There is an option within the NetApp Storage Replication Adapter to enable SSL for secure communications between the SRA and a NetApp storage controller.  Using it requires that some additional Perl modules be added to the default Perl distribution installed with SRM.

Some have managed to install these libraries by first installing a second instance of ActivePerl and using the graphical package management software to add the libraries there.  Next, the libraries would be copied over to the official SRM Perl directories.  This method is a bit cumbersome.  It’s also made a little more difficult by the fact that older ActivePerl distributions are only available with a paid subscription.  Although things seem to work using a newer version than what’s installed with SRM, I’d prefer to not have a version mismatch.

Luckily, there’s a better way that’s a lot easier to implement.  Thanks to Jancy Joseph for pulling the procedure together.  As you can see, it’s pretty simple:

1. On the SRM server, open a command window.
2. Change the working directory to the location of the Perl binaries included with the SRM distribution:
   cd \Program Files (x86)\VMware\VMware vCenter Site Recovery Manager\external\perl-5.8.8\bin
3. Launch the Perl package manager:
   ppm
4. From the PPM> prompt, add the Bribes package repository:
   ppm> rep add Bribes http://www.bribes.org/perl/ppm
   PPM will indicate that the new repository has been installed:
   
   Repositories:
   [1]ActiveState Package Repository
   [2]Bribes
5. Install the “Tree-DAG_Node” Perl module:
   ppm> install “Tree-DAG_Node”PPM will indicate that the module has been installed:
   Successfully installed Tree-DAG_Node version 1.05 in ActivePerl 5.8.8.817.
6. Install the “Net-SSLeay” Perl module:
   ppm> install “Net-SSLeay”PPM will indicate that the module has been installed:
   Successfully installed Net-SSLeay version 1.41 in ActivePerl 5.8.8.817.
7. Type “exit” to leave PPM and then close the command window.
8. If not already configured, enable SSL on the NetApp storage controller:
   secureadmin setup ssl
   secureadmin enable ssl
9. Verify that SSL is turned on:
   options ssl.enable
10. Using a text editor on the SRM server, edit the SRA configuration file and change the default option “ssl = off” to “ssl = on”.  The default location for the config file is:

    SRM5: <install drive>:\Program Files (x86)\VMware\VMware vCenter Site Recovery Manager\ storage\sra\ONTAP\ontap_config.txt
    
    SRM4: <install drive>:\Program Files\VMware\VMware vCenter Site Recovery Manager\ scripts\SAN\ONTAP\ontap_config.txt

And that’s all there is to it! I should note that this is a global setting per SRA instance, so if the SRA communicates with multiple storage controllers, they will each need to have SSL enabled. And if you have more one SRM server (and of course, you have at least two…) and want them all to use SSL, you’ll need to do this on each server individually.