Merge pull request #209613 from Sharmistha-Rai/main

Doc bug fixes

Author: prmerger-automator[bot]

articles/site-recovery/vmware-azure-architecture.md

@@ -31,7 +31,7 @@ The following table and graphic provide a high-level view of the components used
 For Site Recovery to work as expected, you need to modify outbound network connectivity to allow your environment to replicate.
 
 > [!NOTE]
-> Site Recovery doesn't support using an authentication proxy to control network connectivity.
+> Site Recovery of VMware/Physical machines using Classic architecture doesn't support using an authentication proxy to control network connectivity. The same is supported when using the [modernized architecutre](vmware-azure-architecture-preview.md).
 
 ### Outbound connectivity for URLs
 

articles/site-recovery/vmware-azure-set-up-replication-tutorial-preview.md

@@ -28,7 +28,8 @@ In this tutorial, you learn how to:
 VMware to Azure replication includes the following procedures:
 
 - Sign in to the [Azure portal](https://portal.azure.com/).
-- Prepare Azure account
+- Prepare an Azure account.
+- Prepare an account on the vCenter server or vSphere ESXi host, to automate VM discovery.
 - [Create a recovery Services vault](./quickstart-create-vault-template.md?tabs=CLI)
 - Prepare infrastructure - [deploy an Azure Site Recovery replication appliance](deploy-vmware-azure-replication-appliance-preview.md)
 - Enable replication
@@ -61,6 +62,28 @@ Use the following steps to assign the required permissions:
 
 2. In case the **App registrations** settings is set to *No*, request the tenant/global admin to assign the required permission. Alternately, the tenant/global admin can assign the Application Developer role to an account to allow the registration of AAD App.
 
+## Prepare an account for automatic discovery
+
+Site Recovery needs access to VMware servers to:
+
+- Automatically discover VMs. At least a read-only account is required.
+- Orchestrate replication, failover, and failback. You need an account that can run operations such
+  as creating and removing disks, and powering on VMs.
+
+Create the account as follows:
+
+1. To use a dedicated account, create a role at the vCenter level. Give the role a name such as
+   **Azure_Site_Recovery**.
+2. Assign the role the permissions summarized in the table below.
+3. Create a user on the vCenter server or vSphere host. Assign the role to the user.
+
+### VMware account permissions
+
+**Task** | **Role/Permissions** | **Details**
+--- | --- | ---
+**VM discovery** | At least a read-only user<br/><br/> Data Center object -> Propagate to Child Object, role=Read-only | User assigned at datacenter level, and has access to all the objects in the datacenter.<br/><br/> To restrict access, assign the **No access** role with the **Propagate to child** object, to the child objects (vSphere hosts, datastores, VMs and networks).
+**Full replication, failover, failback** |  Create a role (Azure_Site_Recovery) with the required permissions, and then assign the role to a VMware user or group<br/><br/> Data Center object –> Propagate to Child Object, role=Azure_Site_Recovery<br/><br/> Datastore -> Allocate space, browse datastore, low-level file operations, remove file, update virtual machine files<br/><br/> Network -> Network assign<br/><br/> Resource -> Assign VM to resource pool, migrate powered off VM, migrate powered on VM<br/><br/> Tasks -> Create task, update task<br/><br/> Virtual machine -> Configuration<br/><br/> Virtual machine -> Interact -> answer question, device connection, configure CD media, configure floppy media, power off, power on, VMware tools install<br/><br/> Virtual machine -> Inventory -> Create, register, unregister<br/><br/> Virtual machine -> Provisioning -> Allow virtual machine download, allow virtual machine files upload<br/><br/> Virtual machine -> Snapshots -> Remove snapshots, Create snapshot, Revert snapshot.| User assigned at datacenter level, and has access to all the objects in the datacenter.<br/><br/> To restrict access, assign the **No access** role with the **Propagate to child** object, to the child objects (vSphere hosts, datastores, VMs and networks).
+
 ## Prepare infrastructure - set up Azure Site Recovery Replication appliance
 
 You need to [set up an Azure Site Recovery replication appliance on the on-premises environment](deploy-vmware-azure-replication-appliance-preview.md) to channel mobility agent communications.

articles/site-recovery/vmware-azure-troubleshoot-push-install.md

@@ -118,9 +118,9 @@ To resolve the error:
 
 * Ensure that the network shared folders on your virtual machine, are accessible from the process server. Check the steps [here](vmware-azure-troubleshoot-push-install.md#check-access-for-network-shared-folders-on-source-machine-errorid-9510595523).
 
-* From the source server machine command line, use `Telnet` to ping the configuration server or scale-out process server on HTTPS port 135 as shown in the following command. This command checks if there are any network connectivity issues or firewall port blocking issues.
+* From the configuration server or scale-out process server command line, use `Telnet` to ping the source VM on port 135 as shown in the following command. This command checks if there are any network connectivity issues or firewall port blocking issues.
 
-  `telnet <CS/ scale-out PS IP address> <135>`
+  `telnet <Source IP address> <135>`
 
 * Additionally, for a Linux VM:
   * Check if latest OpenSSH, OpenSSH Server, and OpenSSL packages are installed.