VMware Cloud Disaster Recovery is VMware's on-demand disaster recovery service that is delivered as an easy-to-use SaaS solution and offers cloud economics to keep your disaster recovery costs at a minimum.
These release notes provide information about VMware Cloud Disaster Recovery (commonly called VCDR or VMware Cloud DR) product features, system requirements and software support, caveats and limitations, and any known or fixed issues related to the service.
18 August 2023
Protect workloads with 15 minute RPO (Preview): Protect your workloads using high-frequency snapshots to achieve RPOs as low as 15 minutes. You can view more details on the caveats and restrictions of this Preview feature.
17 July 2023
Run recovered VMs directly on the cloud file system: Enjoy faster failover times and more eficient failback by running VMs on the cloud file system. This option replaces vSAN storage requirements for specified DR Plans at failover time, thus eliminating the storage vMotion requirement when failing over workloads to the recovery SDDC. This reduces the total time needed to complete the failover step. Failback operations are also faster by eliminating data transfer from the recovery SDDC to the cloud file system. Find more details on this blog post.
Performance metrics for VMs running live on the cloud file system: Review cloud file system detailed performance metrics for VMs that are running live on the cloud file system. New performance metrics include: Input/Output Operations Per Second (IOPS), throughput (data transfer rate), latency, cache hit rate, and replication throughput.
AWS Direct Connect enhancements: Save configuration time when managing the AWS Direct Connect feature with the ability to edit the protected site CIDR block to unset the connection. You can also configure AWS Direct Connect for VIFs that terminate in an AWS region different from where VMware Cloud DR is deployed.
Google Cloud VMware Engine (GCVE) SDDC source protection (General Availability): Expand and simplify ransomware and disaster recovery for your multi-cloud environment by protecting your GCVE workloads with VMware Cloud DR and VMware Ransomware Recovery.
VMware Cloud on AWS Outposts source protection (Preview): Expand and simplify ransomware and disaster recovery for your multi-cloud environment by protecting your VMware Cloud on AWS Outposts workloads with VMware Cloud DR and VMware Ransomware Recovery. This feature is currently in Preview.
Perform ransomware recovery on multiple VMs at the same time: Reduce ransomware recovery time by performing workflow operations on multiple VMs at a time. Examples include: starting VMs in validation, selecting snapshots, executing threat analysis and vulnerability scanning, staging VMs for recovery, and VM recovery.
Country selector for processing Ransomware Recovery data: Support data sovereignty requirements and decrease latency when enabling threat analysis services in VMware Cloud DR by choosing the geographical location where ransomware analysis data will be processed.
AWS Middle East (Bahrain):Protect and recover your workloads in the AWS Middle East (Bahrain) region.
Event and compliance check enhancements when deleting hosts or recovery SDDCs: Better understand recovery environment changes with enhanced recovery SDDC and SDDC host reporting:
Deleting a recovery SDDC will log an event which you can view on the Monitoring page in VMware Cloud DR.
Renaming or deleting a host on a recovery SDDC will be flagged in plan compliance reports for recovery plans that reference that SDDC.
Improved CLI for detaching high-frequency snapshots from VMs: Reduce high-frequency snapshot administrative cycles when using the DRaaS Connector CLI for detaching high-frequency snapshots from VMs. This CLI has been consolidated to a single command that enables detaching high-frequency snapshots from individual or multiple VMs at a time.
Attach PCI-hardened SDDC as a protected site: PCI compliance support is improved with the ability to add a PCI-hardened SDDC as a VMware Cloud DR protected site. Adding a PCI-hardened SDDC requires creating a management gateway firewall rule to allow communication between the SDDC and VMware Cloud.
Scale down a 3 host Recovery SDDC to 2 hosts: Save configuration time by scaling down a 3 host recovery SDDC to 2 hosts within the VMware Cloud DR console.
24 March 2023
VMware Cloud DR and VMware Cloud Flex Storage compatibility. VMware Cloud DR can now protect VMware Cloud on AWS SDDCs that have attached VMware Cloud Flex Storage datastores. This same compatibility exists for VMware Cloud on AWS SDDCs that have attached Amazon FSx for NetApp ONTAP datastores. The VMware Cloud DR protected SDDC must be in a separate AWS region from the recovery SDDC.
8 February 2023
VMware Cloud DR and VMware Cloud Flex Storage compatibility. VMware Cloud DR and VMware Cloud Flex Storage are now compatible, and you can have both services in the same organization as long as the deployments are in different regions.
25 January 2023
Multi-cloud DR for Google Cloud VMware Engine workloads (Preview): Protect your virtual machines running in Google Cloud VMware Engine across cloud providers using VMware Cloud Disaster Recovery. Deploy the DRaaS Connector on your Google Cloud VMware Engine clusters to start replicating the virtual machines running there to a VMware Cloud DR instance in a VMware Cloud on AWS region for multi-cloud disaster and ransomware protection.
15 December 2022
AWS Africa (Cape Town): Protect and recover your workloads in the AWS Africa (Cape Town) region.
18 October 2022
VMware Cloud DR feature add-on: VMware Ransomware Recovery: Recover from ransomware attacks in a predictable and secure manner and solve several recovery pain points:
Establish a secure, on-demand Isolated Recovery Environment (IRE) which is used for restore point validation.
Leverage a dedicated ransomware recovery workflow that facilitates a predictable recovery process and includes a recovery testing workflow which prepares teams to effectively respond to ransomware attacks.
Using change rate and entropy rate metrics to find the best restore points for validation.
Validate selected restore points with embedded Next Gen AV and Behavioral Monitoring, which ensures workloads are safe to restore to production.
Simplified, push-button VM isolation levels help prevent reinfection.
AWS Asia-Pacific (Hong Kong): Protect and recover your workloads in the AWS Asia-Pacific (Hong Kong) region.
Disable high-frequency snapshots on a PG: When high-frequency snapshot configuration is no longer desired, disable high-frequency snapshots with an easy-to-use CLI option.
DRaaS Connector Throughput Performance Check: Display logical and physical throughput between the DRaaS Connector and the cloud file system during replication and restore operations using a CLI option.
Support for i4i instance types: Enjoy improved compute, networking and application performance by adding i4i hosts in your recovery SDDC. For more information on the i4i instance type, refer to VMware Cloud documentation, found here. Due to limited regional availability of i4i instance types, please contact support to enable option to select i4i instance in the UI. For more information on currently supported regions, see the VMware Cloud on AWS Release Notes and this blog.
21 September 2022
VM term subscriptions: Plan ahead and receive lower prices when you purchase a 1-year or 3-year term subscription for protected Virtual Machines. The previous on-demand consumption model will continue to be supported for those who do not desire a subscription commitment. For more details, see the pricing page.
Complete on-demand mode: Consume VMware Cloud Disaster Recovery in a fully on-demand mode by foregoing the creation of term subscriptions. Data capacity and protected VM count will be metered hourly and billed monthly. A minimum of 10 TiB of data capacity per Orchestrator recovery region applies across a subscription region, irrespective of usage. As a result of enabling complete on-demand consumption of VMware Cloud Disaster Recovery, the previous Pilot mode option will be deprecated. For more details, see the pricing page.
2-tier support: Distributors can leverage a new VMware Cloud DR commerce option that enables making monthly payments associated with their Commitment Based Contract (CBC) with VMware. The distributor will be charged monthly by VMware based on the cumulative reseller and end customer consumption of VCDR. This new commerce option is a continuation of improvements aimed at simplifying partner ecosystem support surrounding self-service configuration of services and purchases of VMware Cloud DR subscriptions.
Global DR Console notifications: Get visibility into life cycle of Global DR Console components by receiving notifications regarding recovery region deployment, recovery region deactivation, request access, and subscription creation via a banner on the Global DR Console UI and email.
Seller mobility: Ensure that an up-to-date seller-of-record is set when creating a new VMware Cloud DR subscription by editing the Seller field. Editing of seller-of-record is possible when creating new VMware Cloud DR subscriptions in a subscription region that does not have any active subscriptions. Once a subscription is active, the seller-of-record will be fixed for all subsequent subscriptions created in that subscription region.
29 July 2022
Forward event log to vRealize Log Insight Cloud: Forward event logs to vRealize and analyze event logs related to protection, recoverability, and user interactions. You can forward VMware Cloud DR logs within a specific time range in the past, from a time starting in the past to the present, from a time in the past going forward, or from the present moving forward.
Export global VM list with Protection Group mappings: Export a global list to CSV that shows the VM name, the protected site where the VM originates, the site vCenter IP address, how many protection groups the VM belongs to, the names of those protection groups, and the directory path of the VM's VMX file on the protected site vCenter.
Protect up to 6000 VMs in a vCenter: VMware Cloud DR now supports even higher scale with support for protection of up to 6000 VMs. To enable such scale, you can now register a single vCenter to multiple protected sites. Protecting 6000 VMs in a single vCenter requires four separate protected sites, each with its own cloud file system (four cloud file systems).
View VM snapshot delta and change rate: View logical (delta) bytes transmitted and change rate during snapshot replication at the VM level. This information helps you understand the timing and magnitude of change that a VM might have undergone. This information can help find a clean VM copy prior to a ransomware attack or help troubleshoot and analyze workload patterns. Snapshots also report the VM change rate since the last snapshot of a VM was taken.
SLA Status and notifications: VMware Cloud DR SLA Status view now displays status for Protection and Recoverability. From a high level, you can view status for all items related to Protection, including protected sites, protection groups, snapshots, and cloud file systems. And, you can view the status of all things related to Recoverability, such as DR Plans, cloud file systems, and recovery SDDCs. Additionally, when status needs attention, the dashboard displays a banner indicating the reason for a change in status and provides a link to the item in question.
Seamlessly switch between public internet and AWS Direct Connect: Previously, once you chose a connectivity option for a protected site, either AWS Direct Connect or Public internet, you could not change the setting. Now you can switch between these two connectivity options for a protected site
13 April 2022
Support for AWS Direct Connect Private VIF: VMware Cloud DR now supports Amazon Web Services(AWS) Direct Connect (DX) private virtual interface (VIF) for on-premises protected site networks. AWS Direct Connect provides a dedicated network connection between your on premises data center and AWS services, which allows for high bandwidth and a more secure connection. To learn more, click here.
Additional details added to events list: View detailed information for a selected event underneath the events list including information such as start time, end time, and for snapshot jobs, the number of VMs in snapshot and the amount of snapshot data transferred. Also, you can open the snapshot log to view all events for the related snapshot to find any failed or missed snapshot replications.
Enhancements to protection group page: View all events related to a protection group in a single place under a dedicated tab for events in the protection group page. Additionally, the protection group list now shows the health status, logical storage capacity, last snapshot information and access to the snapshot log for each protection group.
Snapshot usability enhancements: Edit snapshots in a protection group to change a snapshot's name and retention schedule. Also multi-select multiple snapshots and edit all of their retention schedules in a bulk operation.
Default Protection Group schedule optimized for Ransomware Recovery: When creating or editing a protection group, get a recommended 60 day snapshot retention schedule to ensure effective ransomware recovery.
Enhanced compliance checks: DR Plan compliance checks now provide flags about a plan's protection group health and indicate if any VMs in the snapshot were not snapshotted according to the protection group configuration.
Reuse saved settings for DRaaS connector deployment: Easily deploy additional DRaaS connectors by reusing existing settings from previous connector deployment.
REST APIs for monitoring (Preview): Build automation by leveraging VMware Cloud DR public REST APIs to retrieve information about protected VMs, protected sites, protection groups, snapshots, cloud file system and recovery SDDCs. REST APIs have been released in preview and future releases of REST APIs will not be backwards compatible with this release.
Network design simplifications: Simplify your DR network design by only using Port 443 for communication between DRaaS Connector and Orchestrator. For latest network port diagram, please click here.
Protect workloads on sites with stretched clusters: Protect your vSphere workloads on sites with stretched cluster enabled using VMware Cloud DR. The protected site could be an on-premises data center or VMware Cloud on AWS SDDC with stretched cluster enabled.
6 January 2022
PCI DSS AOC/ROC: VMware Cloud DR is now compliant with hardening requirements for Payment Card Industry Data Security Standard (PCI DSS). Please refer to our Shared Responsibility Model to review details of security considerations and implementations. You can download our PCI DSS Attestation of Compliance on VMware Cloud Trust Center or reach out to your sales representative for our Report of Compliance.
20 December 2021
SOC 2 Type 2 and SOC 3: We have obtained our SOC 2 Type 2 and SOC 3 Reports of Compliance. You can download our SOC 3 report on VMware Cloud Trust Center or reach out to your sales representative for our SOC 2 Type 2 report. VMware Cloud Disaster Recovery TM SOC 2 Type 2 and SOC 3: We have obtained our SOC 2 Type 2 and SOC 3 Reports of Compliance. You can download our SOC 3 report on VMware Cloud Trust Center or reach out to your sales representative for our SOC 2 Type 2 report.
17 December 2021
Global Console: View, activate and deactivate all your VMware Cloud DR deployments from a single UI. The VMware Cloud DR Global Console offers SaaS-simple workflows to deploy in new recovery regions and create new subscriptions. Provide role-based access control to Global Console with new service roles. You can find more details about service roles in the documentation.
Multi-region support: Protect your workloads to multiple recovery regions each with its own Orchestrator and cloud file systems in the same VMware Cloud Organization. Seamlessly switch between various recovery regions from VMware Cloud Disaster Recovery UI.
6 December 2021
File-level Recovery: Leverage VMware Cloud DR for operational restores and ransomware recovery by extracting guest files from an older snapshot of the VM. Use the VMware Cloud DR UI to browse the guest file system across any snapshot, and download a specific set of files or folders as a zip archive. See more details, see Recover Guest Files.
Application consistent snapshots with OS quiescing: Protection groups now support quiesced snapshots, which ensure that a snapshot represents a consistent state of the guest file systems of VMs in the group. From a quiesced snapshot you can restore the VM and its application to the same state as before a snapshot was taken. For more information, see App-consistent Snapshots with Quiescing.
Protect workloads running on VMware Cloud on AWS SDDC with low RPOs: Protect your workloads running on VMware Cloud on AWS SDDC using high-frequency snapshots to achieve RPOs as low as 30 minutes. The protected VMware Cloud on AWS SDDC should be version 1.16 or higher.
Convert protection groups from standard-frequency snapshots to high-frequency snapshots: Seamlessly convert protection groups to use high-frequency snapshots and achieve RPOs as low as 30 minutes without requiring a re-seeding of the VM data. Once a protection group is converted to use high-frequency snapshots, it cannot be reverted back.
IP address access list: Enhance the security of your DR environment by adding IP addresses and/or CIDR blocks to an allow-list so that access to the VMware Cloud DR scale-out cloud file system, orchestrator, and UI is only permitted from those IP addresses.
Custom user for protected vCenter registration: Register the vCenter in your on-premises protected site using a custom vCenter user with the minimal set of permissions required by the DRaaS Connector for protection and replication operations. Manually update the user to add other permissions required for failback only when necessary. Now use the VMware Cloud DR UI for this registration method. Use a human-readable custom script to create the vCenter user and role with minimal privileges.
In-product feedback: Provide instant feedback on your experience using VMware Cloud DR from within the UI.
Connectivity checker: Test communication between the connector and the VMware Cloud Disaster Recovery Orchestrator, cloud file system, and Auto-support server, and the protected site vCenter and ESXi hosts by using the DRaaS Connector CLI.
Improved replication progress reporting: Monitor the real time progress of snapshot replication in greater detail with the Tasks list, which shows percentage of data being transferred, the amount of data being transferred, the data transfer rate during and after the task. You can also view replication throughput from the Topology map for in-progress snapshot tasks.
VMware HCX interop: Migrate workloads using VMware HCX to VMware Cloud on AWS SDDCs while having them protected with VMware Cloud DR.
Protect workloads running on vSphere 7.0 update 3: Protect workloads running on sites that are on vSphere 7.0 Update 3.
Support for 2-host i3en.metal: Reduce your steady state and recovery infrastructure costs by using 2-host i3en.metal SDDCs.
Multiple 2-host clusters in recovery SDDC: Optimize recovery infrastructure costs by adding a 2-host secondary cluster to your 2-host pilot light cluster.
Scale up from 1-host to 2-host: Scale up from a non-durable 1-host SDDC to a durable 2-host recovery SDDC (on-demand option). This is ideal for customers running evaluation using a 1-host pilot-light SDDC who then want to upgrade their pilot-light SDDC for permanent usage.
AWS Asia-Pacific (Osaka) region: Protect and recover your workloads in AWS Asia-Pacific (Osaka) region.
14 October 2021
ISO 27001/27017/27018: VMware Cloud DR has achieved the International Organization for Standardization (ISO) certificate, supporting 27001, 27017, and 27018 standards. Please visit the VMware Cloud Trust Center to learn more and download ISO certificates.
5 October 2021
Purchase through Managed Service Providers (MSP): Purchase VMware Cloud DR through your preferred Managed Service Provider (MSP) and use Cloud Partner Navigator (CPN) to onboard and access the service. Your MSP will handle the billing, support, and activation of VMware Cloud DR deployment for you.
2 September 2021
30-minute RPO: Confidently protect your most critical virtual machines running on your on-premises datacenter with VMware Cloud DR by configuring protection schedules with Recovery Point Objectives (RPOs) as low as 30 minutes, so that the risk of data loss from unforeseen DR events is minimized. VMware vCenter Server and ESXi on the source site should be upgraded to 7.0 Update 2c-vcdr to enable 30-minute RPOs. See documentation on caveats for this feature.
31 August 2021
Purchase online using credit card: Get started quickly with your VMware Cloud DR evaluation by purchasing online using a credit card as your payment method.
4 August 2021
Bring your existing recovery SDDC: Maximize your investment in VMware Cloud on AWS by using an existing SDDC created from the VMware Cloud console, for recovery with VMware Cloud Disaster Recovery. Clusters and hosts added to VMware Cloud DR from the VMware Cloud console are automatically recognized by VMware Cloud Disaster Recovery.
User actions added to events list: View a log of user actions such as log in, log out, configuration changes, and DR Plan executions in the Monitor view of the VMware Cloud DR UI. The user ID and the source IP address are shown for each item in the Events list, enhancing your ability to audit user actions.
Protect workloads running in VMware Cloud Foundation: Expand your DR strategy to include protection of your virtual machines running in VMware Cloud Foundation (VCF).
DR protection for up to 2500 VMs per-AWS region: Protect larger environments by replicating up to 2500 virtual machines to a single AWS region in a VMware Cloud organization. You might need to split 2500 VMs across multiple VMware Cloud DR cloud file systems for larger protected capacity scale. See VMware Configuration Maximum tool for operational scale limits of VMware Cloud Disaster Recovery.
Replication throughput in UI: See the network throughput of the replication data traffic between the source site and the target VMware Cloud DR cloud file system. The throughput can be viewed in the Dashboard Topology map and on the Protected Sites page in the VMware Cloud DR UI.
AWS Europe (Milan) region: You can now protect and recover your vSphere virtual machines in the AWS Europe (Milan) region.
27 July 2021
Disaster Recovery in VMware Cloud Launchpad. Accelerate your Disaster Recovery implementation with step-by-step guidance, relevant tools and a rich set of resources using VMware Cloud Launchpad. Click on "Learn More" under "Disaster Recovery" to navigate to launch your DR journey. This experience is available to everyone without requiring login to VMware Cloud.
16 July 2021
Pilot deployment for AWS Seller of Record. You can now try VMware Cloud DR as a "pilot" before committing to a term subscription, even when you have purchased it with AWS as seller of record. Pilot deployments are charged at a fixed hourly rate and include 5 TiB of protected capacity and 25 protected virtual machines. Any usage beyond these limits will incur charges at the applicable per-TiB overage and per-VM on-demand rates. Once you are done with your evaluation, create a 1-year or 3-year committed term subscription to seamlessly convert this to a standard deployment and continue using the service. Please refer to the VMware Cloud DR pricing page for additional details.
23 June 2021
Intra-region DR in VMware Cloud on AWS: Protect your VMs running in VMware Cloud on AWS to a designated recovery Availability Zone within the same AWS region, ensuring your data stays in the same region even after recovery. See here for more information.
Cloud File System deployment wizard: Deploy the Cloud File System for replication and recovery using a self-service wizard in the VMware Cloud DR UI. See here for more information.
SOC 2, Type 1 Compliance: System & Organization Control (SOC) Reports are independent, third-party examination reports that demonstrate how VMware Cloud DR achieves key compliance controls and objectives to meet SOC 2, Type 1 requirements. The purpose of these reports is to help you and your auditors understand the controls established to support operations and compliance.
Avoid full re-sync even when CBT is deactivated on the protected site: Fall back to a fingerprint-based method to efficiently calculate the delta when Change Block Tracking (CBT) is deactivated on the protected site. This helps to avoid a re-transfer of all the virtual machine data and reduces interruptions to DR protection.
Auto-exclude management virtual machines from protection groups: vSphere Cluster Services (vCLS) VMs, DRaaS Connector VMs and VMware Cloud on AWS management VMs are now automatically excluded from protection groups.
Capacity limit monitoring: View the currently protected storage capacity relative to the maximum capacity limit of the Cloud File System. This metric is displayed as a percentage value in the cloud file system information panel. See here for more information.
Usability enhancement: The global summary page now shows number of running DR plans.
7 May 2021
CSA Trusted Cloud Provider: VMware Cloud DR is now a Cloud Security Alliance (CSA) Trusted Cloud Provider and registered as a Security, Trust, Assurance and Risk (STAR) Level One service. CSA is an organization dedicated to defining best practices to help ensure a secure cloud computing environment. STAR Registry is a publicly accessibly registry that documents the security and privacy controls. You can find the VMware Cloud DR STAR Register listing, including the downloadable CAIQ here.
27 April 2021
The following new features are available or in preview for the new release:
Definitions
Available: Feature now available for use by applicable customers. May not be available in all AWS regions.
Preview: Feature released in preview to gather feedback. May not be available to all applicable customers or in all AWS regions*.
*We cannot guarantee that features marked as ‘Preview’ will become available within any particular time frame or at all. Make your purchase decisions only on the basis of features that are Available.
Pilot deployment: Try out VMware Cloud DR as a "pilot" before committing to a term subscription. Pilot deployments are charged at a fixed hourly rate and include 5 TiB of protected capacity and 25 protected virtual machines. Any usage beyond these limits will incur charges at the applicable per-TiB overage and per-VM on-demand rates. Once you are done with your evaluation, create a 1-year or 3-year committed term subscription to seamlessly convert this to a standard deployment and continue using the service. Please refer to the VMware Cloud DR pricing page for additional details.
Monthly payment option for term subscriptions: Get additional payment flexibility with a new option to pay for 1-year or 3-year committed term subscriptions in monthly installment rather than paying for it all upfront. Please refer to the VMware Cloud DR pricing page for additional details.
Faster replication: Achieve faster initial backup ingest and higher steady state replication throughput through several optimizations of the Scale-out Cloud File System and the DRaaS Connector. Improvements include parallel processing of multiple protection groups, improved selection of optimal Connector for remote sites, and automatic tuning of certain parameters.
Enhanced recovery performance: An accelerated cache within the Scale-out Cloud File System now enables enhanced performance of your recovered virtual machines and faster completion of the Storage vMotion to VMware Cloud on AWS. This functionality is fully managed by the service with no need for user configuration.
Cancellation option for replication in-progress: Exercise greater control over your ongoing protection operations with the ability to cancel a running snapshot task from the VMware Cloud DR UI.
Direct Connect (Public VIF) for replication and failback traffic: Use AWS Direct Connect with public virtual interfaces (Public VIF) to carry replication, failback, and management traffic between your on-premises protected site and VMware Cloud DR over a high-bandwidth, low-latency network connection. For more details, please refer to this VMware Cloud DR documentation page.
Support for protected sites running vSphere 7.0 Update 2: You can now protect virtual machines in sites running vSphere 7.0 Update 2. Refer to the VMware Product Interoperability Matrix for the latest information on interoperability of VMware Cloud DR with other VMware solutions.
Choose seller of record for Recovery SDDC: Optimize your cloud spend by choosing between VMware or AWS as the seller of record while deploying your Recovery SDDC, regardless of the seller of record for VMware Cloud DR itself. For more details on your purchase options, please refer to the VMware Cloud DR documentation.
Custom user for protected vCenter registration (*Preview): Register the vCenter in your on-premises protected site using a custom vCenter user with the minimal set of permissions required by the DRaaS Connector for protection and replication operations. Manually update the user to add other permissions required for failback only when necessary.
Run recovered VMs off cloud filesystem (*Preview): Achieve faster failover times and failback sooner by recovering your virtual machines directly on the Scale Out Cloud File System and skipping the storage migration to VMware Cloud on AWS. The virtual machine storage continues to be served from the cloud filesystem. Before using this feature, please consult the Caveats and Limitations section below.
23 March 2021
Inter-region DR in VMware Cloud on AWS: Protect your virtual machines running in VMware Cloud on AWS across cloud regions using VMware Cloud Disaster Recovery. Deploy the DRaaS Connector on your VMware Cloud on AWS clusters to start replicating the virtual machines running there to a VMware Cloud DR instance in another VMware Cloud on AWS region. Use VMware Cloud DR's orchestrated recovery capabilities to perform DR tests and failovers in a VMware Cloud on AWS SDDC in the target region.
2-host pilot light and recovery SDDCs: Lower your steady state DR costs by deploying an i3.metal 2-host VMware Cloud on AWS SDDC to serve as a pilot light cluster for VMware Cloud Disaster Recovery. For DR tests and failovers, scale up the pilot light SDDC into a full-sized recovery site by adding more clusters to it. After the test or failover, scale back down to the 2-host footprint by removing the additional recovery clusters.
New AWS regions: You can now protect and recover your vSphere virtual machines in the following additional AWS regions: Asia Pacific (Seoul), Europe (Stockholm), and South America (São Paulo).
Support for protected sites running vSphere 7.0 Update 1: You can now protect virtual machines in sites running vSphere 7.0 Update 1. Refer to the VMware Product Interoperability Matrix for the latest information on interoperability of VMware Cloud DR with other VMware solutions.
Multi-instance support for increased scalability: Deploy multiple instances of the scale-out cloud file system and multiple recovery SDDCs in the target region to protect a large volume of virtual machine data and a large number of virtual machines. Orchestrate company-wide DR testing and failovers from a single, federated VMware Cloud DR management console spanning across all instances.
HIPAA BAA: A HIPAA Business Associate Agreement (BAA) is available for VMware Cloud DR to help healthcare organizations stay in compliance while ensuring DR protection of their critical applications.
Enhanced replication resiliency: Benefit from increased resiliency of the replication process against transient network outages and temporary unavailability of the cloud file system due to cloud upgrades. The progress of a replication job is now saved periodically so that it can continue from that point onwards when the transient situation is resolved.
21 January 2021
New AWS region: You can now protect and recover your vSphere virtual machines in the Asia Pacific (Tokyo) AWS region.
17 December 2020
New AWS regions:You can now protect and recover your vSphere virtual machines in the following additional AWS regions: Europe (Ireland), Europe (Paris), and Asia Pacific (Mumbai).
Support for I3en hosts in Recovery SDDC: You can now provision I3en hosts in your Recovery SDDC and use them for recovery operations.
Support for multiple vSphere clusters in Recovery SDDC: You can now add multiple vSphere clusters to your Recovery SDDC to increase your recovery capacity.
Faster recovery: Failover now happens faster as virtual machines are powered on in parallel in batch sizes that scale with the number of hosts in your Recovery SDDC.
Use vSphere tags to configure protection groups: You can now define which virtual machines should be members of a protection group based on their vSphere tags. When backing up, any virtual machines with the tags you specify are dynamically associated with the protection group and included in the snapshot.
Preserve vSphere tags on VMs upon Recovery: The recovery process now preserves tags on recovered VMs that were associated with those VMs on the original protected site. The tags and their associated categories must be pre-configured on the recovery SDDC for successful failover.
Data transfer optimizations for failback and VM restore: In situations where incremental data transfer based on snapshot data is not possible during a failback or VM restore operation, VMware Cloud DR now leverages the VM content that already exists on the restore destination to speed up the failback or VM restore.
Consistent handling of time zones in UI: All timestamps shown in the UI now display using the user’s browser time zone setting. Protection Group schedules are still based on the protected site’s time zone. When this time zone is different from the user’s browser time zone setting, the UI indicates the protected site's time zone for reference.
Show progress of Recovery SDDC deployment and snapshot replication: The UI now provides progress status for Recovery SDDC deployment and snapshot replication, listing all running and completed tasks associated with these operations.
Support for protected sites running vSphere 7.0: You can now protect virtual machines in sites running vSphere 7.0. Refer to the VMware Product Interoperability Matrix for the latest information on interoperability of VMware Cloud DR with other VMware solutions.
20 October 2020 - Introducing VMware Cloud Disaster Recovery
Protect your vSphere virtual machines (VMs) to the cloud and recover them to VMware Cloud on AWS using VMware Cloud Disaster Recovery. Based on the scale-out cloud file system technology developed at Datrium, VMware Cloud DR helps lower the cost of disaster recovery by storing backups in cloud storage, and allows you to pay for recovery host capacity only when you want to conduct a disaster recovery test or perform a recovery.
VMware Cloud on AWS makes rapid recovery at scale possible with its "live mount" capability, which enables fast power-on of the recovered VMs in VMware Cloud on AWS without a long data rehydration process. A fully-featured SaaS-simple disaster recovery orchestrator is built-in to minimize the need for manual effort during recovery. The service is tightly integrated with VMware Cloud on AWS for efficient recovery and a consistent operational experience without error-prone VM format conversions.
For more information, visit our blog and FAQ.
Features of VMware Cloud DR include:
Available in US West (Oregon), US East (N. Virginia), US East (Ohio), US West (N. California), Europe (London), Asia Pacific (Sydney), Canada (Central), Asia Pacific (Singapore), and Europe (Frankfurt).
Option to maintain a small, pre-provisioned "pilot light" SDDC to run foundational components and further speed recovery
Continuous disaster recovery health checks every 30 minutes for increased reliability
End-to-end and daily data integrity checks of backup copies
Deep history of immutable snapshots for recovery from ransomware attacks
Audit-ready, detailed disaster recovery reports
Delta-based failback
WHATS NEW
VMware vSphere Compatibility. For the latest version compatibility between VMware Cloud DR and on-premises VMware vSphere, see the VMware Product Interoperability Matrices.
DRaaS Connector VM Requirements. To deploy the DRaaS Connector VM, make sure that the vSphere site where you intend to deploy it has the following resources for the VM:
CPU: 8 GHz (reserved)
RAM: 12 GiB (reserved)
Disk: 100 GiB vDisk
Network connectivity: Between DRaaS Connector and vCenter Server and ESXi hosts, and between the DRaaS Connector and VMware Cloud Disaster Recovery
Browser support:
Windows: Google Chrome, Firefox, Windows Edge (latest versions)
MacOS: Google Chrome, Firefox (latest versions)
The following section lists current VMware Cloud DR caveats and limitations as of release date.
When protecting a VMware Cloud on AWS or VMware Cloud on AWS Outposts SDDC using VMware Cloud DR, the recovery SDDC and VMware Cloud DR deployment must be in the same CSP organization as the protected SDDC.
VMware Cloud DR cannot co-exist in the same Organization as a VMware Cloud on AWS SDDC with Faction Cloud Control Volumes.
Changing cluster names. If you change a cluster name on either your protected site or recovery SDDC, then any recovery plans referencing those vCenter clusters will be out of compliance and will not successfully failover or failback. To be compliant, ensure that cluster name in the plan matches both the source and destination cluster names.
VMware Cloud DR does not support organization level IP Allow List authentication policies. If IP “Allow Lists” are enabled in your organization, it might prevent you from configuring an API token in the VMware Cloud DR UI, or connecting the cloud file system to a Recovery SDDC. If your organization leverages the organization level IP Allow List feature, please contact support prior to deployment for assistance.
VMware Cloud DR does not support protecting VMs with a Virtual Trusted Platform Module or VMs with secure boot.
High-frequency snapshots are only supported on protected sites running vSphere 7.0 Update 3 or higher and protected SDDCs running version 1.16 or higher. For a full list of caveats and limitation for using high-frequency snapshots, see here.
VMware Cloud DR does not support using the additional Tier-1 Gateways created using multi-CGW capability for recovery.
You can add a recovery SDDC attached to VMware Cloud DR to an SDDC Group. However, you might fail to attach an existing SDDC to VMware Cloud DR that is already a member of SDDC Group.
Port 1759 no longer supported for the DRaaS Connector. The DRaaS Connector uses port 443 to connect to the Orchestrator. Previously, if the DRaaS connector was unable to connect to the Orchestrator using port 443, it reverted to port 1759 for the connection. Now, port 1759 can no longer be used for the DRaaS Connector. Ensure that your protected site firewall allows traffic on port 443 for the DRaaS Connector.
A VM that is being protected using VMware Site Recovery Manager either with array based replication or vSphere replication cannot be simultaneously be protected using VMware Cloud DR, and vice-versa.
Two host (i3 type) Recovery SDDC deployments are not supported with VMware Cloud SDDC version 1.15.
VMware Cloud DR does not currently support failing over VMs running Windows 11.
You can remove hosts from a Recovery SDDC as long as the number of hosts in your SDDC cluster remains above the 2-host minimum. You cannot scale down a 2-host Recovery SDDC. Ensure that you have sufficient capacity in your cluster to hold the workload VMs that will be evacuated from the hosts that you remove.
On-premises networks connected to the recovery SDDC over VPN or Direct Connect cannot overlap the VMware Cloud DR proxy network CIDR: 10.68.97.0/28.
Only iPv4 is supported for protection recovery plan IP address mapping. Depending on the VM OS:
Windows VMs can have an IPv6 address configured on the VM, but ONLY IPv4 addresses can be mapped in a recovery plan.
Linux VMs cannot have an IPv6 addresse configured on any network interface, or IP mapping will not be performed.
When adding an existing SDDC for recovery, the Recovery SDDC:
Must be on SDDC version 1.12 or higher.
Cannot have stretched clusters.
VMware Cloud DR does not support recovering VMs to VMware Cloud on AWS SDDC with NFS-mounted external datastores including Amazon FSx for NetApp datastores, Cloud Control Volumes or VMware Cloud Flex Storage.
Run VMs live on the cloud file system limitation: You cannot run two failover DR Plans at the same time that 1) both share some of the same VMs and 2) where both plans have storage migration set to 'Run VMs live on the cloud file system'. To avoid this, run one recovery plan at a time when you select this option.
VMware Cloud DR does not support the following:
VMs created by vSphere vApp(s)
Fault Tolerant VMs
Shared disks
VMs that use Integrated Drive Electronics (IDE) disks for storage
Independent disks and Raw Device Mappings (RDM)
For protected sites with more 10,000 VMs, you might experience some responsiveness issues with the VMware Cloud DR UI, such as slow loading of pages or windows when previewing protection group VM membership, creating and editing recovery plans, and during plan compliance checks.
VMware Cloud DR supports up to 2000 tags in a protected site vCenter inventory.
VMware Cloud DR does not create snapshots of VM templates. If you include a VM template in a protection group, it will not be included in snapshots.
VMs created from OVAs or OVFs containing ISO files are not supported if the ISO file is still attached. VMs created from OVAs or OVFs containing ISO files cannot be failed over with storage vMotion, unless the ISO file has been detached prior to taking the failover snapshot.
If your environment is running backup software that uses VMware APIs for Data Protection (VADP), then that software’s processes might conflict with VMware Cloud DR replication as follows:
If a VM snapshot is being replicated by VMware Cloud DR, and another backup solution (non-VMware Cloud DR) starts a backup of the same VM after VMware Cloud DR started replication, then the backup might fail if VMware Cloud DR finishes the replication of snapshot before the backup software finishes the backup.
If a VM is being backed up another backup solution, and VMware Cloud DR starts a snapshot of the same VM after the other backup software started the backup, then the VMware Cloud DR snapshot might fail if the backup software finishes the backup before VMware Cloud DR finishes replication of the snapshot. In this case, even though the VMware Cloud DR VM snapshot failed, the next scheduled snapshot will resume from where it failed.
VMware Cloud DR does not support an internet proxy server between the DRaaS Connector and the cloud.
Protection groups queries based on vSphere tags are not supported on protected sites running vSphere 6.0. This means that if your protected site is running vSphere 6.0, you cannot create a tag query.
Protection group snapshots do not support replication of encrypted VMs.
If you are using the guest file recovery feature with Linux VMs, EXT3 and EXT4 are the only supported file systems for guest file download. Disks managed with Logical volume manager are not supported for guest file download and recovery.
To ensure the health and availability of the VMware Cloud DR Service Offering, do not change the following SDDC settings. Changing any of these settings could interfere with and potentially disrupt the delivery and functioning of the service.
Do not change SDDC default firewall rules. Changing the SDDC firewall could interrupt access from the SDDC to the SCFS or Orchestrator components. By default, when your SDDC is deployed its network will contain a set of pre-configured firewall rules which begin with the "CloudDR-SystemRule-" prefix. These firewall rules should not be deleted. SDDC Firewall rules with this prefix cannot be edited or deleted in the VMware Cloud DR UI, but these rules can be edited and deleted in the VMware Cloud on AWS console UI. So, do not change or delete any of these SDDC firewall rules.
Do not rename your SDDC once you have deployed it.
Do not change network configuration on the proxy VM.
If you have enabled an authentication policy for your VMware Cloud organization, to either block or allow specific IP addresses, make sure that you do not accidentally block or disallow the VMware Cloud DR Orchestrator and cloud file system IP addresses. To find these IP addresses, see Service Public IP Addresses.
VMware Cloud DR can provide disaster recovery protection for VMs that run on Virtual Desktop Infrastructure (VDI), as well as the other types of software needed to enable the virtual technologies (e.g., Active Directory, connection servers, etc.). In this release, the following are not supported for VDI:
AppVolumes Writable Volumes
Modifying AppVolumes AppStacks once failed over
Modifying the Horizon Golden Master image once failed over.
Resolved issues on 22 September ("FIXED") and 17 July ("Fixed:") 2023.
FIXED Cloud file system couldnt authenticate with vCenter after failover
In one customer environment, after a failover, the cloud file system lost connectivity with a protected site vCenter. This has been fixed.
FIXED High availability issues after service upgrade
After a recent software upgrade, some customers were experiencing high availability issues. This has been fixed.
FIXED Slow snapshot operations taking a long time
In one customer environment, snapshot tasks were taking a long time to complete due to low bandwidth on the customer network environment. This has been fixed.
FIXED Unable to create or edit recovery plans when no recovery SDDC is available
Previously, when a source protected site was not reachable, a customer could not create or edit recovery plans that referenced that site. This has been fixed, and you can now able to create and edit recovery plans for failover, even if the source protected site is not reachable on the network.
FIXED Failure attaching a recovery SDDC
When trying to attach an existing SDDC for recovery, the operation failed with an error stating that there is no SDDC available, even though a cloud file system was deployed successfully in the same region as the SDDC. This has been fixed.
FIXED Failback operation failure with internal error
In one user environment, running a failback operation failed with an internal error for multiple VMs in a recovery plan. This has been fixed.
FIXED DRaaS Connector deployment failed on Photon OS
DRaaS Connector deployment failed on Photon OS due to some Docker networking issue (docker bridge network 172.17.0.0 in their DNS network). This has been fixed.
FIXED Automatic firewall configuration fails on a protected VMware Cloud on AWS SDDC that has no default network created.
Previously, when setting up a protected site for a VMware Cloud on AWS SDDC, and chose to have network firewall rules created automatically, it was possible that the SDDC did not have a default network created yet, which caused the protected site set up to fail. This has been fixed.
FIXED Conflicts if using 172.17.0.1/16 address range
VMware Cloud Services uses 172.17.0.1/16 for its Docker Engine default bridge network. Previously, if your protected site networking environment used this IP address range, you could have had issues connecting to vCenter and ESXi, and potentially fail to register the DRaaS Connector. This has been fixed.
Fixed: Number of VMs that can concurrently have their IP address customized during failover
Previously, the maximum number of VMs that could concurrently have their IP addresses changed during failover operations was only 2. Now, up to 18 VMs can concurrently have their IP addresses changed during failover.
Fixed: Non-incremental restore required when performing multiple recovery operations on same VM
Previously, when you performed a failback from a snapshot (or a single VM restore), and then performed a subsequent failback from a snapshot that existed at time of the first failback, VMware Cloud DR required a longer, non-incremental restore to complete the failback. This has been fixed and the non-incremental restore is no longer required in this scenario.
Fixed: Direct Connect AZ Limitation
Previously, Direct Connect was only supported for protected sites which are using a cloud file system that resides in the same Availability Zone (AZ) where the VMware Cloud DR Orchestrator is deployed. This has been fixed and now you can use Direct Connect for protectes sites that reside in a different AWS region than where VMware Cloud DR is deployed.
Fixed: Multiple snapshots missing VMs
In one environment, some snapshots were missing VMs, due to a ESXi host being disconnected and unreachable, preventing successful snapshot replication for some VMs. This has been fixed.
Fixed: Compliance check warnings about VM tags not defined in protection group
Some users were seeing a recovery plan compliance check warning when some protected VMs had tags that are not part of the protection group tag query. This check has been removed.
Fixed: User unable to change network isolation during ransomware recovery
When a customer tried to run a recovery plan for ransomware without integrated analysis enabled, they were unable to change network isolation levels. This has been fixed.
Fixed: Snapshot job failures
Some snapshot jobs were failing with a "VDDKInteral Error: VM endAccess failed VixDiskLib_EndAccess failed. Internal error: Unknown error [1]". This has been fixed.
Fixed: Snapshot job queue backed up
In one situation, snapshot jobs were backing up and being delayed due to duplicate VMs belonging to multiple protection groups. This has been fixed.
Fixed: DRaaS Connector health switched from Good to Critical several times
In one protected site, the DRaaS Connector health was switching back and forth between Good and Critical. This was due to some DNS servers that were unreachable, so the health check had to wait for a long time for the request to timeout, causing the issue. This has been fixed.
Fixed: Failed snapshot job
In on environment, a snapshot job failed due to DNS issues on the customer protected site. This has been fixed.
Fixed: Recovery SDDC deletion failure
In one situation, a user was unable to delete a recovery SDDC. This has been fixed.
Fixed: Compliance check failure
In one customer environment, recovery plan compliance checks were failing due to an unresponsive backend service. This has been fixed.
Fixed: Failure to delete recovery SDDC
In one situation, a user tried to delete an SDDC but the operation failed. The user was then unable to delete an attached datastore because they could not unmount it from the SDDC. This has been fixed.
Fixed: Failure to attach an existing SDDC for recovery
In one user instance, VMware Cloud DR failed to add an existing SDDC for recovery due to some overlapping network segments with stale firewall rules on VMware Cloud. This has been fixed.
Fixed: VMs still appeared after deleting a protection group
In one situation, when a user deleted a protection group, the VMs still appeared in the UI under the VMs list. This has been fixed.
Fixed: Compliance check failure
Compliance check was failing for one recovery plan due to the timeout of a backend process. This has been fixed.
Fixed: Unable to deploy a recovery SDDC
Unable to deploy recovery SDDC due to a failure to get a list of connected AWS accounts in the UI. This only happened if there were many of AWS accounts connected to the organization. This has been fixed.
Fixed: Ransomware recovery failed when network isolation level did not create successfully
While running a recvoery plan for ransomware recovery, the network isolation level specified in the plan failed to get created by the system, causing the plan to fail. This has been fixed.
Fixed: Error when multiple users sent support bundles at the same time
An unknown error occurred when multiple users sent support bundles simultaneously. This has been fixed.
Fixed: Recovery plan incorrectly marked with critical health compliance check
In one situation, VMware Cloud DR failed to schedule the next check of the health monitor, so the health of a recovery plan was changed to critical. This has been fixed.
Fixed: API token expiration message hidden
Previously, an API token expiration was not easy to find under the Monitoring → Events tab. Now, an API Token Expiration notification is part of the SLA Status page.
Fixed: Cloud file system filling up caused connector download failure
In some situations, the cloud file system was filling up due to unused software images, causing the DRaaS Connector download to fail. This has been fixed.
Fixed: Degraded disk read performance for some VM workloads
On an earlier version of VMware Cloud DR, some Windows workloads showed degraded disk read performance. This has been fixed.
Fixed: Double billing error
Double billing occurred when the billing file was overwritten as background processes were reset on upgrades. This has been fixed.
Fixed: API token registration failed
An API Token could not be registered due to changes in the Organization name used for the deployment. This has been fixed.
Fixed: First rime ingest while running recovery plan failed after 12 hours
Running a test recovery plan on a first time ingest failed after 12 hours. This has been fixed.
Fixed: Failure to display protection group list
Previously, the VMware Cloud DR UI failed to display a recovery plan's protection groups list, taking longer than usual to retrieve the information. This has been fixed.
NEW Failure to attach tags on some VMs during recovery
In some circumstances, VMware Cloud DR may fail to attach tags to a subset of recovered VMs. If the tags are already attached to the VMs on the protected site before failback is performed, these tags will NOT be deleted.
Workaround: The missing tags will need to manually be attached to the VMs.
NEW Using app-info collection with VMware Tools causing replication failures
If you have enabled guest OS app-info collection using VMware Tools, this can result in app-info data getting stored in the VMX file, causing it to grow to a size >55KB. Because VMware CLoud DR does not allow backup of VMX files that are >55KB, snapshot replication can fail.
Workaround: Disable app-info collection in VMware Tools.
NEW Failback failure for multiple VMs being protected by high-frequency snapshots
During failback, multiple VMs with high-frequency snapshots failed during VM recovery on the protected site, which caused VM failback to fail. Error message displayed: fairly characteristic error would be this:
"Failed to restore VM ([vsan-datastore] XxXxXx-32xx-15b1-1xxx-ecfx4xxxbd2ec/win10-36.vmx) (win10-36): VM restore failed. Internal error: DPS no-op sync failed"
This was caused by exceeding the limit of 100 VMs being protected by high-frequency snapshots on a protected site.
Workaround: Do not exceed the limit of protecting more than 100 VMs per host with high-frequency snapshots. For more information, see the VMware Cloud DR Configuration Maximums.
NEW For high-frequency snapshots, unable to vMotion VMs to different cluster and storage
If you have a protection group taking high-frequency snapshots on a protected SDDC running vSphere with Distributed Resource Scheduler (DRS), and then you attempt to Cross-vCenter vMotion one of those VMs to another cluster with DRS, the operation might not complete.
Workaround: Either detach the high-frequency snapshot from the VM before you attempt to Cross-vCenter vMotion, or Cross-vCenter vMotion the VM to a specific host in the cluster (rather than just the cluster).
NEW After being upgraded to the VMware Cloud DR July release, DRaaS Connector deployment fails
For existing users, after being upgraded to the July release, deploying the DRaaS Connector failed with the following error: "Failed to deploy OVF package. ThrowableProxy.cause A general system error occurred: Transfer failed.
Workaround:
Download the DRaaS Connector OVA to your local site using something such as:
wget https://vcdr-xx-xxx-xxx-xx.app.vcdr.vmware.com:443/protect/vmware-cloud-connector.ova
Then, from the location where the OVA was downloaded, deploy the OVF in vCenter selecting the 'local file' option.
NEW VMware Cloud DR subscription prices not showing discounted rate.
When creating a subscription for VMware Cloud Disaster Recovery in the Global DR Console, the prices and total amount being shown while creating the subscription do not represent any discounts that have been applied to the subscription. This issue only affects the display of the subscription prices, and when the purchase is completed and invoiced, the correct discounted rate is applied.
NEW Snapshot storage optimization sometimes results in higher capacity usage on the cloud file system
In some situations, the way VMware Cloud DR optimizes snapshot storage can sometimes result in higher capacity usage on the cloud file system.
Minor issues when using VMware Ransomware Recovery on the VMware Cloud Partner Navigator program
If you are using VMware Ransomware Recovery on the VMware Cloud Partner Navigator, you will not see the Carbon Black Cloud service tile in your organization, and you are not able to launch the Carbon Black Cloud security console from the VMware Cloud DR UI. However, while threat alert investigation is not possible in the security console, detailed threat information is available in the VMware Cloud DR UI.
VMware Cloud DR Region selector incorrectly allows users to switch to a VMware Cloud Flex Storage region (if both services are in the same organization)
For VMware Cloud organizations that have both VMware Cloud DR and VMware Cloud Flex Storage deployed, the VMware Cloud DR recovery region switcher incorrectly shows regions where VMware Cloud Flex Storage is deployed. If you attempt to switch a VMware Cloud DR recovery region to a VMware Cloud Flex Storage storage region, it fails.
Workaround: Do not switch VMware Cloud DR region to a VMware Cloud Flex Storage region.
Performing repeated failback operations with the same snapshot triggers a non-incremental, full restore
When you use the same snapshot for repeated failback or restore operations, it can trigger a longer, non-incremental restore. This issue occurs with both high-frequency snapshots (HFS) and standard-frequency snapshots (SFS). A full restore transfers the entirety of the VM contents from cloud snapshots, while an incremental restore only transfers the blocks which are different from the target snapshot. Incremental restore is more rapid, and preferred where possible, but some scenarios make a full restore required.
Workaround: For information on how to avoid this situation, see here.
Running a recovery plan might hang in the rare instance that it conflicts with a background space reclamation process.
In some rare cases, running a recovery plan might stall during the initial 'prepare cloud storage resources' stage, if this process occurs at the same time as a background space reclamation processes. If you notice that running a recovery plan (either failover or failback) stalls in the first step, and if you notice that the cloud file system shows red in the Topology map, this means it is likely the plan has stalled and should be stopped.
Workaround: Stop the recovery plan and try running it again.
OAuth app limit can prevent DRaaS Connector deployment
Each time you deploy a DRaaS Connector, VMware Cloud DR also adds a VMware Cloud DR OAuth app to your organization. Over time, your organization might reach its 200 maximum limit of OAuth apps, which can cause connector deployment to fail.
Workaround: Delete older VCDR OAuth apps. You can delete all VMware Cloud OAuth apps except the most recent one.
VMware Cloud Services "Global Console Admin" user role is not applied to the Managed Service Provider (MSP) user.
The VMware Cloud Services user role named "Global Console Admin", which is needed to view and create subscriptions, is currently not applied to the MSP user. However, the "Global Console Admin" role can be applied to the MSP tenant user, so that the MSP tenant user can view and create subscriptions.
VMware Cloud DR might send benign 'Host cannot perform I/O' events
VMware Cloud DR might infrequently send benign 'Host cannot perform I/O' events when there are no workloads running on the VMware Cloud cloud file system. These messages can be ignored. In a future release, we will suppress these events.
NEW Multi-region deployments of VMware Cloud Disaster Recovery currently do not support Security and Compliance Access lists and guest file recovery
If you have a multi-region deployment, Security and Compliance Access lists and guest file recovery will work for the first recovery region you activate, but these features will not work in any subsequently deployed regions.
Failback failed with error "unable to locate VM Configuration information"
In some cases a failback operation failed due to some of the VMs being in an invalid state.
Workaround: Open vCenter on the Recovery SDDC and fix VMs that are in an invalid state. Then, retry the failback operation. A VM can be invalid due to several reasons, such as removed data store, a missing or corrupted VMX file, or other reason. As a last resort, you can delete and rebuild the VM.
Multi-factor Authentication (MFA) for API tokens not supported with VMware Cloud DR
Currently, you cannot enable MFA in your organization, and you should not generate a VMware Cloud Services API token if MFA is enabled. This limitation applies only to MFA for API tokens (My account > API Tokens), and does not apply to your organization authentication policy (Organization > Authentication Policy > Multi-Factor Authentication) or your VMware Cloud user account (My account > Security).
Workaround: Do not enable MFA for API tokens in your VMware Cloud DR organization.
Protection group size displays incorrectly after failback
Protection group size might display inaccurately immediately after a failback, until the next snapshot for that protection group is taken.
Default Windows ZIP utility not unpacking guest file restore downloads
if you perform a restore guest file operation using the Windows default zip utility (from the Windows File Explorer), the downloaded ZIP file downloaded does not contain any content. This issue only applies to the Windows OS default system unzip utility.
Workaround: Use 7ZIP or WinRAR utility on Windows systems for guest file restore operations.
Benign replication errors on protected site vCenter
During some snapshot replication jobs, vCenter on the protected site might display errors or failures related to replication, but there is actually nothing wrong with the replication. For example, you might see errors with "LWD" in the name, such as "Perform LWD-based snapshot sync | Cannot complete the operation. See the event log for details. Failed to transport." even thought the job completed successfully in VMware Cloud DR.
Workaround: It is safe to ignore such errors in the vCenter UI. As a best practice, you should use the VMware Cloud DR UI to view replication-related errors, rather than the vCenter UI.
When an ESXI host in maintenance mode, it can interfere with high-frequency snapshots and VM recovery
For vCenter clusters enabled for high-frequency snapshots, if the ESXi hosts in the cluster are in maintenance mode, it is possible that snapshot replication and failover/restore operations could fail.
Workround: Before you begin snapshot replication and perform any failover or restore operations in a high-frequency snapshot cluster, move any VMs that running on hosts in maintenance mode out of the protected site vCenter cluster. These VMs can be moved back into the cluster when the hosts are out of maintenance mode.
Global Console notifications not listed in chronological order
In the Global Console, when a user clicks on the small bell icon in the upper right of the UI, the list of notifications are not always ordered chronologically.
High-frequency snapshot task terminated due to vMotion issue
In some cases during a high-frequency snapshot backup operation, when a vMotion is also in progress, the backup may be terminated. In this situation, the vMotion operation leaves the VM in an Invalid State.
Workaround: If this occurs, unregister the VM from the ESXi host and re-register it.
DRaaS Connector cannot reach vCenter/ESXi on 172.17.x.x
The DRaaS Connector cannot reach vCenter or ESXi hosts on private customer networks on subnet 172.17.x.x. For example, if the protected site vCenter IP address is 172.17.10.10, the DRaaS Connector cannot connect to it.
Workaround: Contact VMware Support if you need the DRaaS Connector to connect to a private network within this address.
Delete Recovery SDDC Error
In some instances when a user deletes a Recovery SDDC, an error sometimes displays, even if the deletion was successful.
Workaround: If you see this behavior, please contact VMware support to confirm that the Recovery SDDC was deleted successfully.
DRaaS Connector offline and inoperable after being powered off more than two weeks
If you power off a DRaaS Connector for more than 2 weeks, it will show as offline and potentially stop functioning.
Workaround: If your DRaaS Connector is powered off more than two weeks, shows as offline and is not usable, contact VMware support for assistance, or deploy a new connector.
Two-host Recovery SDDC deployments not supported with VMware Cloud SDDC software version 1.15
You cannot deploy a 2-host Recovery SDDC for a VMware Cloud SDDC running software version 1.15.
vSphere warning during DRaaS Connector deployment
When deploying the DRaaS Connector as an OVA in the vSphere client, vSphere will display an error stating that the connector OVA contains advanced configuration options and warns the user to proceed with caution. The mentioned advanced configuration is used by VMware Cloud DR to distinguish Connector VMs from customer VMs.
Workaround: You can ignore this message and safely deploy the DRaaS Connector in your vSphere environment.
A VM with tags belonging to a protection group that uses only name or folder queries will not retain tag information after failover, and no compliance check is flagged
If a VM with tags is backed up in a protection group using either a name pattern or folder membership query (but no tag query), the DR Plan compliance checks does not warn if the tags on the VM exist on the Recovery SDDC. When failover occurs, the VM will be recovered, but tag information will not be applied, and the tag will no longer exist on the VM.
Workaround: You can make sure that the tags on the VM exist on the Recovery SDDC, or make sure the protection group also uses a tag query that matches the tag on the VM.
Re-adding a removed DRaaS Connector not supported
If you remove a DRaaS Connector from a protected site, you cannot re-add the connector to a different protected site.
Workaround: If you remove a DRaaS Connector from a protected site, re-deploy a new DRaaS Connector to replace it.
Failover in a large scale environment failed with errors during VM power-on
In some cases, a DR Plan failover was failing during recovery or while recovered VMs were being powered-on.
Workaround: Retry the failover operation.
Unable to set default data store for failback DR Plan when a mapped host is not part of a cluster
If a mapped compute resource (such as a host) in a failback DR Plan is not part of a cluster on an on-premies failback site, the default datastore cannot be mapped in the plan. Because the VMs in the plan have nowhere to fail back to, compliance checks will flag that the default datastore cannot be set, and when the plan is run it will display an error and fail to restore the VMs in the plan.
Workaround: Create a new cluster on the on-premises protected site (if one doesn't exist) and then add the host to the cluster. Then you can edit the plan and map the default datastore for the failback plan.
Some special characters not supported in vSphere inventory object names
VMware Cloud Disaster Recovery does not support the following special characters in vSphere inventory object names (such as VMs, VM templates, hosts, clusters, networks, datastores):
{ } [ ] \ % @ "
Curly brackets, square brackets, backslash, percentage symbol, at symbol, and double quotation marks are not supported.
For example, if you use any of these special characters in VM names, the VM will not be included in any protection group snapshots.
Workaround: Do not use these special characters in your vSphere object inventory names.
VMs created on virtual hardware version 20 not supported
VMs created on virtual hardware version 20 are not supported for failover or failback.
Workaround: Ensure that your VMs are running virtual hardware version 19 or earlier.
After failover to the VMware Cloud on AWS SDDC, do not deactivate change block tracking (CBT) on any VMs in the VMware Cloud on AWS SDDC
Changing CBT on VMs in your SDDC prevents the VM from being failed back in a timely manner with VMware Cloud Disaster Recovery. Reverting to a VMware VM snapshot in the VMware Cloud on AWS SDDC causes CBT to reset, resulting in drastically slower failback (go to https://kb.vmware.com/s/article/71155 for more information).
Workaround: Do not revert to a VMware VM snapshot in the VMware Cloud on AWS SDDC, and do not change CBT settings for any VMs.
Protection groups with empty folders must be mapped properly in a DR Plan, or a failover will fail
If one of the folders is empty when a snapshot of a protection group is taken, you must explicitly map that empty folder to a failover target in a DR Plan, or else that plan fails to complete during a failover.
Failover terminated after membership change leaves protection group in bad state
During failover of a DR Plan, the folder membership and vCenter Server membership of the protection group are changed, and if a user terminates the DR plan failover after the membership change, the protection group is put into a bad state, rendering it unable to be edited or fixed.
Workaround: If this occurs in your environment, contact VMware Support to correct the protection group membership.
