If a ransomware attack shuts down your protected site, you can failover and run production workloads on the recovery SDDC on a custom Tier-1 VMware Cloud Gateway.

After a ransomware attack, the original protected site running product workloads has likely been shut down. Ransomware attacks can cause service unavailability due to downtime of the affected production site. Infected sites are often decommissioned and rebuilt from scratch.

If your original site becomes unusable, you need to recover VMs to a recovery SDDC, so you can continue to run production workloads while the original site is being cleaned and restored. You can achieve this by creating a custom VMware Cloud Gateway on the recovery SDDC to use for failing over VMs that have been cleansed from ransomware recovery operations.

You can use the default VMware Cloud Gateway for ransomware recovery, which serves as the Isolated Recovery Environment (IRE).

You can then use the custom gateway for recovering cleansed VMs to the recovery SDDC on a different network, which serves as a temporary production environment until the original protected site is restored. You can recover and run VMs to the recovery SDDC until the original protected site is restored.

Once the original site is restored, you can fail back VMs from the recovery SDDC to the original protected site.

Adding a VMware Cloud Gateway to the Recover SDDC

You can add a VMware Cloud Gateway to the recovery SDDC from the VMware Cloud Services console and create different network segments for the gateway.

When an SDDC is first created, a default gateway is created called the 'Compute Gateway'. If you do not add a gateway to the SDDC, then recovery plans can only use the default gateway for disaster recovery, disaster recovery testing, and ransomware recovery.

However, you can create a separate network environment by creating a new gateway on the recovery SDDC, so one gateway can be used for ransomware recovery (and test failover operations), and the other can be used for running production workloads.
Note: Individual network segment names within a gateway must be unique.

Test Mappings Tab for Ransomware and Test Failover Operations

You can use the default gateway (named the 'Compute Gateway') for ransomware and test failover recovery operations.

In a recovery plan, you set virtual networks mappings on the Test mapping tab.
Note: If you do not configure Test mappings in a plan, then the Failover mappings will be used for the plan.
Note: You can technically choose to use any gateway for either ransomware recovery or failover to the recovery SDDC, but the main point is to use different gateways for each.

Virtual networks Test mapping tab in a recovery plan used for ransomware recovery a failover test operations.

Failover Mappings Tab for Disaster Recovery and Recovering Clean VMs to Recovery SDDC

You can create a new gateway (for example, 'Man GW1') for disaster recovery failovers and for recovering clean VMs from the IRE to the recovery SDDC. In a recovery plan, you set these Virtual networks mappings on the Failover mapping tab.

Virtual networks Failover mapping tab in a recovery plan used for disaster recovery failover to the recovery SDDC.