To provide compute, storage and networking resources to protected workloads in the event of a ransomware recovery, you deploy and configure a VMware Cloud on AWS recovery SDDC. To provide access to the vCenter Server of the recovery SDDC, configure firewall rules.
Deploy the Recovery SDDC for Cloud-Based Ransomware Recovery for VMware Cloud Foundation
To provide target compute, storage and networking resources, you deploy a VMware Cloud on AWS recovery SDDC.
Procedure
- Log in to the VMware Cloud Services console at https://console.cloud.vmware.com/ with a user assigned the VMware Cloud on AWS Administrator and VMware Cloud on AWS NSX Cloud Admin roles.
- On the Services page, locate the VMware Cloud on AWS tile and click Launch service.
In the left pane, click Inventory.
On the Inventory page, click Add deployment and select VMware Cloud on AWS.
-
In the SDDC Properties section, configure the following settings, configure the remaining settings according to your VMware Cloud Foundation Planning and Preparation Workbook, and click Next.
Setting
Value
Cloud
AWS
Deployment
Multi-Host
In the AWS account section, click Next.
In the VPC and subnet section, configure the settings according to your VMware Cloud Foundation Planning and Preparation Workbook, and click Next.
In the Configure network section, configure the settings according to your VMware Cloud Foundation Planning and Preparation Workbook, and click Next.
In the Review and acknowledge section, select the two check boxes and click Deploy SDDC.
Configure vCenter Server Access to the Recovery SDDC for Cloud-Based Ransomware Recovery for VMware Cloud Foundation
To allow access to the vCenter Server over the internet, you configure firewall rules on the management gateway of the VMware Cloud on AWS recovery SDDC.
Procedure
- Log in to the VMware Cloud Services console at https://console.cloud.vmware.com/ with a user assigned the VMware Cloud on AWS Administrator and VMware Cloud on AWS NSX Cloud Admin roles.
- On the Services page, locate the VMware Cloud on AWS tile and click Launch service.
In the left pane, click Inventory.
In the Recovery-sddc tile, click View details.
On the Recovery-sddc page, click Open NSX Manager.
In the Open NSX Manager dialog box, click Access via the internet.
Note:If the NSX Manager UI does not open, verify you do not have a pop-up blocker, preventing the window from opening.
On the NSX page, click the Security tab.
In the left pane, click Gateway firewall.
Add a rule for inbound access to vCenter Server.
On the Gateway firewall page, click the Management gateway tab and click Add rule.
In the new rule Name field, enter vCenter Inbound Rule.
In the Sources field, click Edit.
In the Set source dialog box, select User defined group, click Add group, configure the settings according to your VMware Cloud Foundation Planning and Preparation Workbook, and click Save.
Click Apply.
In the Destinations field, click Edit.
In the Set destination dialog box, select vCenter and click Apply.
In the Services field, select HTTPS (TCP 443) and SSO (TCP 7444).
Click Publish.
Add an IP Address to the user defined group.
In a web browser, navigate to https://www.whatismyip.com and make a note of your IP address.
In the vCenter Inbound Rule row of the new rule created in Step 9, in the Sources field, click Edit.
In the Set source dialog box, click the ellipsis next to External access, click Edit, and click Set.
In the Set members | External-access dialog box, enter your IP address, press Enter, and click Apply.
Click Save and click Apply.