The Cyber Recovery connector has several system and network requirements you need to be aware of before you deploy one.
vSphere and VMware Cloud on AWS Compatibility
For the most current information on vSphere and VMware Cloud on AWS compatibility with the service, see the VMware Product Interoperability Matrix.
For configuration limits of the service, see VMware Live Cyber Recovery Configuration Maximums.
Cyber Recovery connector System Requirements
To deploy the
Cyber Recovery connector virtual appliance, make sure that the vSphere host where you deploy it has the following available resources.
| Site Resources | Value |
|---|---|
| VMware vCenter Server | See the VMware Product Interoperability Matrix for the latest supported versions. |
| CPU | 8 GHz (reserved) |
| RAM | 12 GiB (reserved) |
| Disk | 100 GiB virtual disk |
| Network connectivity | Required |
VMware Live Cyber Recovery strongly recommends that you configure NTP on all hosts in the cluster where you plan to deploy the Cyber Recovery connector. For more information, see Configuring Network Time Protocol (NTP) on an ESXi host using the vSphere Client.
Note:
VMware Live Cyber Recovery does not support an internet proxy server between the
Cyber Recovery connector and the cloud.
Note: If the
Cyber Recovery connector becomes unregistered, delete the virtual appliance and re-deploy it using the OVF file. Do not use the
vCenter Server datastore browser to register the connector.
Cyber Recovery connector Deployment Considerations
Consider the following suggestions when deploying the
Cyber Recovery connector on your protected site.
Note: These suggestions are not operational scale limits.
- Deploy one Cyber Recovery connector for every 250 VMs total in the protected site’s vCenter Server inventory, counting all VMs in vCenter Server, protected or not. If you have 1000 VMs, you do not have to deploy more than four Cyber Recovery connectors (although there is no harm in deploying additional Cyber Recovery connectors). You can add connectors as needed. You need not commit to a particular number of connectors up front.
- Deploy only one Cyber Recovery connector on a single host.
- Deploy at least two connectors per-protected site, for redundancy. VMware Live Cyber Recovery handles connector redundancy automatically. You do not need to register vCenter for additional connectors on the same protected site.
- Sites with more than 10,000 VMs might exhibit some responsiveness issues with the VMware Live Cyber Recovery UI, such as slow loading of pages or windows when previewing protection group VM membership, creating and editing recovery plans, and during plan compliance checking.
- VMware Live Cyber Recovery supports protecting up to 6000 VMs on a site with a single vCenter Server. To protect up to 6000 VMs in a single vCenter Server, you need four separate protected sites, each with its own cloud file system (four cloud file systems).
Cyber Recovery connector Networking Requirements
The
Cyber Recovery connector requires the following open outbound ports listed in the diagram in your network to allow connector traffic. See
Service Public IP Addresses for how to find the public IP addresses of the
Orchestrator and the cloud file system.
Note: The DRaaS Connector uses port 443 to connect to the Orchestrator. Previously, if the DRaaS connector was unable to connect to the Orchestrator using port 443, it reverted to port 1759 for the connection. Now, port 1759 can no longer be used for the DRaaS Connector. Ensure that your protected site firewall allows traffic on port 443 for the DRaaS Connector.
| Protocol | Port | Source | Destination | Service Description | Classification |
|---|---|---|---|---|---|
| Protected site | |||||
| TCP | 443 | Cyber Recovery connector | vCenter Server (on-premises site or SDDC) |
vCenter Server web service | Outbound |
| TCP | 80 | Cyber Recovery connector | vCenter Server (on-premises site only) |
vCenter Server web service | Outbound |
| TCP | 902 | Cyber Recovery connector | ESXi Management IP address (on-premises site only) |
Reading/writing vdisks | Outbound |
| TCP | 1492 | ESXi hosts | Cyber Recovery connector (For on-premises sites. For VMware Cloud on AWS SDDCs, this outbound rule for ESXi hosts is already configured.) |
For high-frequency snapshots, reading/writing vdisks. | Inbound |
| VMware Live Cyber Recovery Components | |||||
| TCP | 443 | Cyber Recovery connector | Cloud file system |
Encrypted tunnel for data transfers and metadata operations | Outbound |
| TCP | 443 | Cyber Recovery connector | Orchestrator | Management service | Outbound |
| TCP | 443 | Cyber Recovery connector | VMware auto-support server | Support service | Outbound |
