If you are using a VMware Cloud on AWS environment with an NFS-mounted storage provided by a Managed Service Provider over Direct Connect, VPN connectivity for replication traffic communication does not work by default.

Problem

When you have an NFS-mounted storage in a VMware Cloud on AWS environment and the storage is provided by the Managed Service Provider (MSP), the connectivity between the SDDC and the storage array is over a Direct Connect private virtual interface. Using VPN connectivity for replication traffic communication from such an environment does not work by default. You must have a Direct Connect between the on-premises datacenter and VMware Cloud on AWS or work with your MSP to set up a direct connectivity between the MSP co-location facility and your on-premises datacenter.

Cause

With a Direct Connect private virtual interface, the only possible external connectivity option for the ESXi traffic is Direct Connect. If there is a VPN between on-premises and the VMware Cloud on AWS SDDC, the ESXi to VMware vSphere Replication appliance traffic uses the Direct Connect path.

Solution

When you use NFS-mounted storage in a VMware Cloud on AWS SDDC and use VMware Site Recovery in the same SDDC, avoid VPN for the replication traffic. Route the traffic through Direct Connect between on-premises and the VMware Cloud on AWS SDDC - directly or transitively through Direct Connect between the VMware Cloud on AWS and the MSP co-location and then between the MSP co-location and on-premises.
  • VMware Cloud on AWS with NFS mounted storage provided by a Managed Service Provider over Direct Connect at co-location, Direct Connect from on-premises to VMware Cloud on AWS.

  • VMware Cloud on AWS with NFS mounted storage provided by a Managed Service Provider over Direct Connect at co-location, connectivity from co-location to on-premises.