Deployment Specification for Cloud-Based Ransomware Recovery for VMware Cloud Foundation

The deployment specification details the design decisions covering physical design, sizing, and high availability for the VMware Live Cyber Recovery Connector appliances in the protected VMware Cloud Foundation instance.

VMware Live Cyber Recovery Connector Appliance

The VMware Live Cyber Recovery Connector appliance connects the VMware Live Cyber Recovery service to on-premises data centers. The connector is distributed as a virtual appliance in the Open Virtualization Format (OVF) standard.

A VMware Live Cyber Recovery Connector appliance is required in the protected VMware Cloud Foundation instance to manage the replication and synchronization of data between the VMware Cloud Foundation instance and the Cloud File System to enable recovery of business workloads in the event of a ransomware attack. You deploy the VMware Live Cyber Recovery Connector appliance in the management domain.

Note:

Depending on the number of virtual machines you protect, you might need to deploy multiple VMware Live Cyber Recovery Connector appliances to your VMware Cloud Foundation instance. For more details, see System and Network Requirements for the Cyber Recovery connector.

Table 1. Design Decisions on the Deployment of the VMware Live Cyber Recovery Connector Appliances
Decision ID	Design Decision	Design Justification	Design Implication
CBR-CDP-CFG-001	Deploy two VMware Live Cyber Recovery Connector appliances in the default management vSphere cluster.	Required to establish secure communication between the VMware Cloud Foundation instance and VMware Live Cyber Recovery.	The VMware Live Cyber Recovery Connector appliances must be able to connect to the internet through a firewall.
CBR-CDP-CFG-002	Protect the VMware Live Cyber Recovery Connector appliances by using vSphere High Availability.	Supports the availability objective without requiring manual intervention during an ESXi host failure.	None.
CBR-CDP-CFG-003	Place the VMware Live Cyber Recovery Connector appliances in a designated virtual machine folder.	Provides organization of the appliances in the management domain vSphere inventory.	You must create the virtual machine folder during deployment.
CBR-CDP-CFG-004	Apply vSphere Distributed Resource Scheduler anti-affinity rules to the VMware Live Cyber Recovery Connector appliances.	vSphere Distributed Resource Scheduler prevents the VMware Live Cyber Recovery Connector appliances from residing on the same ESXi host and impacting the performance of replications.	You must perform an additional configuration to set up an anti-affinity rule. For a default management vSphere cluster that consists of four ESXi hosts, you can put in maintenance mode only a single ESXi host at a time.

Table 2. Design Decisions on the Deployment of the VMware Live Cyber Recovery Connector Appliances in Multiple Availability Zones
Decision ID	Design Decision	Design Justification	Design Implication
CBR-CDP-CFG-005	When using two availability zones, add the VMware Live Cyber Recovery Connector appliances to the VM group of the first availability zone.	Ensures that the VMware Live Cyber Recovery Connector appliances run in the primary availability zone hosts group.	After the implementation of the second availability zone for the management domain, you must update the VM group for the primary availability zone virtual machines to include the VMware Live Cyber Recovery Connector appliances.