A VMware Live Cyber Recovery protected site encompasses vCenter Servers, protection groups, and recovery plans.

To set up a VMware Live Cyber Recovery protected site, you create the site and then deploy the Cyber Recovery connector as a virtual machine into your vSphere environment, either for an on-premises site or a VMware Cloud on AWS SDDC.
Note: Each protected site's vCenter management IP address must be unique to each VMware Live Cyber Recovery Orchestrator in a recovery region. For example, if you have two vCenters that share the same management IP address of 192.0.2.1 in a single recovery region, you can only protect one of those vCenters in that region.
After you set up a protected site, you create protection groups to replicate snapshots to a cloud file system. In the case of a disaster, you can then use available snapshots from the cloud file system to recover protected VMs into your recovery SDDC using recovery plans. Once the protected site is restored, you can initiate a failback.
Note: When protecting an SDDC using VMware Live Cyber Recovery, the recovery SDDC and VMware Live Cyber Recovery deployment must be in the same CSP organization as the protected SDDC.

In order to protect an SDDC, you need to ensure that VMware Live Cyber Recovery can access VMware Cloud on AWS. For more information, see Authorize Access for VMware Live Cyber Recovery.

The Cyber Recovery connector architecture shows how the connector connects to you protected site vCenter.

Dimensions of a Protected Site

A VMware Live Cyber Recovery protected site includes vCenter Servers, protection groups, and recovery plans.

A protection site is a logical construct consisting of vCenters, protection groups, and recovery plans.

Note: For more information about VMware Live Cyber Recovery configuration limits, visit the VMware Configuration Maximums tool.

Protected Site Setup Considerations

Consider the following suggestions when deploying the Cyber Recovery connector on your protected site.
Note: These suggestions are not operational scale limits.
  • Deploy one Cyber Recovery connector for every 250 VMs total in the protected site’s vCenter Server inventory, counting all VMs in vCenter Server, protected or not. If you have 1000 VMs, you do not have to deploy more than four Cyber Recovery connectors (although there is no harm in deploying additional Cyber Recovery connectors). You can add connectors as needed. You need not commit to a particular number of connectors up front.
  • Deploy only one Cyber Recovery connector on a single host.
  • Deploy at least two connectors per-protected site, for redundancy. VMware Live Cyber Recovery handles connector redundancy automatically. You do not need to register vCenter for additional connectors on the same protected site.
  • Sites with more than 10,000 VMs might exhibit some responsiveness issues with the VMware Live Cyber Recovery UI, such as slow loading of pages or windows when previewing protection group VM membership, creating and editing recovery plans, and during plan compliance checking.
  • VMware Live Cyber Recovery supports protecting up to 6000 VMs on a site with a single vCenter Server. To protect up to 6000 VMs in a single vCenter Server, you need four separate protected sites, each with its own cloud file system (four cloud file systems).

Protected SDDC Network Considerations

Before you set up a protected site for an SDDC, you must create the SDDC and have a network segment already configured for it.

Follow these guidelines when configuring a network segment for the Cyber Recovery connector on the protected site:
  • If you are using DHCP for the Cyber Recovery connector VM, when configuring DHCP from the VMC Console, leave the DNS value empty. Leaving this value empty allows the network to use the default DNS server for the SDDC.
  • If you are using a static IP address for the Cyber Recovery connector VM, log in to the VMC Console and on the Networking & Security tab for your SDDC, you can use the DNS service Compute Gateway IP address for the connector VM.
  • When setting up the protected site, decide whether you want VMware Live Cyber Recovery to create the Cyber Recovery connector firewall rules, or if you want to create the firewall rules yourself (manually). For more information, see Cyber Recovery Connector Firewall Rules for a Protected SDDC.

Private Connections for a Protected Site

You can set up private network connections for fast, secure connections between VMware Live Cyber Recovery and your protected sites.

For VMware Cloud on AWS protected SDDCs (for existing users prior to July 2024), VMware Transit Connect™ can provide high-bandwidth, low-latency connections between your protected SDDCs and VMware Live Cyber Recovery. For more information, see Configure VMware Transit Connect Private Connection.

For on-premises protected sites (for all users), you can use AWS Direct Connect to establish a dedicated network connection between your on premises data center and AWS services. With this connection, you can create public virtual interfaces (VIFs) that give you direct access to all public AWS IP addresses, including VMware Live Cyber Recovery components.

For more information, see Setting Up Private Connections.