VMware vSphere Replication Security Guide vSphere Replication 6.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
VMware vSphere Replication Security Guide You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright © 2012–2016 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com 2 VMware, Inc.
Contents 1 About VMware vSphere Replication Security Guide 5 2 vSphere Replication Security Reference 7 Services, Ports, and External Interfaces that the vSphere Replication Virtual Appliance Uses vSphere Replication Configuration Files 11 vSphere Replication Private Key, Certificate, and Keystore 11 vSphere Replication License and EULA File 11 vSphere Replication Log Files 11 vSphere Replication User Accounts 13 Security Updates and Patches for vSphere Replication 13 Index VMware, Inc.
VMware vSphere Replication Security Guide 4 VMware, Inc.
About VMware vSphere Replication Security Guide 1 The VMware vSphere Replication Security Guide provides a concise reference to the security features of vSphere Replication. To help you protect your vSphere Replication installation, this guide describes security features built into vSphere Replication and the measures that you can take to safeguard it from attack.
VMware vSphere Replication Security Guide 6 VMware, Inc.
2 vSphere Replication Security Reference You can use the Security Reference to learn about the security features of vSphere Replication and the measures that you can take to safeguard your environment from attack.
VMware vSphere Replication Security Guide Table 2‑1. vSphere Replication Services (Continued) Service Name Startup Type Description ntp Automatic Time service for syncing-up with Internet Time Server through Network Time Protocol. Note After you install or upgrade a vSphere Replication virtual appliance, you must synchronize the appliance with a time server.
Chapter 2 vSphere Replication Security Reference Table 2‑2. Ports Used by the vSphere Replication Appliance (Continued) Source Target Port Protocol Description vCenter Server proxy vSphere Replication appliance 8043 SOAP Intra-site communication from the vCenter Server proxy to the vSphere Replication appliance .
VMware vSphere Replication Security Guide Table 2‑3. Ports Used by the vSphere Replication Server (Continued) Source Target Port Protocol Description vSphere Replication Management server vSphere Replication server 8123 SOAP Intra-site management traffic from the vSphere Replication appliance or vSphere Replication Management server to the vSphere Replication servers.
Chapter 2 vSphere Replication Security Reference vSphere Replication Configuration Files Some configuration files contain settings that affect the security of vSphere Replication. Note All security-related resources are protected with the correct permissions and ownership. Do not change the ownership or permissions of these files. File Location Description /opt/vmware/hms/conf/hms-configuration.xml The default system configuration of the vSphere Replication Management server.
VMware vSphere Replication Security Guide File Location Description /var/log/vmware/ The folder contains the vSphere Replication server log files. Used to track replication problems. /var/log/boot.msg Used to track the startup process of the vSphere Replication appliance. Log Messages Related to Security The /opt/vmware/hms/logs/hms.log file contains login and logout event messages, authorization error messages, and certificate verification error messages in the following format.
Chapter 2 vSphere Replication Security Reference 2015-06-25 16:19:13.794 WARN jvsl.sessions [hms-main-thread-1] (..hms.net.ServerRegistryHms) | Can not start HMS connection to remote site 'some-address.com' java.util.concurrent.ExecutionException: com.vmware.vim.vmomi.client.exception.SslException: javax.net.ssl.SSLHandshakeException: com.vmware.vim.vmomi.client.exception.
VMware vSphere Replication Security Guide 14 VMware, Inc.
Index C U certificate 11 user accounts 13 E embedded_db.cfg 11 EULA 11 G guest OS 13 H hms-configuration.xml 11 https 7 I intended audience 5 K keystore 11 L license file 11 licenses 11 logs 11 N ntp 7 P patches 13 ports 7 privileges 13 R root password 13 S security updates 13 security reference 7 services 7 sshd 7 system logs 11 T truststore 11 VMware, Inc.
VMware vSphere Replication Security Guide 16 VMware, Inc.
