To control access to VMware Live Cyber Recovery components, you can configure access lists.
- Control access from the Cyber Recovery connector to the cloud file system and the Orchestrator.
- Control which users can access the VMware Live Cyber Recovery UI, including users who want to recover virtual machine guest files and download them.
- Harden your VMware Live Cyber Recovery environment for PCI DSS compliance.
Once you enable this setting, only IP addresses or IP address ranges added here can access the service.
Access Lists
Access List | Description |
---|---|
Connector access list |
Specify the public IP addresses and/or IP address ranges for all
Cyber Recovery connectors that can access the
Orchestrator and a cloud file system.
Note: Do not enter private IP addresses that are behind a NAT gateway.
|
Management access list |
Specify the public IP addresses and/or IP address ranges for all users you want to allow access to the
VMware Live Cyber Recovery UI.
Note: Do not enter private IP addresses that are behind a NAT gateway.
|
Configure Access to VMware Live Cyber Recovery
You can configure access lists to only allow specific IP addresses to access VMware Live Cyber Recovery components and UI.
Before you enable this setting, make sure that you compile a list of all allowed IP addresses or IP address ranges of all deployed Cyber Recovery connectors and all IP addresses to add to the lists. Once you enable this setting, only IP addresses or IP address ranges added here can access the service.
- From the left navigation, select Settings.
- Click the Security and compliance button.
- In the Security and compliance dialog box, select the Use access list option.
- Under Connector access list, enter the public IP addresses and/or IP address ranges for all Cyber Recovery connectors.
When you deploy a new Cyber Recovery connector, or if you already have Cyber Recovery connector deployed, add the IP addresses here. If you do not know the IP addresses of existing Cyber Recovery connectors, enter one IP address in the list and the dialog box displays all deployed connectors and their IP addresses at the bottom.IP addresses in the connector access list can also access the VMware Live Cyber Recovery UI.
- Next, specify the public IP addresses / IP address ranges of all computers that you want to access to the VMware Live Cyber Recovery UI.
For example, to allow a specific user's computer to download a VM guest file, enter the user's computer IP address here.
- Under PCI DSS, select the check box to agree to periodic security scans of VMware Live Cyber Recovery in the region where the service is deployed.
- Click OK.