To control access to VMware Cloud DR components, you can configure access lists.

Configuring access lists allows you to:
  • Control access from the DRaaS Connector to the cloud file system and the Orchestrator.
  • Control which users can access the VMware Cloud DR UI, including users who want to recover virtual machine guest files and download them.
  • Harden your VMware Cloud DR environment for PCI DSS compliance.

Once you enable this setting, only IP addresses or IP address ranges added here can access the service.

Access Lists

There are two access lists you can configure:
Access List Description
Connector access list
Specify the public IP addresses and/or IP address ranges for all DRaaS Connectors that can access the Orchestrator and a cloud file system.
Note: Do not enter private IP addresses that are behind a NAT gateway.
Management access list
Specify the public IP addresses and/or IP address ranges for all users you want to allow access to the VMware Cloud DR UI.
Note: Do not enter private IP addresses that are behind a NAT gateway.

Configure Access to VMware Cloud DR

You can configure access lists to only allow specific IP addresses to access VMware Cloud DR components and UI.

Before you enable this setting, make sure that you compile a list of all allowed IP addresses or IP address ranges of all deployed DRaaS Connectors and all IP addresses to add to the lists. Once you enable this setting, only IP addresses or IP address ranges added here can access the service.

Note: Do not enter private IP addresses that are behind a NAT gateway.
Configure Access.
  1. From the left navigation, select Settings.
  2. Click the Security and compliance button.
  3. In the Security and compliance dialog box, select the Use access list option.
  4. Under Connector access list, enter the public IP addresses and/or IP address ranges for all DRaaS ConnectorDRaaS Connectors.

    When you deploy a new DRaaS Connector, or if you already have DRaaS Connector deployed, add the IP addresses here. If you do not know the IP addresses of existing DRaaS Connectors, enter one IP address in the list and the dialog box displays all deployed connectors and their IP addresses at the bottom.IP addresses in the connector access list can also access the VMware Cloud DR UI.

  5. Next, specify the public IP addresses / IP address ranges of all computers that you want to access to the VMware Cloud DR (sometimes called VCDR) UI.

    For example, to allow a specific user's computer to download a VM guest file, enter the user's computer IP address here.

    Security and compliance dialog box with access lists

  6. Click OK.