vSphere Security Hardening Policy and Site Recovery Manager 5
April 16, 2012 Leave a comment
When a disaster strikes a datacenter you might need to restart (virtual) servers in a disaster recovery location. Two options: your servers either use the same IP-configuration (when a stretched VLAN is used) or you need to reconfigure the IP-configuration (re-IP).
Re-IP can be performed automatically using DR-tools like VMware Site Recovery Manager, Zerto Virtual Replicati0n or VirtualSharp ReliableDR.
To change IP-configuration of virtual machines Site Recovery Manager used the VIX API. This enables copying data to and from the VM and do all kind of adjustments. Nice but this could be a security issue. If your security policy says the VIX API should be disabled there is no way SRM is able to change the IP-configuration.
Alternatives are using scripts or using DHCP and leases based on MAC-address of the VM.
Read more about this at the blogposting of Michael Webster, a VMware Certified Design Expert and director of IT Solutions 2000 Ltd., a VMware consultancy based in Auckland, New Zealand.
Also reas this posting on blogs.vmware.com about issues on re-IP of vCenter Server using SRM
Techtarget.com has a posting about it titled VMware SRM 5 encounters potential security conundrums