8.x uses solution user authentication to establish secure communication to remote services, such as the

Platform Services Controller

and

vCenter Server

. A solution user is a security principal that the

installer generates. The installer assigns a private key and a certificate to the solution user and registers it with the

service. The solution user is tied to a specific

instance. You cannot access the solution user private key or certificate. You cannot replace the solution user certificate with a custom certificate.

After installation, you can see the

solution user in the Administration view of the

. Do not attempt to manipulate the

solution user. The solution user is for internal use by

,

vCenter Server

, and

.

During operation,

establishes authenticated communication channels to remote services by using certificate-based authentication to acquire a holder-of-key SAML token from

.

sends this token in a cryptographically signed request to the remote service. The remote service validates the token and establishes the identity of the solution user.

When you pair

instances across

sites that do not use Enhanced Linked Mode,

creates an additional solution user for the remote site at each site. This solution user for the remote site allows the

at the remote site to authenticate to services on the local site.

When you pair

instances in a

environment with Enhanced Linked Mode,

at the remote site uses the same solution user to authenticate to services on the local site.

requires an SSL/TLS certificate for use as the endpoint certificate for all TLS connections established to

. The

server endpoint certificate is separate and distinct from the certificate that is generated during the creation and registration of a

solution user.

For information about the

SSL/TLS endpoint certificate, see Creating SSL/TLS Server Endpoint Certificates for Site Recovery Manager in the

Site Recovery Manager Installation and Configuration

guide.