You use a service account for authentication and authorization of Site Recovery Manager to vCenter Server for orchestrated disaster recovery of the SDDC.

Table 1. Design Decisions on Authorization and Authentication Management for Site Recovery Manager and vSphere Replication

Decision ID

Design Decision

Design Justification

Design Implication

SDDC-OPS-DR-005

Configure a service account svc-srm in vCenter Server for application-to-application communication from Site Recovery Manager with vSphere.

Provides the following access control features:

  • Site Recovery Manager accesses vSphere with the minimum set of permissions that are required to perform disaster recovery failover orchestration and site pairing.

  • In the event of a compromised account, the accessibility in the destination application remains restricted.

  • You can introduce improved accountability in tracking request-response interactions between the components of the SDDC.

You must maintain the service account's life cycle outside of the SDDC stack to ensure its availability.

SDDC-OPS-DR-006

Configure a service account svc-vr in vCenter Server for application-to-application communication from vSphere Replication with vSphere

Provides the following access control features:

  • vSphere Replication accesses vSphere with the minimum set of permissions that are required to perform site to site replication of virtual machines.

  • In the event of a compromised account, the accessibility in the destination application remains restricted.

  • You can introduce improved accountability in tracking request-response interactions between the components of the SDDC.

You must maintain the service account's life cycle outside of the SDDC stack to ensure its availability.

SDDC-OPS-DR-007

Use global permissions when you create the svc-srm service account in vCenter Server.

  • Simplifies and standardizes the deployment of the service account across all vCenter Server instances in the same vSphere domain.

  • Provides a consistent authorization layer.

  • If you deploy more Site Recovery Manager instances, reduces the efforts in connecting them to the vCenter Server instances.

All vCenter Server instances must be in the same vSphere domain.

SDDC-OPS-DR-008

Use global permissions when you create the svc-vr service account in vCenter Server.

  • Simplifies and standardizes the deployment of the service account across all vCenter Server instances in the same vSphere domain.

  • Provides a consistent authorization layer.

  • If you deploy more vSphere Replication instances, reduces the efforts in connecting them to the vCenter Server instances.

All vCenter Server instances must be in the same vSphere domain.

Encryption

Replace default self-signed certificates with a CA-signed certificate to provide secure access and communication for vSphere Replication and Site Recovery Manager.

Table 2. Design Decision on CA-Signed Certificates for Site Recovery Manager and vSphere Replication

Decision ID

Design Decision

Design Justification

Design Implication

SDDC-OPS-DR-009

Replace the default self-signed certificates in each Site Recovery Manager instance with a CA-signed certificate.

Ensures that all communication to the externally facing Web UI of Site Recovery Manager and cross-product communication are encrypted.

Replacing the default certificates with trusted CA-signed certificates complicates installation and configuration.

SDDC-OPS-DR-010

Replace the default self-signed certificates in each vSphere Replication instance with a CA-signed certificate.

Ensures that all communication to the externally facing Web UI for vSphere Replication and cross-product communication are encrypted.

Replacing the default certificates with trusted CA-signed certificates complicates installation and configuration.