Use the checklist to verify that you have fulfilled all the requirements to initiate disaster recovery or planned migration of the SDDC management applications and to complete the configuration of these applications.

Table 1. Checklist for Failover and Failback in an SDDC



Activation and assessment

  • Verify that disaster failover or failback is required:

    For example, an application failure might not be a cause for a failover or failback, while an extended VMware Cloud Foundation instance outage is a valid cause.

  • Plan for business continuity events such as scheduled building maintenance or the probability of a natural disaster.


  • Submit the required documentation for approval to the following roles:

    • IT management staff

    • CTO

    • Business users

    • Other stakeholders

Activation logistics

  • Verify that all the required facilities and personnel are available for the complete duration of the disaster recovery process.

  • Verify that Site Recovery Manager is available in the recovery VMware Cloud Foundation instance.

  • Verify the replication status of the SDDC management components.

  • Verify the state of NSX Data Center in the recovery VMware Cloud Foundation instance:

    • Verify that the NSX Edge nodes are available.

    • Verify that the IP addresses for the overlay-backed networks are correct.

    • Verify that the NSX load balancer is correctly configured according to the design.

Communication, initiation, and failover or failback validation

  • In case of a planned migration:

    • Notify all stakeholders for the planned outage and the expected duration of the maintenance window.

    • At the scheduled time, initiate the failover or failback process.

  • In case of a failover or failback for disaster recovery:

    • Before initiating a failover or a failback, notify all stakeholders for the event.

  • After completing a failover or a failback:

    • Test applications availability.

    • Notify all stakeholders for the completed event.

Multiple Availability Zones

If your environment consists of multiple availability zones, perform additional configuration for failback for disaster recovery:

  • In case of failback for disaster recovery in which the recovery VMware Cloud Foundation instance remains unavailable, the vSAN witness appliance might not available too. As a result, you might be unable to provision the vRealize Suite virtual machines in the protected VMware Cloud Foundation instance according to the active vSAN storage policy. To ensure the recovery of the vRealize Suite virtual machines, turn on the force-provisioning option in the storage policy.

  • In case of a planned migration in which both the protected and recovery VMware Cloud Foundation instances are still operational, the vSAN witness appliance is available and the active storage policy is satisfied.

Configuration after failover

In case of disaster recovery failover, perform additional configuration:

  • Redirect the log data from the failed over or failed back applications to vRealize Log Insight in the recovery VMware Cloud Foundation instance.

  • Complete a post-recovery assessment:

    • Note which items worked and which did not work, and identify improvements that you can include in the recovery plan.