Site Recovery Manager supports the automatic protection of virtual machines in array-based protection groups and Virtual Volumes protection groups.

Array-Based Replication Automatic Protection

When you create a new virtual machine or use vMotion to move a virtual machine on a datastore that is replicated and protected in Site Recovery Manager, the virtual machine is automatically added to and protected in an existing protection group.

Virtual Volumes Automatic Protection

Site Recovery Manager applies automatic protection to new or existing virtual machines for which the SPBM policy is changed to a Virtual Volumes policy for replication and to a replication group protected with Site Recovery Manager.

Multi-Tenancy Considerations and Configuration

Protecting virtual machines and virtual machine templates is a cross-site operation. During this operation, the Site Recovery Manager servers on both sites perform permission checks for the local user that is logged in. For automatic protection each Site Recovery Manager site uses a pre-configured local vCenter Server account to perform the permission checks with. By default Site Recovery Manager uses its local service account as automatic protection user. The local service account is SRM-<srm-server-uuid>. The user can be changed with an advanced setting to another vCenter Server account. This vCenter Server account cannot be a user group or a user with global vCenter Server administrator privileges.

For successful protection, the vCenter Server account that you use for automatic protection must have the following privileges.
  • privilege in the permission assigned in the Site Recovery Manager inventory on the protection group where the virtual machine will be added.
  • privilege in the permission assigned on the production virtual machine or the virtual machine template in the vCenter Server inventory.
When assigning permissions to the automatic protection user or the user groups that the automatic protection user is a member of, the administrators can choose SrmAdministrator or SrmProtectionGroupsAdministrator roles.

For multiple Site Recovery Manager deployments on a single vCenter Server, the administrators must configure different automatic protection accounts per Site Recovery Manager instance and assign appropriate permissions that split the vCenter Server inventory to simulate a multi-tenant environment.

You can modify how Site Recovery Manager handles the automatic protection of virtual machines. See, Change the Automatic Protection Settings. The required privilege to edit those settings is part of the SrmAdministrator role.