Replications to the cloud require certain users, roles, and permissions.

vSphere Web Client

On the source vSphere site, you need the same credentials as the ones required for vSphere Replication. See vSphere Replication Roles Reference.

vCloud User Credentials

When you create a connection to the target virtual data center, you provide two pairs of credentials.

Connection Credentials

Used to authenticate within the cloud organization, these credentials initiate a user session with your cloud provider. The privileges for your user account are managed by your cloud provider.

  • com.vmware.hcs > {com.vmware.hcs}:ManageRight

  • com.vmware.hcs > {com.vmware.hcs}:ViewRight

  • Organization > View Organization Networks

  • Organization > View Organizations

  • Organization VDC > View Organization VDCs

Credentials to the cloud are required for each target site, once per user session, and not per operation in the vSphere Web Client. When the authenticated user session to a target site expires, users are prompted to input their credentials again.

System Monitoring Credentials

Used at runtime to let the source and the target site communicate. These credentials are stored in the vSphere Replication appliance on the source site. The user that you provide should be assigned the vSphere Replication role, or the following rights in your cloud organization .

  • com.vmware.hcs > {com,vmware.hcs}:ManageRight

  • com.vmware.hcs > {com,vmware.hcs}:ViewRight

  • Organization > View Organization Networks

  • Organization > View Organizations

  • Organization VDC > View Organization VDCs

Although you can use the same credentials for both connection and system monitoring, a good practice is to use different pairs of credentials.