- Install Multiple Site Recovery Manager Server Instances on a Shared Recovery Site
- Connect the Site Recovery Manager Sites in a Shared Recovery Site Configuration
- Use Array-Based Replication in a Shared Recovery Site Configuration
- Configure Placeholders and Mappings in a Shared Recovery Site Configuration
- Upgrade Site Recovery Manager in a Shared Recovery Site Configuration
- Index
Site Recovery Manager
Authentication 4
The Platform Services Controller handles the authentication between Site Recovery Manager and
vCenter Server at the vCenter Single Sign-On level.
All communications between Site Recovery Manager and vCenter Server instances take place over transport
layer security (TLS) connections. Previous versions of Site Recovery Manager supported both secure sockets
layer (SSL) and TLS connections. This version of Site Recovery Manager only supports TLS, due to
weaknesses identified in SSL 3.0.
Solution User Authentication
In Site Recovery Manager 5.x, you used either credential-based authentication or certificate-based
authentication to authenticate with vCenter Server. Site Recovery Manager 6.x uses solution user
authentication to establish secure communication to remote services, such as the
Platform Services Controller and vCenter Server. A solution user is a security principal that the
Site Recovery Manager installer generates. The installer assigns a private key and a certificate to the solution
user and registers it with the vCenter Single Sign-On service. The solution user is tied to a specific
Site Recovery Manager instance. You cannot access the solution user private key or certificate. You cannot
replace the solution user certificate with a custom certificate.
After installation, you can see the Site Recovery Manager solution user in the Administration view of the
vSphere Web Client. Do not attempt to manipulate the Site Recovery Manager solution user. The solution
user is for internal use by Site Recovery Manager, vCenter Server, and vCenter Single Sign-On.
During operation, Site Recovery Manager establishes authenticated communication channels to remote
services by using certificate-based authentication to acquire a holder-of-key SAML token from vCenter
Single Sign-On. Site Recovery Manager sends this token in a cryptographically signed request to the remote
service. The remote service validates the token and establishes the identity of the solution user.
Solution Users and Site Recovery Manager Site Pairing
When you pair Site Recovery Manager instances across vCenter Single Sign-On sites do not use Enhanced
Linked Mode, Site Recovery Manager creates an additional solution user for the remote site at each site. This
solution user for the remote site allows the Site Recovery Manager Server at the remote site to authenticate
to services on the local site.
When you pair Site Recovery Manager instances in a vCenter Single Sign-On environment with Enhanced
Linked Mode, Site Recovery Manager at the remote site uses the same solution user to authenticate to
services on the local site.
VMware, Inc.
23