You can configure Site Recovery Manager to use with a shared recovery site. The vCenter Server administrator on the shared recovery site must manage permissions so that each customer has sufficient privileges to configure and use Site Recovery Manager, but no customer has access to resources that belong to another customer.

In the context of a shared recovery site, a customer is the owner of a pair of Site Recovery Manager Server instances. Customers with adequate permissions must be able to access the shared recovery site to create, test, and run the recovery plans for their own protected site. The vCenter Server administrator at the shared recovery site must create a separate user group for each customer. No customer's user accounts can be a member of the vCenter Server Administrators group. The only supported configuration for a shared recovery site is for one organization to manage all of the protected sites and the recovery site.

Caution:

Certain Site Recovery Manager roles allow users to run commands on Site Recovery Manager Server, so you should assign these roles to trusted administrator-level users only. See Site Recovery Manager Roles Reference for the list of Site Recovery Manager roles that run commands on Site Recovery Manager Server.

On a shared recovery site, multiple customers share a single vCenter Server instance. In some cases, multiple customers can share a single ESXi host on the recovery site. You can map the resources on the protected sites to shared resources on the shared recovery site. You might share resources on the recovery site if you do not need to keep all of the customers' virtual machines separate, for example if all of the customers belong to the same organization.

You can also create isolated resources on the shared recovery site and map the resources on the protected sites to their own dedicated resources on the shared recovery site. You might use this configuration if you must keep all of the customers' virtual machines separate from each other, for example if all of the customers belong to different organizations.

Guidelines for Sharing Customer Resources

Follow these guidelines when you configure permissions for sharing customer resources on the shared recovery site:

  • All customers must have read access to all folders of the vCenter Server on the shared recovery site.

  • Do not give a customer the permission to rename, move, or delete the datacenter or host.

  • Do not give a customer the permission to create virtual machines outside of the customer’s dedicated folders and resource pools.

  • Do not allow a customer to change roles or assign permissions for objects that are not dedicated to the customer’s own use.

  • To prevent unwanted propagation of permissions across different organizations’ resources, do not propagate permissions on the root folder, datacenters, and hosts of the vCenter Server on the shared recovery site.

Guidelines for Isolating Customer Resources

Follow these guidelines when you configure permissions for isolating customer resources on the shared recovery site:

  • Assign to each customer a separate virtual machine folder in the vCenter Server inventory.

    • Set permissions on this folder to prevent any other customer from placing their virtual machines in it. For example, set the Administrator role and activate the propagate option for a customer on that customerʹs folder. This configuration prevents duplicate name errors that might otherwise occur if multiple customers protect virtual machines that have identical names.

    • Place all of the customerʹs placeholder virtual machines in this folder, so that they can inherit its permissions.

    • Do not assign permissions to access this folder to other customers.

  • Assign dedicated resource pools, datastores, and networks to each customer, and configure the permissions in the same way as for folders.

Viewing Tasks and Events in a Shared Recovery Site Configuration

In the Recent Tasks panel of the vSphere Client, users who have permissions to view an object can see tasks that other users start on that object. All customers can see all of the tasks that other users perform on a shared resource. For example, all users can see the tasks that run on a shared host, datacenter, or the vCenter Server root folder.

Events that all of the instances of Site Recovery Manager Server generate on a shared recovery site have identical permissions. All users who can see events from one instance of Site Recovery Manager Server can see events from all Site Recovery Manager Server instances that are running on the shared recovery site.