To manage replications on remote cloud sites, you must first extend your session to the remote site by providing credentials for the remote VMware Cloud Director. Extending the session is required before performing specific replication operations from remote cloud sites and before performing any replication operations to remote cloud sites.
Extended Session Authentication
In VMware Cloud Director, when users log in they create a session and they receive a bearer JSON Web Token (JWT) that is used to authenticate future requests.
The Cloud Service manages its own session and it is not directly tied to the VMware Cloud Director session. You create a Cloud Service session by providing credentials, which in turn the Cloud Service uses to create a brand new VMware Cloud Director session.
Locally for your site, after you have a valid Cloud Service session, you can browse and monitor the local inventory of replications, tasks, and others. As your current Cloud Service session associates with a JWT token for the local VMware Cloud Director, you can also browse the local VMware Cloud Director inventory. As long as the JWT is valid, you can perform replication operations that require accessing the local VMware Cloud Director.
To perform replication operations on remote sites, you must extend your local session to the remote site. Extending your session means that you must reauthenticate and provide local user credentials for the remote VMware Cloud Director. After authenticating to the remote site, the local Cloud Service keeps the newly created extended session and for the replication operations in the remote site is using the extended session.
- The local Cloud Service session has a soft time limit that is reached due to inactivity. By default, the soft session lifespan expires after your session is idle for over 30 minutes and you are not viewing a dynamically refreshing management interface page.
- The local Cloud Service session also has a hard time limit that cannot be prolonged without reauthentication. By default, the hard session lifespan expires after 24 hours. During this time, you can perform all operations, unless you navigate to Sites and click Logout, or log out of the management interface. In the VMware Cloud Director Availability Security Guide document, for more information about the two types of lifespans of the session, see Security Configuration Properties, and for more information about the user sessions, see Users and Sessions.
- The extended Cloud Service session expires when the remote JWT becomes invalid, due to expiration or manual logout. By default, the lifespan of VMware Cloud Director JWT also expires in 24 hours. If the lifespan of JWT is modified, and for example, reduced to 1 hour, the extended session expires after 1 hour. If the lifespan of JWT is expanded over 24 hours, the extended session expires according to either of the Cloud Service session lifespans, meaning after 24 hours or after 30 minutes of inactivity.
Replication Operations Requiring an Extended Session
Extend the session to remote sites for the following replication operations, depending on where the replications reside:
No Credentials Needed Provide Credentials for the Remote Site Migrate New protection Failover New migration Test failover Network settings Replication settings Disk settings Change owner Change storage policy Sync Pause Resume Delete replication
, to manage the replications on the remote site you can perform some operations without providing the remote site credentials, and you must provide the remote site credentials to perform the remaining replication operations.
Provide Credentials for the Remote Site Migrate Failover Test failover New protection New migration Replication settings Network settings Disk settings Change storage policy Sync Pause Resume Delete replication
, to manage the replications on the remote site for all replication operations you must provide the remote site credentials.