About Cloud-Based Workload Protection for VMware Cloud Foundation

The Cloud-Based Workload Protection for VMware Cloud Foundation validated solution provides detailed design, implementation, configuration, and operational guidance on protecting and recovering business workloads running on a VMware Cloud Foundation instance to VMware Cloud on AWS through the use of the VMware Live Cyber Recovery service.

A VMware by Broadcom validated solution is a well-architected and validated implementation, built and tested by VMware to help customers deliver common business use cases. VMware validated solutions are operational, cost-effective, reliable, and secure. Each solution contains a detailed design, implementation, and operational guidance.

Automation for This Design in VMware Cloud Foundation

VMware Cloud Foundation™ SDDC Manager^® automates the implementation tasks for some design decisions. For the rest of the design decisions, as noted in the design implications, you must perform the implementation steps manually.

To provide a fast and efficient path to automating the Cloud-Based Workload Protection for VMware Cloud Foundation implementation, this document provides Microsoft PowerShell cmdlets as code-based alternatives to completing certain procedures in each SDDC component's user interface. You can directly reuse the PowerShell commands by replacing the provided sample values with values from your VMware Cloud Foundation Planning and Preparation Workbook.

For additional information, see PowerShell Module for VMware Validated Solutions.

Intended Audience

The Cloud-Based Workload Protection for VMware Cloud Foundation documentation is intended for cloud architects and administrators who are familiar with and want to use VMware software and a cloud-based disaster recovery solution with VMware Cloud Foundation.

Support Matrix

The Cloud-Based Workload Protection for VMware Cloud Foundation validated solution is compatible with certain versions of the VMware products that are used for implementing the solution.

Table 1. Software Components in Cloud-Based Workload Protection for VMware Cloud Foundation
VMware Cloud Foundation Version	Product Group	Component Versions
5.1.1	Products part of VMware Cloud Foundation	See VMware Cloud Foundation 5.1.1 Release Notes.
	Solution-added products	VMware Cloud on AWS
		VMware Live Cyber Recovery
		VMware HCX
5.1.0	Products part of VMware Cloud Foundation	See VMware Cloud Foundation 5.1.0 Release Notes.
	Solution-added products	VMware Cloud on AWS
		VMware Live Cyber Recovery
		VMware HCX
5.0	Products part of VMware Cloud Foundation	See VMware Cloud Foundation 5.0 Release Notes.
	Solution-added products	VMware Cloud on AWS
		VMware Live Cyber Recovery
		VMware HCX
4.5.2	Products part of VMware Cloud Foundation	See VMware Cloud Foundation 4.5.2 Release Notes.
	Solution-added products	VMware Cloud on AWS
		VMware Live Cyber Recovery
		VMware HCX
4.5.1	Products part of VMware Cloud Foundation	See VMware Cloud Foundation 4.5.1 Release Notes.
	Solution-added products	VMware Cloud on AWS
		VMware Live Cyber Recovery
		VMware HCX
4.5.0	Products part of VMware Cloud Foundation	See VMware Cloud Foundation 4.5.0 Release Notes.
	Solution-added products	VMware Cloud on AWS
		VMware Live Cyber Recovery
		VMware HCX

Before You Apply This Guidance

To design and implement the Cloud-Based Workload Protection for VMware Cloud Foundation validated solution, your environment must have a certain configuration.

Table 2. Supported VMware Cloud Foundation Deployment
Workload Domain	Deployment Details
Management domain	Automated deployment using VMware Cloud Builder™. See the following VMware Cloud Foundation Documentation: For information on designing the management domain, see VMware Cloud Foundation Design Guide. For information on deploying the management domain, see Getting Started with VMware Cloud Foundation and VMware Cloud Foundation Deployment Guide. For information on operating the management domain, see VMware Cloud Foundation Administration Guide and VMware Cloud Foundation Operations Guide.
One or more virtual infrastructure (VI) workload domains	Automated deployment by using SDDC Manager See the following VMware Cloud Foundation Documentation: For information on designing a VI workload domain, see VMware Cloud Foundation Design Guide. For information on deploying the VI workload domains, see Getting Started with VMware Cloud Foundation and VMware Cloud Foundation Administration Guide. For information on operating the VI Workload domain, see VMware Cloud Foundation Operations Guide.
VMware Cloud Foundation integrated with Active Directory	Manual or PowerShell automated configuration of Active Directory over LDAP. See the Identity and Access Management for VMware Cloud Foundation validated solution.

Overview of Cloud-Based Workload Protection for VMware Cloud Foundation

By applying the Cloud-Based Workload Protection for VMware Cloud Foundation validated solution, you connect a VMware Cloud Foundation instance to the VMware Live Cyber Recovery service to protect business workloads and recover them to a VMware Cloud on AWS instance, utilizing VMware HCX to extend the networking.

Table 3. Implementation Overview of Cloud-Based Workload Protection for VMware Cloud Foundation
Stage	Steps
1. Plan and prepare the VMware Cloud Foundation environment.	Work with the technology team of your organization on configuring the physical servers, network, and storage in the data center. Collect the environment details and write them down in the VMware Cloud Foundation Planning and Preparation Workbook.
2. Prepare the VMware Cloud Foundation instance.	Define a custom role in vCenter Server. Configure service account permissions. Create Virtual Machine and Template folder.
3. Configure VMware Cloud on AWS	Deploy the recovery SDDC. Configure vCenter Server Access.
4. Configure VMware HCX	Deploy VMware HCX to the recovery SDDC. Deploy the HCX Connector appliance. Replace the HCX Connector appliance self-signed certificate. Pair on-premises vSphere environment with HCX Cloud. Create network profiles. Create a compute profile. Create a Service Mesh.
5. Configure the VMware Live Cyber Recovery service.	Activate a VMware Cloud on AWS region for VMware Live Cyber Recovery. Deploy a cloud file system. Create a protected site. Deploy a VMware Live Cyber Recovery Connector appliance. Register VI Workload Domain vCenter Server. Add a recovery SDDC.

Update History

The Cloud-Based Workload Protection for VMware Cloud Foundation validated solution is updated when necessary.


Revision	Description
28 MAY 2024	The PowerValidatedSolutions PowerShell module is now version 2.10.0.
26 MAR 2024	This validated solution now supports VMware Cloud Foundation 5.1.1. This validated solution now includes best practice guidance, see Best Practices for Cloud-Based Workload Protection for VMware Cloud Foundation. This validated solution now updates the password complexity and account lockout policy configuration for the latest version of Photon OS. Configure the Local User Password Complexity Policy for the HCX Connector Appliance for Cloud-Based Workload Protection for VMware Cloud Foundation The PowerValidatedSolutions PowerShell module is now version 2.9.0, adding support for the following procedures: Define a Custom Role in vSphere for Cloud-Based Workload Protection for VMware Cloud Foundation The VMware.PowerCLI PowerShell module is now version 13.2.1. The following solution-added product names are changing: VMware Cloud Disaster Recovery is now VMware Live Cyber Recovery
30 JAN 2024	The PowerValidatedSolutions PowerShell module is now version 2.8.0. The following solution-added products and integrations are now deprecated: Cloud-Based Intelligent Operations with VMware Aria Operations (SaaS) Cloud-Based Intelligent Logging with VMware Aria Operations for Logs (SaaS)
07 NOV 2023	This validated solution now supports VMware Cloud Foundation 5.1.0. This validated solution now provides guidance on the use of a vsphere.local domain user for establishing communication between VMware Live Cyber Recovery and vCenter Server. See the following: Service Account Design for Cloud-Based Workload Protection for VMware Cloud Foundation Create and Configure a Custom Role in vSphere for Cloud-Based Workload Protection for VMware Cloud Foundation The PowerValidatedSolutions PowerShell module is now version 2.7.0. The PowerVCF PowerShell module is now version 2.4.0. The following product names are changing: VMware vRealize Operations is now VMware Aria Operations For more information on the VMware Aria rebranding, see Multi-Cloud Management and VMware Aria.
29 AUG 2023	Initial release.