6.5
Table Of Contents
- VMware vSphere Replication Installation and Configuration
- Contents
- vSphere Replication Installation and Configuration
- Updated Information
- Overview of VMware vSphere Replication
- vSphere Replication System Requirements
- Installing and Uninstalling vSphere Replication
- Install vSphere Replication
- Uninstall vSphere Replication
- Unregister vSphere Replication from vCenter Server if the Appliance Was Deleted
- Configuring the Customer Experience Improvement Program
- Isolating the Network Traffic of vSphere Replication
- Set Up a VMkernel Adapter for vSphere Replication Traffic on a Source Host
- Set Up a VMkernel Adapter for vSphere Replication Traffic on a Target Host
- Create a VM Network Adapter to Use for Incoming Replication Traffic on the Combined vSphere Replication Appliance
- Create VM Network Adapters to Isolate the Network Traffic of a vSphere Replication Server
- Deploying Additional vSphere Replication Servers
- Upgrading vSphere Replication
- Reconfigure the vSphere Replication Appliance
- Reconfigure General vSphere Replication Settings
- Change the SSL Certificate of the vSphere Replication Appliance
- Change the Password of the vSphere Replication Appliance
- Change Keystore and Truststore Passwords of the vSphere Replication Appliance
- Configure vSphere Replication Network Settings
- Configure vSphere Replication System Settings
- Update the NTP Server Configuration
- Reconfigure vSphere Replication to Use an External Database
- Use the Embedded vSphere Replication Database
- vSphere Replication Roles and Permissions
In both modes, vSphere Replication retrieves thumbprints from vCenter Server. vSphere Replication
refuses to communicate with a server if the automatically determined thumbprint differs from the actual
thumbprint that it detects while communicating with the respective server.
You can mix trust modes between vSphere Replication appliances at different sites. A pair of
vSphere Replication appliances can work successfully even if you configure them to use different trust
modes.
Requirements When Using a Public Key Certiļ¬cate with vSphere
Replication
If you enforce verification of certificate validity by selecting Accept only SSL certificates signed by a
trusted Certificate Authority in the virtual appliance management interface (VAMI) of the
vSphere Replication appliance, some fields of the certificate request must meet certain requirements.
vSphere Replication can only import and use certificates and private keys from a file in the PKCS#12
format. Sometimes these files have a .pfx extension.
n
The certificate must be issued for the same server name as the value in the VRM Host setting in the
VAMI. Setting the certificate subject name accordingly is sufficient, if you put a host name in the VRM
Host setting. If any of the certificate Subject Alternative Name fields of the certificate matches the
VRM Host setting, this will work as well.
n
vSphere Replication checks the issue and expiration dates of the certificate against the current date,
to ensure that the certificate has not expired.
n
If you use your own certificate authority, for example one that you create and manage with the
OpenSSL tools, you must add the fully qualified domain name or IP address to the OpenSSL
configuration file.
n
If the fully qualified domain name of the appliance is VR1.example.com, add subjectAltName =
DNS: VR1.example.com to the OpenSSL configuration file.
n
If you use the IP address of the appliance, add subjectAltName = IP: vr-appliance-ip-
address to the OpenSSL configuration file.
n
vSphere Replication requires a trust chain to a well-known root certificate authority.
vSphere Replication trusts all the certificate authorities that the Java Virtual Machine trusts. Also, you
can manually import additional trusted CA certificates in /opt/vmware/hms/security/hms-
truststore.jks on the vSphere Replication appliance.
n
vSphere Replication accepts MD5 and SHA1 signatures, but VMware recommends that you use
SHA256 signatures.
n
vSphere Replication does not accept RSA or DSA certificates with 512-bit keys. vSphere Replication
requires at least 1024-bit keys. VMware recommends using 2048-bit public keys. vSphere Replication
shows a warning if you use a 1024-bit key.
VMware vSphere Replication Installation and Configuration
VMware, Inc. 53