VMware Cloud Disaster Recovery - Shared Responsibility Model
Introduction
This guide will cover the details of security considerations and implementations for VMware Cloud Disaster Recovery.
VMware Cloud Disaster Recovery is one of VMware’s disaster recovery as a service (DRaaS) offerings for the Amazon Web Services cloud, enabling customers to failover workloads between private data centers and VMware Cloud instances on AWS as well as instances between VMware Cloud on AWS.
VMware Cloud Disaster Recovery has the following components:
- Scale-out Cloud File System (“SCFS”)
- Orchestrator
- DRaaS Connector(s)
VMware has been offering this disaster recovery as a service solution since October 2020 and is protecting production workloads for customers 24x7x365. Maintenance, patching, and upgrades of the above VMware Cloud Disaster Recovery components and the associated VMware Cloud on AWS SDDC(s) is performed by VMware.
Shared Responsibility Model
VMware Cloud Disaster Recovery implements a shared responsibility model that defines distinct roles and responsibilities of the three parties involved in the offering: Customer, VMware, and Amazon Web Services.
Customer responsibility
“Security in the Cloud” – Customers are responsible for the deployment and ongoing configuration of their VMware Cloud Disaster Recovery environment based on this document.
“On-premises Security” - Customer is for responsible for installation, configuration, and continuous operations of all the on-premises software components and hardware in compliance with the PCI requirements. This includes network connection over which the communication between on-premises and cloud components occurs. This could include but is not limited to using encryption where applicable, having processes for regular software security patching, credential rotations, auditing, and user access controls.
VMware responsibility
“Security of the Cloud” – VMware is responsible for protecting the software and systems that make up the VMware Cloud Disaster Recovery service. This software infrastructure is composed of the compute, storage, and networking software comprising the Scale-out Cloud File System (SCFS), Orchestrator and DRaaS Connector.
AWS responsibility
“Security of the Infrastructure” – AWS is responsible for the physical facilities, physical security, infrastructure, and hardware underlying the entire service.
In addition to the VMware Cloud Disaster Recovery shared responsibility model in the cloud, there is also the consideration for certain aspects that may still run in the Customer’s on-premises environments.
Shared Responsibility Matrix
Details on the shared responsibility model employed by VMware Cloud Disaster Recovery can be found in the table below. You can see that a great deal of low-level operational work is handled by the VMware Cloud Disaster Recovery Site Reliability Engineering team leaving the customer to focus on managing their workloads.
Entity | Responsibility / Activity |
---|---|
Customer |
|
VMware |
|
AWS – Amazon Web Services |
|
For a detailed description of the roles and responsibilities for VMware Cloud Disaster Recovery, please refer to the Service Description and documentation available at vmware.com.
References
- VMware Cloud Disaster Recovery Getting Started
- VMware Cloud Disaster Recovery Service Description
- VMware Cloud on AWS Getting Started Guide
- VMware Cloud on AWS Service Description
- VMware Cloud Services Security Overview
- Amazon Web Services: Introduction to AWS Security