You can use VMware Live Site Recovery protection and VMware Live Cyber Recovery high-frequency snapshots protection on the same virtual machine, with certain limitations.

You can protect the same VM simultaneously with both VMware Live Site Recovery by using array-based replication and VMware Live Cyber Recovery by using high-frequency snapshots. This allows you to benefit from the VMware Live Cyber Recovery ransomware cloud protection on top of the regular VMware Live Site Recovery array-based on-premises protection. You cannot protect the same VM simultaneously with VMware Live Cyber Recovery by using high-frequency snapshots and VMware Live Site Recovery when you use Virtual Volumes or vSphere Replication for VMware Live Site Recovery.

Caution: Using both products can result in split-brain scenarios and there are no guard rails to prevent this. For example, if you perform a VMware Live Site Recovery failover of a VM from site A to site B, and they then perform VMware Live Cyber Recovery ransomware recovery of the same VM to site B. After this, two instance of the same VM will run simultaneously, one in site A as a result of the VMware Live Cyber Recovery ransomware recovery and one in site B as a result of the VMware Live Site Recovery failover. Similarly, performing VMware Live Site Recovery failover and VMware Live Cyber Recovery failover of the same set of VMs results in a split-brain scenario.

Protection

Protecting a virtual machine with enabled high-frequency snapshot filter with VMware Live Site Recovery array-based replication requires active VMware Live Recovery subscription.

If there is no active subscription, the protection fails with the following error. "Subscription is not available or has expired. Unable to protect VM '{vmName}' with IO filter 'vmwarelwd' for device with key '2000' as this action requires active subscription.. The same error is observed in the Site Recovery UI if you enable VMware Live Cyber Recovery high-frequency snapshots on a virtual machine protected by VMware Live Site Recovery and there is no active subscription. In case of a recovery no high-frequency snapshots related action are preformed on the virtual machine.

Recovery

During test recovery, disaster recovery, or planned migration of VMs with discs with enabled high-frequency snapshot filter, as part of the reconfigure VM operation VMware Live Site Recovery issues high-frequency snapshot IO filters removal change. The array-based replication protected VMs are recovered on the target recovery site with no active high-frequency snapshot filter. The only exception is when the protected VM has user-managed snapshots. If that is the case, the high-frequency snapshot state change is forbidden by the platform and VMware Live Site Recovery cannot remove high-frequency snapshot IO filters if present. For such VMs on recovery time, VMware Live Site Recovery issues a create snapshot/revert to snapshot/delete snapshot and leaves the high-frequency snapshot IO filter enabled for the recovered VMs. The snapshot operations sequence ensures that the high-frequency snapshot state is invalidated and no potentially dangerous incremental high-frequency snapshot sync is issued after the VMware Live Site Recovery recovery process.

Failback

The same behavior is observed during a failback operation. This guarantees for the VMware Live Cyber Recovery users that no high-frequency snapshot state is transferred cross-site which allows safe continuous high-frequency snapshots-based protection of the original VM failed back by VMware Live Site Recovery.

Interoperability with cross-site vMotion

The interoperability with VMware Live Cyber Recovery high-frequency snapshots is not supported for VMs on stretched storage with configured cross-site vMotion on planned migration.

vSphere Replication and Virtual Volumes support

You cannot include a VMware Live Cyber Recovery high-frequency snapshot protected virtual machine in a vSphere Replication protection group or a Virtual Volumes protection group. Attempting to protect such VM will result in the following error dr.replication.fault.NotSupportedIndependentIOFilter “Unable to protect VM 'testABR+LWD' with unsupported IO filter 'vmwarelwd' for device with key '2000'.”.

Interoperability with different versions of vCenter Server

By default LWD on VMs protected by VMware Live Site Recovery is active in VMware vSAN DPS for vCenter Server 8.0 Update 2 and later. You must manually activate the functionality for earlier versions of vCenter Server.

vCenter Server 7.0 Update 2 or earlier vCenter Server 7.0 Update 3 and planned patches vCenter Server 8.0 Update 1 and planned patches vCenter Server 8.0 Update 2 and later
VMware Live Site Recovery and VMware Live Recovery Not supported. Supported. Requires manual configuration change in the VMware vSAN DPS. Supported. Requires manual configuration change in the VMware vSAN DPS. Supported.
ESXi 7.0 Update 2 or earlier ESXi 7.0 Update 3 and later ESXi 8.0 and later
VMware Live Site Recovery and VMware Live Recovery Not supported. Supported with limitations, see the note below. Fully supported after ESXi 8.0 Update 2b. For earlier versions see the note below.
Caution: There might be an RTO impact on protected VMs with enabled LWD filters. The observed effect is slower VMware Live Site Recovery recovery for such VMs, where the introduced delay is proportional to the VM's disk count. To avoid the issue, upgrade all target recovery ESXi hosts to a patch version containing a fix for the issue.

How to activate the interoperability with VMware Live Cyber Recovery

To use VMware Live Site Recovery protection and VMware Live Cyber Recovery protection on the same virtual machine on vCenter Server versions 7.0 Update 3 and 8.0 Update 1, you must manually activate the functionality.

Procedure

  1. SSH to the vCenter Server virtual machine.
  2. Navigate to /usr/lib/vmware-vsan/ and open the VsanVcMgmtConfig.xml file in a text editor.
  3. Set the following value to true and save the file.
    <plugins>
    ...
       <DataProtectionService>
       ...
          <!--
          Indicates whether a VM that is already protected by SRM can also be
          protected by LWD.
          -->
          <protectSrmVm>true</protectSrmVm> 
       ...
       </DataProtectionService>
    ...
    </plugins>
  4. Restart the vSAN health survice by running the following command.
    vmon-cli -r vsan-health