Enabling a Protection Site (VCDR)

Setup a Protected Site

VCDR supports two types of protected sites for both the supported deployment scenarios – on-prem vSphere and VMware Cloud on AWS SDDC. 

On-Prem vSphere 

Before configuring the on-prem environment, note the network requirements for the DRaaS connector  and also configuring API token in the  Intro to DR document. Procedure:

  1. In the VMware Cloud Disaster Recovery UI, click Sites > Protected sites.
  2. Click the Set up protected site button in the upper right corner.
  3. In the Setup protected site dialog box, under Site types select On-prem vSphere.
  4. Enter a name for the protected site.
  5. Select a time zone from the drop-down menu, and then click the button on the right to set the time zone for the protected site.
  6. Click Setup.

Graphical user interface, application

Description automatically generated


VMware Cloud on AWS SDDC 

Before you set up a protected site for an SDDC, you must deploy an SDDC and have a network segment already configured for it.

When the protected site is a VMware Cloud on AWS SDDC, the time zone schedule followed for snapshot/replication is dependent on the region of the source SDDC deployment. The time zone cannot be modified and you must adjust the schedule of replication accordingly.  Note:  the SDDC which is being protected should belong to the same account.

  1. In the VMware Cloud Disaster Recovery UI, click Sites > Protected sites.
  2. Click Set up protected site in the upper right corner.
  3. In the Setup protected site dialog box, under Site types select VMware Cloud on AWS.
  4. Under Cloud backup, if there is more than one Cloud backup site deployed in your environment, you can select the backup site. The backup site you select cannot be in the same AWS region where your Recovery SDDC is running.
  5. Under Time Zone, you see that the time zone is set to the same time zone as your recovery SDDC. After the protected site is created, you can change this time zone for the site.

 

 Graphical user interface, text, application

Description automatically generated

  1. Click Next.
  2. Select an SDDC to protect. This SDDC cannot be in the same AWS region where your Recovery SDDC is deployed.
  3. Click Next.

Graphical user interface, text, application, email

Description automatically generated

  1. Create firewall rules. You have a choice when creating the firewall rules. You can allow the system to create firewall rules for the DRaaS Connector (recommended). Or you can manually create those firewall rules from the VMware Cloud Disaster Recovery UI. If you are not sure which to select, see Network Considerations for a Protected SDDC for more information.

Graphical user interface, text, application

Description automatically generated

 

  1. Click Setup. When the site is set up, it is displayed as a protected site.

Deploying DRaaS Connector

The VMware Cloud Disaster Recovery DRaaS Connector is a stateless software appliance that enables replicating VM snapshot deltas from "protected" vSphere sites (on-premises or VMware Cloud on AWS) to cloud backup sites, and back, driven by policies you set in protection groups.

The DRaaS Connector can be redeployed if needed at any time without losing backup data. Software upgrades for it are over-the-air and automatic across time. Each connector provides additional replication bandwidth for the site.

Architecture diagram of a site protected by the DRaaS Connector.

In order to deploy the DRaaS Connector VM, make sure that the vSphere site where you intend to deploy it has the following available resources for the VM:

  • CPU: 8 GHz (reserved)
  • RAM: 12 GiB (reserved)
  • Disk: 100 GiB vDisk
  • Network connectivity
  • Between DRaaS Connector and vCenter and ESXi hosts 
  • Between DRaaS Connector and VMware Cloud Disaster Recovery

Note: For the latest port information, go to ports.vmware.com. 

The following table provides information about ….

 

Port

Source

Destination

Service Description

Purpose

Classification

80

DRaaS Connector (on-premises deployments only)

vCenter Server

vCenter web service

Internal services

Outbound

1759

DRaaS Connector

Scale-out Cloud File System (SCFS)

Encrypted  tunnel for data transfers and metadata operations

Sending data

Outbound

902

DRaaS Connector (needed for on-premises deployments only)

ESXi Management IP addresses

Reading/writing vdisks

Internal services

Outbound

22

DRaaS Connector

SaaS Orchestrator

Software upgrades and remote support access

External services

Outbound

443

DRaaS Connector

SaaS Orchestrator

Management service

External services

Outbound

443

DRaaS Connector

vCenter Server

vCenter Server Web Service

External services

Outbound

443

DRaaS Connector

VMware Auto-support server

Support service

Sending diagnostic data to support

Outbound


Filter Tags

DRaaS Cloud Disaster Recovery Disaster Recovery VMware Cloud on AWS Document Intermediate Deploy