Setting EMC’s RecoverPoint SRM SRA to Authenticate over SSL for 4.0 and 4.1

Written November 21st, 2014 by
Categories: Disaster Recovery, Virtualization
1 Comment »

You may or may not know that EMC’s SRA defaults to authenticating over non-SSL communication. It basically hits the RecoverPoint Appliance (RPA) on port 80 when doing anything. RPAs don’t handle a NAT, so chances are your devices are not publicly facing, at least I hope not!

It’s always a better idea to encrypt any traffic containing usernames and passwords, so why wouldn’t you do this? In RPA versions up to 4.0, they defaulted to non SSL, although they refer to it as non-https. RPA 4.1 no longer accepts port 80 and requires you to use 443, or https, or SSL encrypted, whatever you want to say.

This is great, until you try to add RPA 4.1 to a standard install of RecoverPoint’s 2.2 SRA. Why? Well, because it defaults to non-https and doesn’t give you an intuitive way to change it.

Adding RPA 4.1 to SRA 2.2 will give you this error:

“SRA command ‘discoverArrays’ failed. Failed opening session for user to site mgmt IP.
Please see server logs for further details.”

Check the vmware-dr.log and you’ll likely see something like

Error code=”1049″

and what’s funny is I even found “Ouch!” in the log, lol! I love when devs throw things like that out there.

Keep reading for the fix!

Encrypt all the things

So it’s a pretty simple command to force https for the EMC SRA, simply run this command:

C:\Program Files\VMware\VMware vCenter Site Recovery Manager\storage\sra\array-type-recoverpoint>..\..\..\external\perl-5.14.4\bin\perl.exe --useHttps true

Which will give you this:

Successfully changed to HTTPS security mode

This is based of the default install location of SRM and the SRA. If perl.exe is in your path already, you don’t have to worry about calling out where it is, but for reference, it’s here: C:\Program Files\VMware\VMware vCenter Site Recovery Manager\external\perl-5.14.4\bin\perl.exe

I did try running this from the perl bin folder, but it didn’t work because of some other SRA dependencies in the file.

Great! Now what?

Setting this to true breaks RPA 4.0, so if you happen to have both RPA’s in a single vCenter, only one will work now.

There’s hope, though! In RPA 4.0, you can force it to use https so they all play happy together. In EMC’s “RecoverPoint 4.0 Security Configuration Guide”, Page 23 (unless it’s changed) has what you need to do, although the document I have was not exact.

You need to “Change web server mode” in Setup -> Advanced Options -> Security Options.

After doing that, your session will likely die, but it’s because you just closed port 80.

This is how you have both RPA 4.0 and 4.1 in the same SRM server with EMC’s 2.2 SRA.

Tags: , , , ,

// // // //

One Response to Setting EMC’s RecoverPoint SRM SRA to Authenticate over SSL for 4.0 and 4.1

Leave a reply


Designed by ThepHuck
Wordpress Themes
Scroll to Top