Site Recovery Manager supports the automatic protection of virtual machines in array-based protection groups, vVols protection groups, and storage policy protection groups.

This topic provides information about automatic protection of array-based protection groups and vVols protection groups only. Automatic protection mechanism for storage policy protection groups is different. See About Storage Policy Protection Groups.

Array-Based Replication Automatic Protection

When you create a new virtual machine or use vMotion to move a virtual machine on a datastore that is replicated and protected in Site Recovery Manager, the virtual machine is automatically added to and protected in an existing protection group.

vVols Automatic Protection

Site Recovery Manager applies automatic protection to new or existing virtual machines for which the SPBM policy is changed to a vVols policy for replication and to a replication group protected with Site Recovery Manager.

Note: If a protected virtual machine is deleted, Site Recovery Manager does not provide an automatic unprotection. The virtual machine must be explicitly unprotected. If an already protected virtual machine is Storage vMotioned to a datastore protected in a different array-based replication protection group or the vVols replication policy is changed to refer it to a different vVols protection group, the virtual machine protection is not automatically migrated in the new protection group. The virtual machine must be explicitly unprotected from the previous protection groups first.

Multi-Tenancy Considerations and Configuration

Protecting virtual machines and virtual machine templates is a cross-site operation. During this operation, the Site Recovery Manager servers on both sites perform permission checks for the local user that is logged in. For automatic protection each Site Recovery Manager site uses a pre-configured local vCenter Server account to perform the permission checks with. By default Site Recovery Manager uses its local solution user as automatic protection user. The user can be changed with an advanced setting to another vCenter Server account. This vCenter Server account cannot be a user group or a user with global vCenter Server administrator privileges.

For successful protection, the vCenter Server account that you use for automatic protection must have the following privileges.
  • VcDr.ProtectionProfile.com.vmware.vcDr.Edit privilege in the permission assigned in the Site Recovery Manager inventory on the protection group where the virtual machine will be added.
  • VirtualMachine.Replication.com.vmware.vcDr.Protect privilege in the permission assigned on the production virtual machine or the virtual machine template in the vCenter Server inventory.
When assigning permissions to the automatic protection user or the user groups that the automatic protection user is a member of, the administrators can choose SrmAdministrator or SrmProtectionGroupsAdministrator roles.

For multiple Site Recovery Manager deployments on a single vCenter Server, the administrators must configure different automatic protection accounts per Site Recovery Manager instance and assign appropriate permissions that split the vCenter Server inventory to simulate a multi-tenant environment.

You can modify how Site Recovery Manager handles the automatic protection of virtual machines. See, Change the Automatic Protection Settings. The required privilege to edit those settings is VcDr.Protection.com.vmware.vcDr.AutoProtection.Edit part of the SrmAdministrator role.