Dear All,
I have this URGENT need of help on how the SRM API allows connection to the external Cloud MGMT Portal (CMP) such as CliQR from CISCO.
We have an issue with external CMP unable to connect to SRM, even with the appropriate vCenter Certificates export from the vCenter as enlisted in "Site Recovery Manager API Developer’s Guide for VMware Site Recovery Manager 6.1. (attached herewith).
The Goal is to have VM's provisioned by CMP to be protected by SRM if they are deployed on to a particular cluster.
The Objective achieved so far:-
- We are able to connect from external CMP to vCenter to deploy workloads to respective Clusters in vCenter.
- We are also able to perform all other relevant activities on a VM as per the options in the CMP.
The Issue: Unable to connect to SRM on port 9007 or 9086 from CliQR CMP to execute the VM protection task. As per the API Documentation
The SRM Web service listens by default on port 9007. It uses SSL to encrypt communications between a client application and the server. The SSL certificate of the target server must reside on the client machine. To access the Web service programmatically, use its URN from a Web services client application, for example: https://<FQDN.hostname.or.IP.Address>:9007
Accessing VMware Site Recovery Manager : The SRM API provides language‐neutral interfaces to the VMware Site Recovery Manager (SRM) server management framework. Interfaces are provided for managing protection groups and recovery plans. Both array based replication and vSphere Replication are supported. Location of the API The SRM 6.0 API is located at the following endpoint and uses the 9086 listener port: https://<SrmServerName>:9086/vcdr/extapi/sdk.
The port number changed again for this release. Since SRM 5.8 it increased by one integer. All services use this single network port, and all communications are TLS encrypted. SSL v3 is disabled for security reasons. The API is implemented as an industry‐standard Web service running on SRM Server. The API complies with the Web Services Interoperability Organization (WS‐I) Basic Profile 1.0, which includes XML Schema 1.0, SOAP version 1.1, and WSDL version 1.1. For details about WS‐I Basic Profile 1.0, see the http://www.ws‐i.org Web site. You can obtain the WSDL for SRM API by requesting file srm.wsdl from the server root path. https://<SrmServerName>:9086/srm.wsdl
We are getting SAML Token authentication error while trying to connect.
Points to be Noted:-
- There is NO Firewall in between the 3 Servers (vCenter, SRM and CMP). They are on the same VLAN.
- SRM itself is working fine and both Main DC and DR sites are paired.
- We are able to perform all the activities manually on SRM, (Creation of Protections Group, Recovery Plan, Configure Protection, Remove Protections, Test Recovery, Clean, Actual Recovery, Failover and Failback without any issues.
Looking for your expert advice on this issues as we are running out of relevant options to try and get this working.
Thanks,
-Yug