Enabling a Protection Site (VCDR)
Setup a Protected Site
VCDR supports two types of protected sites for both the supported deployment scenarios – on-prem vSphere and VMware Cloud on AWS SDDC.
On-Prem vSphere
Before configuring the on-prem environment, note the network requirements for the DRaaS connector and also configuring API token in the Intro to DR document. Procedure:
- In the VMware Cloud Disaster Recovery UI, click Sites > Protected sites.
- Click the Set up protected site button in the upper right corner.
- In the Setup protected site dialog box, under Site types select On-prem vSphere.
- Enter a name for the protected site.
- Select a time zone from the drop-down menu, and then click the button on the right to set the time zone for the protected site.
- Click Setup.
VMware Cloud on AWS SDDC
Before you set up a protected site for an SDDC, you must deploy an SDDC and have a network segment already configured for it.
When the protected site is a VMware Cloud on AWS SDDC, the time zone schedule followed for snapshot/replication is dependent on the region of the source SDDC deployment. The time zone cannot be modified and you must adjust the schedule of replication accordingly. Note: the SDDC which is being protected should belong to the same account.
- In the VMware Cloud Disaster Recovery UI, click Sites > Protected sites.
- Click Set up protected site in the upper right corner.
- In the Setup protected site dialog box, under Site types select VMware Cloud on AWS.
- Under Cloud backup, if there is more than one Cloud backup site deployed in your environment, you can select the backup site. The backup site you select cannot be in the same AWS region where your Recovery SDDC is running.
- Under Time Zone, you see that the time zone is set to the same time zone as your recovery SDDC. After the protected site is created, you can change this time zone for the site.
- Click Next.
- Select an SDDC to protect. This SDDC cannot be in the same AWS region where your Recovery SDDC is deployed.
- Click Next.
- Create firewall rules. You have a choice when creating the firewall rules. You can allow the system to create firewall rules for the DRaaS Connector (recommended). Or you can manually create those firewall rules from the VMware Cloud Disaster Recovery UI. If you are not sure which to select, see Network Considerations for a Protected SDDC for more information.
- Click Setup. When the site is set up, it is displayed as a protected site.
Deploying DRaaS Connector
The VMware Cloud Disaster Recovery DRaaS Connector is a stateless software appliance that enables replicating VM snapshot deltas from "protected" vSphere sites (on-premises or VMware Cloud on AWS) to cloud backup sites, and back, driven by policies you set in protection groups.
The DRaaS Connector can be redeployed if needed at any time without losing backup data. Software upgrades for it are over-the-air and automatic across time. Each connector provides additional replication bandwidth for the site.
In order to deploy the DRaaS Connector VM, make sure that the vSphere site where you intend to deploy it has the following available resources for the VM:
- CPU: 8 GHz (reserved)
- RAM: 12 GiB (reserved)
- Disk: 100 GiB vDisk
- Network connectivity
- Between DRaaS Connector and vCenter and ESXi hosts
- Between DRaaS Connector and VMware Cloud Disaster Recovery
Note: For the latest port information, go to ports.vmware.com.
The following table provides information about ….
Source | Destination | Service Description | Purpose | Classification | |
80 | DRaaS Connector (on-premises deployments only) | vCenter Server | vCenter web service | Internal services | Outbound |
1759 | DRaaS Connector | Scale-out Cloud File System (SCFS) | Encrypted tunnel for data transfers and metadata operations | Sending data | Outbound |
902 | DRaaS Connector (needed for on-premises deployments only) | ESXi Management IP addresses | Reading/writing vdisks | Internal services | Outbound |
22 | DRaaS Connector | SaaS Orchestrator | Software upgrades and remote support access | External services | Outbound |
443 | DRaaS Connector | SaaS Orchestrator | Management service | External services | Outbound |
443 | DRaaS Connector | vCenter Server | vCenter Server Web Service | External services | Outbound |
443 | DRaaS Connector | VMware Auto-support server | Support service | Sending diagnostic data to support | Outbound |