You can protect and recover encrypted VMs by using a Storage Policy Protection Group (SPPG).

About this task

After you create a storage policy, you must edit the rule set of your storage policy by using the following procedure.


  • Complete the prerequisites in Prerequisites for Storage Policy Protection Groups

  • Ensure that the recovery and protected sites use a common Key Management Server (KMS) or that the Key Management Server clusters at both sites use common encryption keys. For information about how to set up a Key Management Server cluster, see the VMware vSphere ESXi and vCenter Server 6.5 documentation.


  1. On the Rule set page of the VM Storage Policy wizard, select Use rule-sets in the storage policy and ensure that the Tag based replacement option is selected for the Storage Type.
  2. Click <Add rule> and click Tags from category.
  3. In the <Select category>, click your category.
  4. Ensure that Tagged with any one of … is selected for Tags from category.
  5. Click Add tags… and select your tag.

What to do next

  1. Create a storage policy mapping and ensure that the storage policy on the recovery site is the same as the policy on the protected site. For information about how to create a storage policy mapping, see Select Storage Policy Mappings

  2. Create a storage policy protection group. For information about how to create a storage policy protection group, see Create Protection Groups.