Begin the preparation for the actual ransomware recovery by configuring the recovery SDDC.

Create Virtual Machine and Template Folder for Folder Mappings for Cloud-Based Ransomware Recovery for VMware Cloud Foundation

Create virtual machine folders in the recovery SDDC for your critical workloads. You later configure folder mappings in VMware Live Cyber Recovery between the protected and the recovery instances.

Procedure

  1. Log in to the VMware Cloud Services console at https://console.cloud.vmware.com/ with a user assigned the VMware Cloud on AWS Administrator and VMware Live Cyber Recovery Protection Admin roles.
  2. On the Services page, locate the VMware Live Recovery tile, and click Launch service.
  3. On the VMware Live Recovery page, for the region where the service is enabled, click Manage region.
  4. On the VMware Live Cyber Recovery page, in the left navigation pane, click Recovery SDDCs to expand the list.

  5. Select the name of your recovery SDDC.

  6. On the Recovery SDDCs page, click Open vCenter.

  7. In the Open vCenter dialog box, copy the [email protected] password and click Open vCenter.

  8. On the Getting started page, click Launch vSphere client.

  9. Log in to the recovery SDDC vCenter Server with the default [email protected] user.

  10. From the vSphere Client Menu, select Inventory.

  11. In the VMs and templates inventory, expand the vCenter Server tree, right-click the data center, and select New folder > New VM and template folder.

  12. In the New folder dialog box, enter the folder name, and click OK.

Create Resource Pool for Compute Resource Mappings for Cloud-Based Ransomware Recovery for VMware Cloud Foundation

Create resource pools in the recovery SDDC for your critical workloads. You later configure compute resource mappings in VMware Live Cyber Recovery between the protected and recovery instances.

Procedure

  1. Log in to the VMware Cloud Services console at https://console.cloud.vmware.com/ with a user assigned the VMware Cloud on AWS Administrator and VMware Live Cyber Recovery Protection Admin roles.
  2. On the Services page, locate the VMware Live Recovery tile, and click Launch service.
  3. On the VMware Live Recovery page, for the region where the service is enabled, click Manage region.
  4. On the VMware Live Cyber Recovery page, in the left navigation pane, click Recovery SDDCs to expand the list.

  5. Select the name of your recovery SDDC.

  6. On the Recovery SDDCs page, click Open vCenter.

  7. In the Open vCenter dialog box, copy the [email protected] password and click Open vCenter.

  8. On the Getting started page, click Launch vSphere client.

  9. Log in to the recovery SDDC vCenter Server with the default [email protected] user.

  10. From the vSphere Client Menu, select Inventory.

  11. In the Hosts and clusters inventory, expand the vCenter Server tree, right-click the cluster, and select New resource pool.

  12. In the New resource pool dialog box, enter the resource pool name, and click OK.

Activate Ransomware Service Integration for Cloud-Based Ransomware Recovery for VMware Cloud Foundation

To use ransomware recovery with integrated security and vulnerability analysis, you must activate the services. You also activate VMware NSX Advanced Firewall for VMware Cloud on AWS to provide advanced network isolation levels.

Procedure

  1. Log in to the VMware Cloud Services console at https://console.cloud.vmware.com/ as an Organization owner assigned the VMware Live Cyber Recovery Global Console Admin and VMware Live Cyber Recovery Orchestrator Admin roles.
  2. On the Services page, locate the VMware Live Recovery tile, and click Launch service.
  3. On the VMware Live Recovery page, for the region where the service is enabled, click Manage region.
  4. On the VMware Live Cyber Recovery page, in the left navigation pane, click Settings.

  5. On the Settings page, under Integration, click Ransomware Recovery Services.
  6. In the Ransomware services integration dialog box, click Activate integrated analysis.

  7. In the Activate integrated security and vulnerability analysis dialog box, select the four check boxes, click Activate, and wait for the completion of the process.

  8. In the Ransomware services integration dialog box, verify Analysis activated is successful and click Allow activation of NSX Advanced Firewall.

  9. In the Allow activation of NSX Advanced Firewall dialog box, select the two confirmation check boxes and click Activate.

  10. Verify the NSX Advanced Firewall activation allowed is successful and click Close.

Create a Protection Group for Critical Workloads with Cloud-Based Ransomware Recovery for VMware Cloud Foundation

Create a protection group in VMware Live Cyber Recovery for recurring VM snapshots and replicate them to a cloud file system, so you can later use the snapshots for disaster recovery.

Procedure

  1. Log in to the VMware Cloud Services console at https://console.cloud.vmware.com/ with a user assigned the VMware Live Cyber Recovery Protection Admin role.
  2. On the Services page, locate the VMware Live Recovery tile, and click Launch service.
  3. On the VMware Live Recovery page, for the region where the service is enabled, click Manage region.
  4. On the VMware Live Cyber Recovery page, in the left navigation pane, click Protection groups.

  5. On the Protection groups page, click Create protection group.

  6. In the Create protection group for site dialog box, on the General page, configure the values according to your requirements and click Next.

  7. On the Protection schedules page, configure the values according to your requirements and click Finish.

Create a Recovery Plan for Critical Workloads with Cloud-Based Ransomware Recovery for VMware Cloud Foundation

After you configure a protection group, you create a recovery plan in VMware Live Cyber Recovery to define the configuration and the orchestration steps required for successful disaster recovery.

Procedure

  1. Log in to the VMware Cloud Services console at https://console.cloud.vmware.com/ with a user assigned the VMware Live Cyber Recovery Protection Admin role.
  2. On the Services page, locate the VMware Live Recovery tile, and click Launch service.
  3. On the VMware Live Recovery page, for the region where the service is enabled, click Manage region.
  4. On the VMware Live Cyber Recovery page, in the left navigation pane, click Recovery plans.

  5. Click Create plan.

  6. In the Create plan dialog box, on the General page, configure the values according to your requirements and click Next.

  7. On the Ransomware page, under Security and vulnerability analysis, configure the settings according to your requirements and click Next.

  8. On the Sites page, configure the values according to your requirements and click Next.

  9. On the Groups page, select the protection groups to include as part of the recovery plan, and click Next.

  10. On the vCenters page, click Next.

  11. Map the vCenter Server folders from the protected site to the recovery site.
    1. On the vCenter folders page, click Map folders.

    2. In the vCenter folder mappings dialog box, select the folders for the protected and the recovery sites, click Add, and click OK.

    3. On the vCenter folders page, click Next.
  12. Define which vCenter Server compute resources are used for failover.
    1. On the Compute resources page, click Map compute resources.

    2. In the vCenter compute resource mappings dialog box, select the clusters for the protected and the recovery sites, and click Add.

    3. In the vCenter compute resource mappings dialog box, select the resource pools for the protected and the recovery sites, click Add, and click OK.

    4. On the Compute resources page, click Next.

  13. Map protected site networks to networks on the recovery site.
    1. On the Virtual networks page, click Map virtual networks.

    2. In the vCenter virtual network mappings dialog box, select the networks for the protected and the recovery sites, click Add, and click OK.

    3. On the Virtual networks page, click Test Mapping and configure the values according to your requirement.

    4. On the Virtual networks page, click Next.

  14. On the IP addresses page, configure the values according to your requirements and click Next.

  15. On the Script VM page, configure the values according to your requirements and click Next.

  16. On the Recovery steps page, configure the values according to your requirements and click Next.

  17. On the Alerts page, configure the values according to your requirements and click Finish.

  18. Click the Recovery plan you created.

  19. On the Recovery plan page, in the Continuous compliance tile, click the refresh icon to perform a compliance check and verify the check is successful.

  20. Click Show to view the report and, if the compliance check detects any failure, remediate the issues.