To control access to VMware Live Cyber Recovery components, you can configure access lists.

Configuring access lists allows you to:
  • Control access from the Cyber Recovery connector to the cloud file system and the Orchestrator.
  • Control which users can access the VMware Live Cyber Recovery UI, including users who want to recover virtual machine guest files and download them.
  • Harden your VMware Live Cyber Recovery environment for PCI DSS compliance.

Once you enable this setting, only IP addresses or IP address ranges added here can access the service.

Access Lists

There are two access lists you can configure:
Access List Description
Connector access list
Specify the public IP addresses and/or IP address ranges for all Cyber Recovery connectors that can access the Orchestrator and a cloud file system.
Note: Do not enter private IP addresses that are behind a NAT gateway.
Management access list
Specify the public IP addresses and/or IP address ranges for all users you want to allow access to the VMware Live Cyber Recovery UI.
Note: Do not enter private IP addresses that are behind a NAT gateway.

Configure Access to VMware Live Cyber Recovery

You can configure access lists to only allow specific IP addresses to access VMware Live Cyber Recovery components and UI.

Before you enable this setting, make sure that you compile a list of all allowed IP addresses or IP address ranges of all deployed Cyber Recovery connectors and all IP addresses to add to the lists. Once you enable this setting, only IP addresses or IP address ranges added here can access the service.

Note: Do not enter private IP addresses that are behind a NAT gateway.
Note: You can add a maximum of 14 IP addresses total between both access lists.
Configure Access.
  1. From the left navigation, select Settings.
  2. Click the Security and compliance button.
  3. In the Security and compliance dialog box, select the Use access list option.
  4. Under Connector access list, enter the public IP addresses and/or IP address ranges for all Cyber Recovery connectors.

    When you deploy a new Cyber Recovery connector, or if you already have Cyber Recovery connector deployed, add the IP addresses here. If you do not know the IP addresses of existing Cyber Recovery connectors, enter one IP address in the list and the dialog box displays all deployed connectors and their IP addresses at the bottom.IP addresses in the connector access list can also access the VMware Live Cyber Recovery UI.

  5. Next, specify the public IP addresses / IP address ranges of all computers that you want to access to the VMware Live Cyber Recovery UI.

    For example, to allow a specific user's computer to download a VM guest file, enter the user's computer IP address here.

  6. Under PCI DSS, select the check box to agree to periodic security scans of VMware Live Cyber Recovery in the region where the service is deployed.

    Security and compliance dialog box with access lists

  7. Click OK.