VMware vCenter Site Recovery Manager - 6.1 Installation Manual
Site Recovery Manager Installation and
Configuration
Site Recovery Manager 6.1
This document supports the version of each product listed and
supports all subsequent versions until the document is
replaced by a new edition. To check for more recent editions
of this document, see http://www.vmware.com/support/pubs.
EN-001771-01
Site Recovery Manager Installation and Configuration
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
Copyright © 2008–2015 VMware, Inc. All rights reserved. Copyright and trademark information.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
About VMware Site Recovery Manager Installation and Configuration 5
Updated Information 7
Overview of VMware Site Recovery Manager 9
1
About Protected Sites and Recovery Sites 10
Bidirectional Protection 11
Heterogeneous Configurations on the Protected and Recovery Sites 11
Site Recovery Manager System Requirements 13
2
Site Recovery Manager Licensing 14
Operational Limits of Site Recovery Manager 15
Creating the Site Recovery Manager Database 17
3
Requirements when Using Microsoft SQL Server with Site Recovery Manager 18
Requirements for Using Oracle Server with Site Recovery Manager 19
Back Up and Restore the Embedded vPostgres Database 19
Create an ODBC System DSN for Site Recovery Manager 20
Site Recovery Manager Authentication 23
4
Creating SSL/TLS Server Endpoint Certificates for Site Recovery Manager 25
5
Requirements When Using Custom SSL/TLS Certificates with Site Recovery Manager 25
Installing Site Recovery Manager 27
6
Site Recovery Manager and vCenter Server Deployment Models 28
Prerequisites and Best Practices for Site Recovery Manager Server Installation 32
Install Site Recovery Manager Server 34
Connect the Site Recovery Manager Server Instances on the Protected and Recovery Sites 38
Establish a Client Connection to the Remote Site Recovery Manager Server Instance 39
Install the Site Recovery Manager License Key 39
Site Recovery Manager Server Does Not Start 40
Unregister an Incompatible Version of vSphere Replication 41
VMware, Inc.
Modifying and Uninstalling Site Recovery Manager 43
7
Modify a Site Recovery Manager Server Installation 44
Reconfigure the Connection Between Sites 46
Break the Site Pairing and Connect to a New Remote Site 47
Repair a Site Recovery Manager Server Installation 48
Rename a Site Recovery Manager Site 49
Uninstall Site Recovery Manager 49
3
Site Recovery Manager Installation and Configuration
Uninstall and Reinstall the Same Version of Site Recovery Manager 50
Upgrading Site Recovery Manager 53
8
Information That Site Recovery Manager Upgrade Preserves 53
Types of Upgrade that Site Recovery Manager Supports 55
Upgrade Site Recovery Manager 56
Installing Site Recovery Manager to Use with a Shared Recovery Site 69
9
Shared Recovery Sites and vCenter Server Deployment Models 72
Limitations of Using Site Recovery Manager in Shared Recovery Site Configuration 73
Site Recovery Manager Licenses in a Shared Recovery Site Configuration 75
Install Site Recovery Manager In a Shared Recovery Site Configuration 76
Upgrade Site Recovery Manager in a Shared Recovery Site Configuration 82
Index 85
4 VMware, Inc.
About VMware Site Recovery Manager Installation and Configuration
Site Recovery Manager Installation and Configuration provides information about how to install, upgrade, and
configure VMware Site Recovery Manager.
This information also provides a general overview of Site Recovery Manager.
For information about how to perform day-to-day administration of Site Recovery Manager, see Site
Recovery Manager Administration.
Intended Audience
This information is intended for anyone who wants to install, upgrade, or configure Site Recovery Manager.
The information is written for experienced Windows or Linux system administrators who are familiar with
virtual machine technology and datacenter operations.
VMware, Inc.
5
Site Recovery Manager Installation and Configuration
6 VMware, Inc.
Updated Information
Site Recovery Manager Installation and Configuration is updated with each release of the product or when
necessary.
This table provides the update history of Site Recovery Manager Installation and Configuration.
Revision Description
EN-001771-01 Replaced "federated environment" with "Enhanced Linked Mode" throughout.
EN-001771-00 Initial release.
VMware, Inc. 7
Site Recovery Manager Installation and Configuration
8 VMware, Inc.
Overview of
VMware Site Recovery Manager 1
VMware Site Recovery Manager is a business continuity and disaster recovery solution that helps you to
plan, test, and run the recovery of virtual machines between a protected vCenter Server site and a recovery
vCenter Server site.
You can configure Site Recovery Manager to protect virtual machines in different ways.
Datastore groups
Individual virtual
machines
Storage policies
You can use Site Recovery Manager to implement different types of recovery from the protected site to the
recovery site.
Planned migration
Disaster recovery
Site Recovery Manager orchestrates the recovery process with the replication mechanisms, to minimize data
loss and system down time.
Protect the virtual machines in datastore groups by using third-party disk
replication mechanisms to configure array-based replication. Array-based
replication surfaces replicated datastores to recover virtual machine
workloads.
Protect the individual virtual machines on a host by using
Site Recovery Manager in combination with VMware vSphere Replication.
Protect virtual machines based on their association with specific storage
policies. Protecting virtual machines by using storage policies requires arraybased replication.
The orderly evacuation of virtual machines from the protected site to the
recovery site. Planned migration prevents data loss when migrating
workloads in an orderly fashion. For planned migration to succeed, both
sites must be running and fully functioning.
Similar to planned migration except that disaster recovery does not require
that both sites be up and running, for example if the protected site goes
offline unexpectedly. During a disaster recovery operation, failure of
operations on the protected site is reported but is otherwise ignored.
VMware, Inc.
At the protected site, Site Recovery Manager shuts down virtual machines cleanly and synchronizes
n
storage, if the protected site is still running.
Site Recovery Manager powers on the replicated virtual machines at the recovery site according to a
n
recovery plan.
9
appsOSapps
OS
appsOSapps
OS
appsOSapps
OS
Site A
Protected
site goes
offline
Replica
virtual
machines
power on
Virtual machines replicate from site A to site B
Site B
appsOSapps
OS
appsOSapps
OS
appsOSapps
OS
Protection group
Site Recovery Manager Installation and Configuration
A recovery plan specifies the order in which virtual machines start up on the recovery site. A recovery plan
specifies network parameters, such as IP addresses, and can contain user-specified scripts that
Site Recovery Manager can run to perform custom recovery actions on virtual machines.
Site Recovery Manager lets you test recovery plans. You conduct tests by using a temporary copy of the
replicated data in a way that does not disrupt ongoing operations at either site.
About Protected Sites and Recovery Sites on page 10
n
In a typical Site Recovery Manager installation, the protected site provides business-critical datacenter
services. The recovery site is an alternative infrastructure to which Site Recovery Manager can migrate
these services.
Bidirectional Protection on page 11
n
You can use a single set of paired Site Recovery Manager sites to protect virtual machines in both
directions. Each site can simultaneously be a protected site and a recovery site, but for a different set of
virtual machines.
Heterogeneous Configurations on the Protected and Recovery Sites on page 11
n
Some components in the Site Recovery Manager and vCenter Server installations must be identical on
each site. Because the protected and recovery sites are often in different physical locations, some
components on the protected site can be of a different type to their counterparts on the recovery site.
About Protected Sites and Recovery Sites
In a typical Site Recovery Manager installation, the protected site provides business-critical datacenter
services. The recovery site is an alternative infrastructure to which Site Recovery Manager can migrate these
services.
The protected site can be any site where vCenter Server supports a critical business need. The recovery site
can be located thousands of miles away from the protected site. Conversely, the recovery site can be in the
same room as a way of establishing redundancy. The recovery site is usually located in a facility that is
unlikely to be affected by environmental, infrastructure, or other disturbances that affect the protected site.
You can establish bidirectional protection in which each site serves as the recovery site for the other. See
“Bidirectional Protection,” on page 11.
Figure 1‑1. Site Recovery Manager Protected and Recovery Sites
The vSphere configurations at each site must meet requirements for Site Recovery Manager.
You must run the same version of Site Recovery Manager on both sites.
n
You must run the same version of vCenter Server on both sites.
n
The version of vCenter Server must be compatible with the version of Site Recovery Manager. For
n
10 VMware, Inc.
information about compatibility between vCenter Server and Site Recovery Manager versions, see
vCenter Server Requirements in the Compatibility Matrixes for Site Recovery Manager 6.1 at
https://www.vmware.com/support/srm/srm-compat-matrix-6-1.html.
Each site must have at least one datacenter.
n
Chapter 1 Overview of VMware Site Recovery Manager
If you are using array-based replication, the same replication technology must be available at both sites,
n
and the arrays must be paired.
If you are using vSphere Replication, you require a vSphere Replication appliance on both sites. The
n
vSphere Replication appliances must be connected to each other.
The vSphere Replication appliances must be of the same version.
n
The vSphere Replication version must be compatible with the version of Site Recovery Manager. For
n
information about compatibility between vSphere Replication and Site Recovery Manager versions, see
vSphere Replication Requirements in the Compatibility Matrixes for Site Recovery Manager 6.1 at
https://www.vmware.com/support/srm/srm-compat-matrix-6-1.html.
The recovery site must have hardware, network, and storage resources that can support the same
n
virtual machines and workloads as the protected site. You can oversubscribe the recovery site by
running additional virtual machines there that are not protected. In this case, during a recovery you
must suspend noncritical virtual machines on the recovery site.
The sites must be connected by a reliable IP network. If you are using array-based replication, ensure
n
that your network connectivity meets the arrays' network requirements.
The recovery site should have access to comparable public and private networks as the protected site,
n
although not necessarily the same range of network addresses.
Bidirectional Protection
You can use a single set of paired Site Recovery Manager sites to protect virtual machines in both directions.
Each site can simultaneously be a protected site and a recovery site, but for a different set of virtual
machines.
You can implement bidirectional protection by protecting datastore groups or storage policies by using
array-based replication or by protecting individual virtual machines by using vSphere Replication. If you
are using array-based replication, each of the array’s LUNs replicates in only one direction. Two LUNs in
paired arrays can replicate in different directions from each other.
Heterogeneous Configurations on the Protected and Recovery Sites
Some components in the Site Recovery Manager and vCenter Server installations must be identical on each
site. Because the protected and recovery sites are often in different physical locations, some components on
the protected site can be of a different type to their counterparts on the recovery site.
Although components can be different on each site, you must use the types and versions of these
components that Site Recovery Manager supports. See the Compatibility Matrixes for Site Recovery Manager 6.1
at https://www.vmware.com/support/srm/srm-compat-matrix-6-1.html for information.
Table 1‑1. Heterogeneity of Site Recovery Manager Components Between Sites
Component Heterogeneous or Identical Installations
Site Recovery Manager Server Must be the same version on both sites.
vCenter Server and Platform Services Controller Must be the same version on both sites. The
Site Recovery Manager version must be compatible with
the vCenter Server and Platform Services Controller
version.
vSphere Replication Must be the same version on both sites. The
vSphere Replication version must be compatible with the
Site Recovery Manager version and the vCenter Server
version.
vCenter Server Appliance or standard vCenter Server
instance
Can be different on each site. You can run a vCenter Server
Appliance on one site and a standard vCenter Server
instance on the other site.
VMware, Inc. 11
Site Recovery Manager Installation and Configuration
Table 1‑1. Heterogeneity of Site Recovery Manager Components Between Sites (Continued)
Component Heterogeneous or Identical Installations
Storage arrays for array-based replication Can be different versions on each site. You can use
different versions of the same type of storage array on each
site. The Site Recovery Manager Server instance on each
site requires the appropriate storage replication adapter
(SRA) for each version of storage array for that site. Check
SRA compatibility with all versions of your storage arrays
to ensure compatibility.
Site Recovery Manager database Can be different on each site. You can use different
versions of the same type of database on each site, or
different types of database on each site.
Host operating system of the Site Recovery Manager Server
installation
Host operating system of the vCenter Server installation Can be different on each site. You can run different
Can be different on each site. You can run different
versions of the host operating system and the host
operating system can run in different locales on each site.
versions of the host operating system and the host
operating system can run in different locales on each site.
Example: Heterogenous Configurations on the Protected and Recovery Sites
The Site Recovery Manager and vCenter Server installations might be in different countries, with different
setups.
Site A in Japan:
n
Site Recovery Manager Server runs on Windows Server 2008 in the Japanese locale
n
Site Recovery Manager extends a vCenter Server Appliance instance
n
Site Recovery Manager Server uses the embedded Site Recovery Manager database
n
Site B in the United States:
n
Site Recovery Manager Server runs on Windows Server 2012 in the English locale
n
Site Recovery Manager extends a standard vCenter Server instance that runs on Windows Server
n
2008 in the English locale
Site Recovery Manager Server uses an Oracle Server database
n
12 VMware, Inc.
Site Recovery Manager System
Requirements 2
The system on which you install Site Recovery Manager must meet specific hardware requirements.
Table 2‑1. Minimum Site Recovery Manager System Requirements
Component Requirement
Processor At least two 2.0GHz or higher Intel or AMD x86
processors. Site Recovery Manager deloyments that
manage large environments require four 2.0GHz CPUs.
Memory 2GB minimum. You might require more memory if you use
the embedded database, as the content of the database
grows. The memory requirement increases if
Site Recovery Manager manages large environments.
Disk Storage 5GB minimum. If you install Site Recovery Manager on a
different drive to the C: drive, the Site Recovery Manager
installer still requires at least 1GB of free space on the C:
drive. This space is required for extracting and caching the
installation package. You might require more disk storage
if you use the embedded database, as the content of the
database grows.
Networking 1 Gigabit recommended for communication between
Site Recovery Manager sites.
Use a trusted network for the deployment and use of
Site Recovery Manager and for the management of ESXi
hosts.
VMware, Inc.
For information about supported platforms and databases, see the Compatibility Matrixes for Site Recovery
Manager 6.1 at https://www.vmware.com/support/srm/srm-compat-matrix-6-1.html.
Site Recovery Manager Licensing on page 14
n
After you install Site Recovery Manager, it remains in evaluation mode until you install a
Site Recovery Manager license key.
Operational Limits of Site Recovery Manager on page 15
n
Each Site Recovery Manager server can support a certain number of protected virtual machines,
protection groups, datastore groups, recovery plans, and concurrent recoveries.
13
Site Recovery Manager Installation and Configuration
Site Recovery Manager Licensing
After you install Site Recovery Manager, it remains in evaluation mode until you install a
Site Recovery Manager license key.
After the evaluation license expires, existing protection groups remain protected and you can recover them,
but you cannot create new protection groups or add virtual machines to an existing protection group until
you obtain and assign a valid Site Recovery Manager license key. Obtain and assign Site Recovery Manager
license keys as soon as possible after installing Site Recovery Manager.
Site Recovery Manager licenses allow you to protect a set number of virtual machines. To obtain
Site Recovery Manager license keys, go to the Site Recovery Manager Product Licensing Center at
http://www.vmware.com/products/site-recovery-manager/buy.html, or contact your VMware sales
representative.
Site Recovery Manager License Keys and vCenter Server Instances in Linked
Mode
If your vCenter Server instances are connected with vCenter Server instances in linked mode, you install the
same Site Recovery Manager license on both vCenter Server instances.
Site Recovery Manager License Keys and Shared Platform Services Controller
Instances
You can share an external Platform Services Controller across several vCenter Server instances. In this case,
you can use the same Site Recovery Manager license on different vCenter Server instances as long as the
vCenter Server instances belong to the same Platform Services Controller.
Site Recovery Manager License Keys and Protected and Recovery Sites
Site Recovery Manager requires a license key on any site on which you protect virtual machines.
Install a Site Recovery Manager license key at the protected site to enable protection in one direction
n
from the protected site to the recovery site.
Install the same Site Recovery Manager license keys at both sites to enable bidirectional protection,
n
including reprotect.
Site Recovery Manager checks for a valid license whenever you add a virtual machine to or remove a virtual
machine from a protection group. If licenses are not in compliance, vSphere triggers a licensing alarm and
Site Recovery Manager prevents you from protecting further virtual machines. Configure alerts for
triggered licensing events so that licensing administrators receive a notification by email.
Site Recovery Manager and vCloud Suite Licensing
You can license Site Recovery Manager individually or as part of vCloud Suite. You should consider the
licensing and integration options that are available to you.
When products are part of vCloud Suite, they are licensed on a per-CPU basis. You can run an unlimited
number of virtual machines on CPUs that are licensed with vCloud Suite.
NOTE You cannot mix license types. For example, you cannot protect a certain number of virtual machines
by using per-CPU licenses and other virtual machines by using per-VM licenses.
14 VMware, Inc.
Chapter 2 Site Recovery Manager System Requirements
You can combine the features of Site Recovery Manager with other components of vCloud Suite to leverage
the full capabilities of the software-defined data center. For more information, see vCloud Suite Architecture
Overview and Use Cases.
Not all features and capabilities of vSphere are available in all editions. For a comparison of feature sets in
each edition, see http://www.vmware.com/products/vsphere/.
Example: Site Recovery Manager Licenses Required for Recovery and
Reprotect
You have a site that contains 25 virtual machines for Site Recovery Manager to protect.
For recovery, you require a license for at least 25 virtual machines, that you install on the protected site
n
to allow one-way protection from the protected site to the recovery site.
For reprotect, you require a license for at least 25 virtual machines, that you install on both the
n
protected and the recovery site to allow bidirectional protection between the sites.
Operational Limits of Site Recovery Manager
Each Site Recovery Manager server can support a certain number of protected virtual machines, protection
groups, datastore groups, recovery plans, and concurrent recoveries.
For details about the operational limits of Site Recovery Manager 6.1, see http://kb.vmware.com/kb/2119336.
VMware, Inc. 15
Site Recovery Manager Installation and Configuration
16 VMware, Inc.
Creating the Site Recovery Manager
Database 3
The Site Recovery Manager Server requires its own database, which it uses to store data such as recovery
plans and inventory information.
Site Recovery Manager provides an embedded vPostgreSQL database that you can use with minimal
configuration. You can select the option to use the embedded database when you install
Site Recovery Manager. The Site Recovery Manager installer creates the embedded database and a database
user account according to the information that you specify during installation.
You can also use an external database. If you use an external database, you must create the database and
establish a database connection before you can install Site Recovery Manager.
Site Recovery Manager cannot use the vCenter Server database because it has different database schema
requirements. You can use the vCenter Server database server to create and support the
Site Recovery Manager database.
Each Site Recovery Manager site requires its own instance of the Site Recovery Manager database. Use a
different database server instance to run the individual Site Recovery Manager databases for each site. If
you use the same database server instance to run the databases for both sites, and if the database server
experiences a problem, neither Site Recovery Manager site will work and you will not be able to perform a
recovery.
Site Recovery Manager does not require the databases on each site to be identical. You can run different
versions of a supported database from the same vendor on each site, or you can run databases from
different vendors on each site. For example, you can run different versions of Oracle Server on each site, or
you can have an Oracle Server database on one site and the embedded database on the other.
If you are updating Site Recovery Manager to a new version, you can use the existing database. Before you
attempt an upgrade, make sure that both Site Recovery Manager Server databases are backed up. Doing so
helps ensure that you can revert back to the previous version after the upgrade, if necessary.
For the list of database software that Site Recovery Manager supports, see the Compatibility Matrixes for Site
Recovery Manager 6.1 at https://www.vmware.com/support/srm/srm-compat-matrix-6-1.html.
Requirements when Using Microsoft SQL Server with Site Recovery Manager on page 18
n
When you create a Microsoft SQL Server database, you must configure it correctly to support
Site Recovery Manager.
Requirements for Using Oracle Server with Site Recovery Manager on page 19
n
When you create an Oracle Server database, you must configure it correctly to support
Site Recovery Manager.
Back Up and Restore the Embedded vPostgres Database on page 19
n
If you select the option to use an embedded database for Site Recovery Manager, the
Site Recovery Manager installer creates a vPostgres database during the installation process. You can
back up and restore the embedded vPostgres database by using PostgreSQL commands.
VMware, Inc.
17
Site Recovery Manager Installation and Configuration
Create an ODBC System DSN for Site Recovery Manager on page 20
n
You must provide Site Recovery Manager with a system database source name (DSN) for a 64-bit open
database connectivity (ODBC) connector. The ODBC connector allows Site Recovery Manager to
connect to the Site Recovery Manager database.
Requirements when Using Microsoft SQL Server with Site Recovery Manager
When you create a Microsoft SQL Server database, you must configure it correctly to support
Site Recovery Manager.
This information provides the requirements for an SQL Server database for use with Site Recovery Manager.
For specific instructions about creating an SQL Server database, see the SQL Server documentation.
Database user account:
n
If you use Integrated Windows Authentication to connect to SQL Server and SQL Server runs on
n
the same machine as Site Recovery Manager Server, use a local or domain account that has
administrative privileges on the Site Recovery Manager Server machine. Use the same account or
an account with the same privileges when you install Site Recovery Manager Server. When the
Site Recovery Manager installer detects an SQL Server data source name (DSN) that uses
Integrated Windows Authentication, it configures Site Recovery Manager Server to run under the
same account as you use for the installer, to guarantee that Site Recovery Manager can connect to
the database.
If you use Integrated Windows Authentication to connect to SQL Server and SQL Server runs on a
n
different machine from Site Recovery Manager Server, use a domain account with administrative
privileges on the Site Recovery Manager Server machine. Use the same account or an account with
the same privileges when you install Site Recovery Manager Server. When the
Site Recovery Manager installer detects an SQL Server data source name (DSN) that uses
Integrated Windows Authentication, it configures Site Recovery Manager Server to run under the
same account as you use for the installer, to guarantee that Site Recovery Manager can connect to
the database.
If you use SQL authentication, you can run the Site Recovery Manager service under the Windows
n
Local System account, even if SQL Server is running on a different machine to
Site Recovery Manager Server. The Site Recovery Manager installer configures the
Site Recovery Manager service to run under the Windows Local System account by default.
Make sure that the Site Recovery Manager database user account has the ADMINISTER BULK
n
OPERATIONS, CONNECT, and CREATE TABLE permissions.
Database schema:
n
The Site Recovery Manager database schema must have the same name as the database user
n
account.
The Site Recovery Manager database user must be the owner of the Site Recovery Manager
n
database schema.
The Site Recovery Manager database schema must be the default schema for the
n
Site Recovery Manager database user.
The Site Recovery Manager database must be the default database for all SQL connections that
n
Site Recovery Manager makes. You can set the default database either in the user account configuration
in SQL Server or in the DSN.
Map the database user account to the database login.
n
For information about database sizing, see the Sizing calculator for vCenter Site Recovery Manager databases MSSQL at http://www.vmware.com/products/site-recovery-manager/resource.html.
18 VMware, Inc.
Chapter 3 Creating the Site Recovery Manager Database
Requirements for Using Oracle Server with Site Recovery Manager
When you create an Oracle Server database, you must configure it correctly to support
Site Recovery Manager.
You create and configure an Oracle Server database for Site Recovery Manager by using the tools that
Oracle Server provides.
This information provides the general steps that you must perform to configure an Oracle Server database
for Site Recovery Manager. For instructions about how to perform the relevant steps, see the Oracle
documentation.
When creating the database instance, specify UTF-8 encoding.
n
Grant the Site Recovery Manager database user account the connect, resource, create session privileges
n
and permissions.
For information about database sizing, see the Sizing calculator for vCenter Site Recovery Manager databases -
Oracle at http://www.vmware.com/products/site-recovery-manager/resource.html.
Back Up and Restore the Embedded vPostgres Database
If you select the option to use an embedded database for Site Recovery Manager, the Site Recovery Manager
installer creates a vPostgres database during the installation process. You can back up and restore the
embedded vPostgres database by using PostgreSQL commands.
Always back up the Site Recovery Manager database before updating or upgrading Site Recovery Manager.
You also might need to back up and restore the embedded vPostgres database if you need to uninstall then
reinstall Site Recovery Manager and retain data from the previous installation, migrate
Site Recovery Manager Server to another host machine, or revert the database to a clean state in the event
that it becomes corrupted.
Prerequisites
For information about the commands that you use to back up and restore the embedded vPostgres database,
see the pg_dump and pg_restore commands in the PostgreSQL documentation at
http://www.postgresql.org/docs/9.3/static/index.html.
Procedure
1 Log into the system on which you installed Site Recovery Manager Server.
2 Stop the Site Recovery Manager service.
3 Navigate to the folder that contains the vPostgres commands.
If you installed Site Recovery Manager Server in the default location, you find the vPostgres commands
in C:\Program Files\VMware\VMware vCenter Site Recovery Manager Embedded Database\bin.
4 Create a backup of the embedded vPostgres database by using the pg_dump command.
pg_dump -Fc --host 127.0.0.1 --port port_number --username=db_username srm_db >
srm_backup_name
You set the port number, username, and password for the embedded vPostgres database when you
installed Site Recovery Manager. The default port number is 5678. The database name is srm_db and
cannot be changed.
5 Perform the actions that necessitate the backup of the embedded vPostgres database.
For example, update or upgrade Site Recovery Manager, uninstall and reinstall Site Recovery Manager,
or migrate Site Recovery Manager Server.
VMware, Inc. 19
Site Recovery Manager Installation and Configuration
6 (Optional) Restore the database from the backup that you created in Step 4 by using the pg_restore
command.
pg_restore -Fc --host 127.0.0.1 --port port_number --username=db_username --dbname=srm_db
srm_backup_name
7 Start the Site Recovery Manager service.
Create an ODBC System DSN for Site Recovery Manager
You must provide Site Recovery Manager with a system database source name (DSN) for a 64-bit open
database connectivity (ODBC) connector. The ODBC connector allows Site Recovery Manager to connect to
the Site Recovery Manager database.
You can create the ODBC system DSN before you run the Site Recovery Manager installer by running
Odbcad32.exe, the 64-bit Windows ODBC Administrator tool.
Alternatively, you can create an ODBC system DSN by running the Windows ODBC Administrator tool
during the Site Recovery Manager installation process.
NOTE If you use the embedded Site Recovery Manager database, the Site Recovery Manager installer
creates the ODBC system DSN according to the information that you provide during installation. If you
uninstall the embedded database, the uninstaller does not remove the DSN for the embedded database. The
DSN remains available for use with a future reinstallation of Site Recovery Manager.
Prerequisites
You created the database instance to connect to Site Recovery Manager.
Procedure
1 Double-click the Odbcad32.exe file at C:\Windows\System32 to open the 64-bit ODBC Administrator tool.
IMPORTANT Do not confuse the 64-bit Windows ODBC Administrator tool with the 32-bit ODBC
Administrator tool located in C:\Windows\SysWoW64. Do not use the 32-bit ODBC Administrator tool.
2 Click the System DSN tab and click Add.
3 Select the appropriate ODBC driver for your database software and click Finish.
Option Action
SQL Server
Oracle Server
Select SQL Server Native Client 10.0, SQL Server Native Client 11.0, or
ODBC Driver 11 for SQL Server.
Select Microsoft ODBC for Oracle.
20 VMware, Inc.
Chapter 3 Creating the Site Recovery Manager Database
4 (Optional) Create an SQL Server data source for the database.
a Provide the details for the data source.
Option Action
Name
Description
Server
Enter a name for this data source, for example SRM.
Enter a description of the data source, for example SRM.
Select the running database instance to which to connect or enter the
address of the database server.
b Select the authentication method that corresponds to the type of database user account that you
created and click Next.
If you select Integrated Windows Authentication, you must use the same user account, or an
account with the same privileges on the Site Recovery Manager Server host machine, when you run
the Site Recovery Manager.
c Select the Change the default database to check box and select the Site Recovery Manager
database.
d Click Next to retain the default settings for this database connection and click Finish.
5 (Optional) Create an Oracle Server data source for the database and click Next.
Option Action
Data Source Name
Description
TNS Service Name
User ID
Enter a name for this data source, for example SRM.
Enter a description of the data source, for example SRM.
Enter the address of the database server in the format
database_server_address:1521/database_name.
Enter the database user name.
6 Click Test Data Source to test the connection and click OK if the test succeeds.
If the test does not succeed, check the configuration information and try again.
7 Click OK to exit the Windows ODBC Administrator tool.
The ODBC driver for your database is ready to use.
VMware, Inc. 21
Site Recovery Manager Installation and Configuration
22 VMware, Inc.
Site Recovery Manager
Authentication 4
The Platform Services Controller handles the authentication between Site Recovery Manager and
vCenter Server at the vCenter Single Sign-On level.
All communications between Site Recovery Manager and vCenter Server instances take place over transport
layer security (TLS) connections. Previous versions of Site Recovery Manager supported both secure sockets
layer (SSL) and TLS connections. This version of Site Recovery Manager only supports TLS, due to
weaknesses identified in SSL 3.0.
Solution User Authentication
In Site Recovery Manager 5.x, you used either credential-based authentication or certificate-based
authentication to authenticate with vCenter Server. Site Recovery Manager 6.x uses solution user
authentication to establish secure communication to remote services, such as the
Platform Services Controller and vCenter Server. A solution user is a security principal that the
Site Recovery Manager installer generates. The installer assigns a private key and a certificate to the solution
user and registers it with the vCenter Single Sign-On service. The solution user is tied to a specific
Site Recovery Manager instance. You cannot access the solution user private key or certificate. You cannot
replace the solution user certificate with a custom certificate.
After installation, you can see the Site Recovery Manager solution user in the Administration view of the
vSphere Web Client. Do not attempt to manipulate the Site Recovery Manager solution user. The solution
user is for internal use by Site Recovery Manager, vCenter Server, and vCenter Single Sign-On.
During operation, Site Recovery Manager establishes authenticated communication channels to remote
services by using certificate-based authentication to acquire a holder-of-key SAML token from vCenter
Single Sign-On. Site Recovery Manager sends this token in a cryptographically signed request to the remote
service. The remote service validates the token and establishes the identity of the solution user.
Solution Users and Site Recovery Manager Site Pairing
When you pair Site Recovery Manager instances across vCenter Single Sign-On sites do not use Enhanced
Linked Mode, Site Recovery Manager creates an additional solution user for the remote site at each site. This
solution user for the remote site allows the Site Recovery Manager Server at the remote site to authenticate
to services on the local site.
When you pair Site Recovery Manager instances in a vCenter Single Sign-On environment with Enhanced
Linked Mode, Site Recovery Manager at the remote site uses the same solution user to authenticate to
services on the local site.
VMware, Inc.
23
Site Recovery Manager Installation and Configuration
Site Recovery Manager SSL/TLS Server Endpoint Certificates
Site Recovery Manager requires an SSL/TLS certificate for use as the endpoint certificate for all TLS
connections established to Site Recovery Manager. The Site Recovery Manager server endpoint certificate is
separate and distinct from the certificate that is generated during the creation and registration of a
Site Recovery Manager solution user.
For information about the Site Recovery Manager SSL/TLS endpoint certificate, see Chapter 5, “Creating
SSL/TLS Server Endpoint Certificates for Site Recovery Manager,” on page 25.
24 VMware, Inc.
Creating SSL/TLS Server Endpoint
Certificates for
Site Recovery Manager 5
The Site Recovery Manager server endpoint certificate establishes the identity of
Site Recovery Manager Server to clients. The endpoint certificate secures the communication between the
client and Site Recovery Manager Server.
During installation of Site Recovery Manager, there is an option for Site Recovery Manager to generate an
SSL/TLS certificate to use as the Site Recovery Manager endpoint certificate. This is the simpler option that
requires minimal user action.
You can also provide a custom SSL/TLS certificate that is signed by a certificate authority. If you use a
custom SSL/TLS certificate, the certificate must meet certain requirements to work with
Site Recovery Manager.
NOTE Unlike in 5.x releases, Site Recovery Manager 6.x does not also use custom SSL/TLS certificates to
authenticate with vCenter Server. For information about how Site Recovery Manager authenticates with
vCenter Server, see Chapter 4, “Site Recovery Manager Authentication,” on page 23.
Requirements When Using Custom SSL/TLS Certificates with Site Recovery Manager
If you use custom SSL/TLS certificates for the Site Recovery Manager server endpoint certificate, the
certificates must meet specific criteria.
Site Recovery Manager 6.x uses standard PKCS#12 certificates. Site Recovery Manager places some
requirements on the contents of those certificates, but the requirements in this release are less strict than in
5.x releases of Site Recovery Manager.
Site Recovery Manager does not accept certificates with MD5 signature algorithms. Use SHA256 or
n
stronger signature algorithms.
Site Recovery Manager accepts certificates with SHA1 signature algorithms but these are not
n
recommended and result in a warning during installation. Use SHA256 or stronger signature
algorithms.
The Site Recovery Manager certifcate is not the root of a trust chain. You can use an intermediate CA
n
certificate which is not the root of a trust chain, but that is still a CA certificate.
If you use a custom certificate for vCenter Server and Platform Services Controller, you are not obliged
n
to use a custom certificate for Site Recovery Manager. The reverse is also true.
The private key in the PKCS #12 file must match the certificate. The minimum length of the private key
n
is 2048 bits.
The Site Recovery Manager certificate password must not exceed 31 characters.
n
The current time must be within the period of validity of the certificate.
n
VMware, Inc.
25
Site Recovery Manager Installation and Configuration
The certificate must be a server certificate, for which the x509v3 Extended Key Usage must indicate TLS
n
Web Server Authentication.
The certificate must include an extendedKeyUsage or enhancedKeyUsage attribute, the value of which
n
is serverAuth.
Unlike in 5.x releases, there is no requirement for the certificate to also be a client certificate. The
n
clientAuth value is not required.
The Subject Name must not be empty and must contain fewer than 4096 characters. In this release, the
n
Subject Name does not need to be the same for both members of a Site Recovery Manager Server pair.
The certificate must identify the Site Recovery Manager Server host.
n
The recommended way to identify the Site Recovery Manager Server host is with the host's fully-
n
qualified domain name (FQDN). If the certificate identifies the Site Recovery Manager Server host
with an IP address, this must be an IPv4 address. Using IPv6 addresses to identify the host is not
supported.
Certificates generally identify the host in the Subject Alternative Name (SAN) attribute. Some CAs
n
issue certificates that identify the host in the Common Name (CN) value of the Subject Name
attribute. Site Recovery Manager accepts certificates that identify the host in the CN value, but this
is not the best practice. For information about SAN and CN best practices, see the Internet
Engineering Task Force (IETF) RFC 6125 at https://tools.ietf.org/html/rfc6125.
The host identifier in the certificate must match the Site Recovery Manager Server local host
n
address that you specify when you install Site Recovery Manager.
If Site Recovery Manager Server, vCenter Server, and Platform Services Controller run on the same host
n
machine, you can use the same certificate for all three servers. In this case, you must provide the
certificate in two formats:
For Site Recovery Manager, the certificate must be a Personal Information Exchange Format
n
(PKCS#12) certificate that contains both of the private and public keys.
For vCenter Server and Platform Services Controller, the certificate must be separated into two
n
files, one for the certificate with the public key and one for the private key. For information about
certificate requirements for vCenter Server and Platform Services Controller, see vSphere Security
Certificates in the vSphere 6.0 documentation.
If you use a custom certificate that is signed by a third-party CA for which the root certificate is not
n
registered by default in Windows, and you want the certificates to be trusted without the need for
thumbprint verifications, install the root CA certificate in the Windows certificate store.
26 VMware, Inc.
Loading...