To prepare an existing SDDC to run compliance-audited workloads, you must disable certain integrated services.
Because certain VMware Integrated Services are not compatible with compliance hardening, you must disable them before migrating compliance-audited workloads to your SDDC. If you disable these services, you'll need to contact VMware Support to have them re-enabled.
Note:
Integrated services are not enabled in a new SDDC. This procedure is only required when reconfiguring an existing SDDC to disable integrated services.
Procedure
- Log in to the VMware Cloud Console at https://vmc.vmware.com.
- Navigate to the Settings tab of your SDDC.
The
Compliance Hardening area of this tab displays the status of the VMware HCX and VMware Site Recovery services.
- Disable the VMware HCX Service. (You can install and enable HCX in a new SDDC and use it to migrate compliance-audited workloads, but after that migration is complete, you must disable it.)
On the
Compliance Hardening section of the
Settings tab, expand the
HCX control to display the
Disable VMware HCX card.
- Uninstall HCX from the SDDC vCenter.
If you have created any custom firewall rules that reference HCX inventory groups, remove them before you begin to uninstall HCX, then follow the procedures documented in
Uninstalling HCX in VMware Cloud on AWS Deployments to clean up SDDC resources created or used by VMware HCX. After HCX has been uninstalled, select the check box to confirm that the clean-up is complete and you are ready to proceed.
- Click DISABLE to open the Disable VMware HCX page.
- Confirm that you understand the workflow:
- Select the checkbox to confirm that you have uninstalled HCX and cleaned up any remaining HCX resources (see 3.a).
- Select the checkbox to confirm that you understand that you'll need to contact VMware support if you want to re-enable VMware HXC for this SDDC.
- Click DISABLE to disable VMware HCX.
- Disable VMware Site Recovery 8.4 Compatibility.
VMware Site Recovery meets compliance audit requirements at version 8.5 and later.
You must disable compatibility with Site Recovery 8.4 to prepare an SDDC to run compliance-audited workloads.
Use the vSphere Client to verify the version of VMware Site Recovery that is active in your SDDC. If VMware Site Recovery is not active in your SDDC, after Activate on SDDC at version 1.14 and later, version 8.5 or later will be provisioned. If VMware Site Recovery is active in your SDDC with version 8.4 you can contact support to have the Site Recovery service upgraded to 8.5 or later or deactivate Site Recovery.
On the Compliance Hardening section of the Settings tab, expand the Site Recovery v8.4 compatibility control to display the Disable VMware Site Recovery 8.4 compatibility control.
- (Optional) (If using 8.4 and no longer need it) Follow the procedures documented in Deactivate VMware Site Recovery to clean up SDDC resources created or used by VMware Site Recovery.
- (Optional) (If using 8.4 and no longer need it) Unregister Site Recovery Manager from the on-premises site. See Unregister the Site Recovery Appliance on the on-premises site in the VMware Site Recovery Product Documentation.
- (Optional) (If using 8.4 and still need Site Recovery) Contact support to have the Site Recovery service upgraded to 8.5. Proceed with the remaining steps only after the upgrade to 8.5 or later has been completed.
- Click DISABLE to open the Disable Site Recovery v8.4 Compatibility page.
- Confirm that you understand the workflow: Select the checkbox to confirm that you have checked VSR service version and if active with 8.4 - have either deactivated it and uninstalled Site Recovery Manager or requested its upgrade and it has been upgraded to 8.5 or later. (see 4.a, 4.b and 4.c). Select the checkbox to confirm that you understand that you'll need to contact VMware support if you want to re-enable Site Recovery 8.4 Compatibility for this SDDC.
- Click DISABLE to disable compatibility with VMware Site Recovery.