vSphere Security Hardening Policy and Site Recovery Manager 5

When a disaster strikes a datacenter you might need to restart (virtual) servers in a disaster recovery location. Two options: your servers either use the same IP-configuration (when a stretched VLAN is used) or you need to reconfigure the IP-configuration (re-IP).

Re-IP can be performed automatically using DR-tools like VMware Site Recovery Manager, Zerto Virtual Replicati0n or VirtualSharp ReliableDR.

To change IP-configuration of virtual machines Site Recovery Manager used the VIX API. This enables copying data to and from the VM and do all kind of adjustments. Nice but this could be a security issue. If your security policy says the VIX API should be disabled there is no way  SRM is able to change the IP-configuration.

Alternatives are using scripts or using DHCP and leases based on MAC-address of the VM.

Read more about this at the blogposting of  Michael Webster, a VMware Certified Design Expert and director of IT Solutions 2000 Ltd., a VMware consultancy based in Auckland, New Zealand.

Also reas this posting on blogs.vmware.com about issues on re-IP of vCenter Server using SRM

Techtarget.com has a posting about it titled VMware SRM 5 encounters potential security conundrums


About Marcel van den Berg
I am a technical consultant with a strong focus on server virtualization, desktop virtualization, cloud computing and business continuity/disaster recovery.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: