Critical SDDC management applications and services must be available in the event of a disaster. These management applications are running as virtual machines, and can have dependencies on applications and services that run in both regions.

This validated design for disaster recovery defines the following logical configuration of the SDDC management applications:

Table 1. Logical Configuration for Disaster Recovery in the SDDC

Management Component

Logical Configuration for Disaster Recovery

Regions and ESXi hosts

  • Region A has a management cluster of ESXi hosts that runs the virtual machines of the management application that must be protected.  Region A might contain one availability zone or two availability zones by using a stretched vSAN cluster.

  • Region B has a management cluster of ESXi hosts with sufficient free capacity to host the protected management applications from Region A.

vCenter Server

Each region has a vCenter Server instance for the management ESXi hosts within the region.

Site Recovery Manager

  • Each region has a Site Recovery Manager server with an embedded database. 

  • In each region, Site Recovery Manager is integrated with the Management vCenter Server instance. 

vSphere Replication

  • vSphere Replication provides hypervisor-based virtual machine replication between Region A and Region B. 

  • vSphere Replication replicates data from Region A to Region B by using a dedicated VMkernel TCP/IP stack.

Figure 1. Disaster Recovery Logical Design


In this validated design, start failover of vRealize Automation and vRealize Operations Manager by connecting to vCenter Server and the paired to Site Recovery Manager.