5.5
Table Of Contents
- VMware vSphere Replication Administration
- Contents
- vSphere Replication Administration
- Updated Information
- Overview of VMware vSphere Replication
- vSphere Replication Roles and Permissions
- vSphere Replication System Requirements
- Installing vSphere Replication
- Deploying Additional vSphere Replication Servers
- Upgrading vSphere Replication
- Reconfigure the vSphere Replication Appliance
- Reconfigure General vSphere Replication Settings
- Change the SSL Certificate of the vSphere Replication Appliance
- Change the Password of the vSphere Replication Appliance
- Change Keystore and Truststore Passwords of the vSphere Replication Appliance
- Configure vSphere Replication Network Settings
- Configure vSphere Replication System Settings
- Reconfigure vSphere Replication to Use an External Database
- Use the Embedded vSphere Replication Database
- Replicating Virtual Machines
- How the Recovery Point Objective Affects Replication Scheduling
- Replicating a Virtual Machine and Enabling Multiple Point in Time Instances
- Using vSphere Replication with Virtual SAN Storage
- Replicating Virtual Machines Using Replication Seeds
- Replicating a Virtual Machine in a Single vCenter Server Instance
- Configure Replication for a Single Virtual Machine
- Configure Replication for Multiple Virtual Machines
- Move a Virtual Machine to a New vSphere Replication Server
- Stop Replicating a Virtual Machine
- Reconfiguring Replications
- Performing a Recovery with vSphere Replication
- Monitoring and Managing Replications in vSphere Replication
- Troubleshooting vSphere Replication
- vSphere Replication Limitations
- Access the vSphere Replication Logs
- vSphere Replication Events and Alarms
- Solutions for Common vSphere Replication Problems
- Error at vService Bindings When Deploying the vSphere Replication Appliance
- OVF Package is Invalid and Cannot be Deployed
- Connection Errors Between vSphere Replication and SQL Server Cannot be Resolved
- Application Quiescing Changes to File System Quiescing During vMotion to an Older Host
- Configuring Replication Fails for Virtual Machines with Two Disks on Different Datastores
- vSphere Replication Service Fails with Unresolved Host Error
- Scalability Problems when Replicating Many Virtual Machines with a Short RPO to a Shared VMFS Datastore on ESXi Server 5.0
- vSphere Replication Sites Appear in the Disconnected State
- Error Recovering Virtual Machine in a Single vCenter Server Instance
- vSphere Replication RPO Violations
- vSphere Replication Appliance Extension Cannot Be Deleted
- vSphere Replication Does Not Start After Moving the Host
- Unexpected vSphere Replication Failure Results in a Generic Error
- Increase the Memory of the vSphere Replication Server for Large Deployments
- Reconnecting Sites Fails If One Of the vCenter Servers Has Changed Its IP Address
- Uploading a Valid Certificate to vSphere Replication Results in a Warning
- vSphere Replication Server Registration Takes Several Minutes
- Generating Support Bundles Disrupts vSphere Replication Recovery
- vSphere Replication Operations Take a Long Time to Complete
- vSphere Replication Does Not Display Incoming Replications When the Source Site is Inaccessible
- vSphere Replication is Inaccessible After Changing vCenter Server Certificate
- vSphere Replication Cannot Establish a Connection to the Hosts
- Anti-virus Agent in Firewall Terminates Virtual Machine Replication
- Initial Full Synchronization of Virtual Machine Files to VMware Virtual SAN Storage Is Slow
- vSphere Web Client 5.1.x Non-Functioning Option Binds vSphere Replication Traffic to a Specific vmknic
- Configuring Replication Fails After Rebuilding VRMS
- vSphere Replication Operations Run Slowly as the Number of Replications Increases
vSphere Replication can trust remote server certificates either by verifying the validity of the certificate
and its thumbprint or by verifying the thumbprint only. The default is to verify by thumbprint only. You can
activate the verification of the certificate validity in the virtual appliance management interface (VAMI) of
the vSphere Replication appliance by selecting the option Accept only SSL certificates signed by a
trusted Certificate Authority when you upload a certificate.
Thumbprint Verification vSphere Replication checks for a thumbprint match. vSphere Replication
trusts remote server certificates if it can verify the the thumbprints through
secure vSphere platform channels or, in some rare cases, after the user
confirms them. vSphere Replication only takes certificate thumbprints into
account when verifying the certificates and does not check certificate
validity.
Verification of
Thumbprint and
Certificate Validity
vSphere Replication checks the thumbprint and checks that all server
certificates are valid. If you select the Accept only SSL certificates
signed by a trusted Certificate Authority option, vSphere Replication
refuses to communicate with a server with an invalid certificate. When
verifying certificate validity, vSphere Replication checks expiration dates,
subject names and the certificate issuing authorities.
In both modes, vSphere Replication retrieves thumbprints from vCenter Server. vSphere Replication
refuses to communicate with a server if the automatically determined thumbprint differs from the actual
thumbprint that it detects while communicating with the respective server.
You can mix trust modes between vSphere Replication appliances at different sites. A pair of
vSphere Replication appliances can work successfully even if you configure them to use different trust
modes.
Requirements When Using a Public Key Certiļ¬cate with vSphere
Replication
If you enforce verification of certificate validity by selecting Accept only SSL certificates signed by a
trusted Certificate Authority in the virtual appliance management interface (VAMI) of the
vSphere Replication appliance, some fields of the certificate request must meet certain requirements.
vSphere Replication can only import and use certificates and private keys from a file in the PKCS#12
format. Sometimes these files have a .pfx extension.
n
The certificate must be issued for the same server name as the value in the VRM Host setting in the
VAMI. Setting the certificate subject name accordingly is sufficient, if you put a host name in the VRM
Host setting. If any of the certificate Subject Alternative Name fields of the certificate matches the
VRM Host setting, this will work as well.
n
vSphere Replication checks the issue and expiration dates of the certificate against the current date,
to ensure that the certificate has not expired.
VMware vSphere Replication Administration
VMware, Inc. 46