Site Recovery Manager supports the automatic protection of virtual machines in array-based protection groups, vVols protection groups, and storage policy protection groups.
This topic provides information about automatic protection of array-based protection groups and vVols protection groups only. Automatic protection mechanism for storage policy protection groups is different. See About Storage Policy Protection Groups.
Array-Based Replication Automatic Protection
When you create a new virtual machine or use vMotion to move a virtual machine on a datastore that is replicated and protected in Site Recovery Manager, the virtual machine is automatically added to and protected in an existing protection group.
vVols Automatic Protection
Site Recovery Manager applies automatic protection to new or existing virtual machines for which the SPBM policy is changed to a vVols policy for replication and to a replication group protected with Site Recovery Manager.
Multi-Tenancy Considerations and Configuration
Protecting virtual machines and virtual machine templates is a cross-site operation. During this operation, the Site Recovery Manager servers on both sites perform permission checks for the local user that is logged in. For automatic protection each Site Recovery Manager site uses a pre-configured local vCenter Server account to perform the permission checks with. By default Site Recovery Manager uses its local solution user as automatic protection user. The user can be changed with an advanced setting to another vCenter Server account. This vCenter Server account cannot be a user group or a user with global vCenter Server administrator privileges.
- VcDr.ProtectionProfile.com.vmware.vcDr.Edit privilege in the permission assigned in the Site Recovery Manager inventory on the protection group where the virtual machine will be added.
- VirtualMachine.Replication.com.vmware.vcDr.Protect privilege in the permission assigned on the production virtual machine or the virtual machine template in the vCenter Server inventory.
For multiple Site Recovery Manager deployments on a single vCenter Server, the administrators must configure different automatic protection accounts per Site Recovery Manager instance and assign appropriate permissions that split the vCenter Server inventory to simulate a multi-tenant environment.
You can modify how Site Recovery Manager handles the automatic protection of virtual machines. See, Change the Automatic Protection Settings. The required privilege to edit those settings is VcDr.Protection.com.vmware.vcDr.AutoProtection.Edit part of the SrmAdministrator role.