[VCDR] Update vCenter Credentials for VCDR Registration
Article ID: 313678
Updated On:
Products
VMware Cloud on AWS
Issue/Introduction
To explain the options and availability to refresh/update the credentials that were provided when connecting to the vCenter during VCDR setup.
Symptoms:
Some organizations have security policies that require password changes on existing accounts periodically.
Cause
Two different types of accounts can be used when registering the vCenter. The type of account used determines whether or not the credentials can be refreshed/ changed.
Registering vCenter with the DRaaS Connector requires vCenter credentials (user name and password). You can use two types of users to register the connector with vCenter on a protected site:
-
vCenter Administrator user. The vCenter Administrator user role provides sufficient privileges for VMware Cloud DR data protection and DR operations. Using a vCenter Administrator user registers the as DRaaS Connector an extension, without storing its credentials.
-
Restricted user. If you prefer to register the DRaaS Connector with a user that has limited permissions, you can use a provided Python script that creates a restricted user with only the privileges needed for data protection and DR operations. VMware Cloud DR stores credentials for this user.
Resolution
If an administrator account is provided, a vCenter extension is automatically created on the backend and the provided admin credentials are discarded. In this case, the vCenter extension mechanism is used and can not be changed because there is no password associated with it.
If you instead created and provided a restricted vCenter-specific account, those credentials are used every time to log into vCenter. If those credentials need to be refreshed the first step would to be explicitly change the password in the vCenter. The second step would be to re-register the vCenter in the VCDR GUI.
*Re-registering is not the same as de-registering and then registering again, re-registering is an explicit action available to customers.*
Additional Information
https://docs.vmware.com/en/VMware-Cloud-Disaster-Recovery/services/vmware-cloud-disaster-recovery/GUID-E5154D72-3755-4555-9809-C74258C5818A.html
https://docs.vmware.com/en/VMware-Cloud-Disaster-Recovery/services/vmware-cloud-disaster-recovery/GUID-7F36FD72-FC12-4BB6-88CC-5E9D00A8FE7B.html
Impact/Risks:
*Applies to the restricted vCenter account*
https://docs.vmware.com/en/VMware-Cloud-Disaster-Recovery/services/vmware-cloud-disaster-recovery/GUID-7F36FD72-FC12-4BB6-88CC-5E9D00A8FE7B.html
Impact/Risks:
*Applies to the restricted vCenter account*
The possible impact tied to refreshing the credentials has to do with the time between steps one and two. Communication between the vCenter and VCDR will fail between steps one and two because the credentials have been changed and the update hasn't been fully applied in the VDCR GUI yet. Typically it is not a problem given that the time between steps one and two can be a matter of seconds.
Feedback
Yes
No
Powered by
