The vCenter Server appliance handles the authentication between VMware Live Site Recovery and vCenter Server at the vCenter Single Sign-On level.
All communications between VMware Live Site Recovery and vCenter Server instances take place over transport layer security (TLS) connections.
Service Account Authentication
VMware Live Site Recovery uses service account authentication to establish a secure communication to remote services, such as the vCenter Server. A service account is a security principal that the VMware Live Site Recovery configuration service generates. The service account authenticates with a token or a user name and a password.
The service account is for internal use by VMware Live Site Recovery, vCenter Server, and vCenter Single Sign-On.
During operation, VMware Live Site Recovery establishes authenticated communication channels to remote services by using token-based authentication to acquire a holder-of-key SAML token from vCenter Single Sign-On. VMware Live Site Recovery sends this token in a cryptographically signed request to the remote service. The remote service validates the token and establishes the identity of the service account.
Service Accounts and VMware Live Site Recovery Site Pairing
When you pair VMware Live Site Recovery instances across vCenter Single Sign-On sites that do not use Enhanced Linked Mode, VMware Live Site Recovery creates an additional service account for the remote site at each site. This service account for the remote site allows the VMware Live Site Recovery Server at the remote site to authenticate to services on the local site.
When you pair VMware Live Site Recovery instances in a vCenter Single Sign-On environment with Enhanced Linked Mode, VMware Live Site Recovery at the remote site uses the same service account to authenticate to services on the local site.
VMware Live Site Recovery SSL/TLS Server Endpoint Certificates
VMware Live Site Recovery requires an SSL/TLS certificate for use as the endpoint certificate for all TLS connections established to VMware Live Site Recovery. The VMware Live Site Recovery server endpoint certificate is separate and distinct from the certificate that is used by VMware Live Site Recovery to obtain holder-of-key SAML token with the service account.
For information about the VMware Live Site Recovery SSL/TLS endpoint certificate, see Creating SSL/TLS Server Endpoint Certificates for VMware Live Site Recovery.
