Site Recovery Manager Security Site Recovery Manager 6.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
Site Recovery Manager Security You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright © 2008–2015 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com 2 VMware, Inc.
Contents About VMware Site Recovery Manager Security 5 Updated Information 7 1 Site Recovery Manager Security Reference 9 Site Recovery Manager Services 10 Site Recovery Manager Network Ports 10 Site Recovery Manager Configuration Files 11 Site Recovery Manager Certificates and Keys 11 Site Recovery Manager License and EULA Files 12 Site Recovery Manager Log Files 12 Site Recovery Manager Accounts 13 Site Recovery Manager Security Updates and Patches 14 Best Practices For Securing Site Recovery Manager
Site Recovery Manager Security 4 VMware, Inc.
About VMware Site Recovery Manager Security Site Recovery Manager Security provides a concise reference to the security features of Site Recovery Manager. To help you protect your Site Recovery Manager installation, this guide describes security features built into Site Recovery Manager and the measures that you can take to safeguard it from attack.
Site Recovery Manager Security 6 VMware, Inc.
Updated Information Site Recovery Manager Security is updated with each release of the product or when necessary. This table provides the update history of Site Recovery Manager Security. Revision Description EN-001875-01 Replaced "federated" with "Enhanced Linked Mode" in “Site Recovery Manager Accounts,” on page 13. EN-001875-00 Initial release. VMware, Inc.
Site Recovery Manager Security 8 VMware, Inc.
Site Recovery Manager Security Reference 1 Use the Security Reference to learn about the security features of your Site Recovery Manager installation and the measures that you can take to safeguard your environment from attack. n Site Recovery Manager Services on page 10 The operation of Site Recovery Manager depends on several services that run on the Site Recovery Manager Server host machine.
Site Recovery Manager Security Site Recovery Manager Services The operation of Site Recovery Manager depends on several services that run on the Site Recovery Manager Server host machine. Table 1‑1. Services that Site Recovery Manager Requires Service Name Startup Time Description VMware vCenter Site Recovery Manager Server Automatic Provides the core Site Recovery Manager functions.
Chapter 1 Site Recovery Manager Security Reference Site Recovery Manager Configuration Files Some Site Recovery Manager configuration files contain settings that might affect the security of your environment. Improper settings can also impact the proper functioning of your Site Recovery Manager environment. Table 1‑2. Site Recovery Manager Configuration Files File or Directory Location Description installation_folder\VMware\VMware vCenter Site Recovery Manager\config\vmware-dr.
Site Recovery Manager Security CA certificate or private key or both Location and Description TLS certificate and key for solution user on the remote site installation_folder\VMware\VMware vCenter Site Recovery Manager\bin\extension-s.p12 file or \VMware\VMware vCenter Site Recovery Manager\bin\extension-p.p12 file. Site Recovery Manager creates the files during the pairing process. CA certificate for Site Recovery Manager Server and TLS certificate installation_folder\VMware\VMware vCenter Site Recov
Chapter 1 Site Recovery Manager Security Reference To change the log file directory, enter a custom directory name in the directory XML element in the installation_directory\VMware\VMware vCenter Site Recovery Manager\config\vmware-dr.xml configuration file. You can also change the log level of each component by updating the logLevel XML element in the vmware-dr.xml file. The default level of all components is verbose. IMPORTANT Configure access control lists to restrict the access to the log files.
Site Recovery Manager Security Site Recovery Manager creates an additional solution user on each remote site during the pairing process of sites that do not use Enhanced Linked Mode. Site Recovery Manager uses the solution user to perform necessary operations on the remote site. NOTE You must not delete and modify the roles and privileges associated with the solution user accounts.
Index A accounts 13 B best practices 14 C certificate, location 11 configuration files, locations 11 D default ports 10 E EULA 12 I intended audience 5 L license 12 log files 12 N network ports 10 S securing SRM 14 security certificate 11 configuration files 11 keystore 11 reference 9 updates and patches 14 services 10 Site Recovery Manager, security reference 5 SRM services 10 system log 12 U updated information 7 users 13 VMware, Inc.
Site Recovery Manager Security 16 VMware, Inc.
