vSAN data protection enables you to quickly recover VMs from operational failure or ransomware attacks, using native snapshots stored locally on the vSAN cluster.

vSAN data protection is supported on vSAN HCI clusters powered by vSAN ESA. It uses native vSAN snapshots to capture the current state of your VMs. You can use vSAN snapshots to restore a VM to its previous state, or clone a VM for development and testing.

vSAN data protection requires the VMware Snapshot Service to manage vSAN snapshots. Deploy the Snapshot Service appliance to enable vSAN data protection in the vSphere Client.

Use the following tabs to navigate the vSAN data protection page.

Tab Description
Summary Displays general information about vSAN data protection, including the number of protection groups, percentage of protected VMs, number of VM snapshots, and amount of storage space used for snapshots.
Protection Groups Displays a list of vSAN data protection groups and their status. Select a protection group to view snapshots in the protection group, or edit the configuration.
VMs Displays a list of VMs in the vSAN cluster with details about their data protection status. Deleted VMs that have snapshots available are visible here.

You can select a VM and click to restore or clone the VM.

vSAN Snapshots

vSAN snapshots preserve the state and data of a virtual machine at the time you take the snapshot. This local archive preserves the VM's data as it existed at that time. You can restore a VM to the state that existed when the snapshot was taken, or create a linked clone VM that matches the state preserved in the snapshot.

Taking a snapshot captures the VM state at a specific point in time. vSAN snapshots are not quiesced, and they capture the current running state of the VM.

Snapshots operate on individual virtual machines. Each VM requires a separate snapshot. You can take manual or scheduled snapshots of virtual machines by placing them in protection groups.

Each vSAN snapshot contains the state of the VM's namespace object and virtual disk objects. vSAN take snapshots of VMs in protection groups at scheduled intervals. These vSAN snapshots are stored locally in the vSAN datastore.

Protection Groups

Protection groups enable you to schedule and manage snapshots for one or multiple VMs. You can add VMs to a protection group, configure snapshot schedules, and view snapshot information.

Select a protection group, and use the following tabs to manage the group.

Tab Description
Overview Displays general information about the protection group, including a list of member VMs, the snapshot schedules, and the number of snapshots taken.
Snapshots Displays the snapshot series associated with the protection group. You can select and delete individual snapshots from the series.
VMs Displays a list of VMs that are members of the protection group, and the number of snapshots available for each VM.

When you create a protection group, add member VMs and configure one or more snapshot schedules. You can add VMs individually, or enter VM name patterns to add all VMs that match the pattern. You can use both methods to add VMs to the protection group.

You can define multiple snapshot schedules to periodically capture the state of VMs in a protection group. As new snapshots are captured, vSAN removes old snapshots from the series, based on the retention setting. You also can take a manual snapshot to capture the current state of VMs in the protection group.

Enable immutability mode on a protection group for additional security. You cannot edit or delete this protection group, change the VM membership, edit or delete snapshots. An immutable snapshot is a read-only copy of data that cannot be modified or deleted, even by an attacker with administrative privileges.
Note: Once immutability mode is enabled on a protection group, it cannot be disabled by an administrator.
You can monitor and modify protection groups from the Protection Groups tab. Click a protection group to view details.
  • Overview displays general information about the protection group, including VM membership, snapshot schedules, and number of snapshots.
  • Snapshots displays a list of snapshots available in the protection group. You can select a snapshot, and click >> to view individual snapshots for each VM, and perform actions.
  • VMs displays a list of VMs in the protection group with details about the available snapshots. Select a VM radio button, and click Restore VM or Clone VM, then choose a snapshot.

Click one of the following buttons to perform actions on the protection group.

Action Description
Take snapshot

You can change the default name of the snapshot, and define the retention period. vSAN takes a separate snapshot for each VM in the protection group.


You can add or remove VMs, modify the VM name patterns, and add or modify the snapshot schedules.

Pause schedule/Resume schedule

You can pause the snapshot schedules defined for the protection group. No snapshots are taken or deleted while the schedules are paused.

To delete a protection group, click the More... icon next to the group name, and select menu Delete. When you delete the protection group, you must decide how to manage its snapshots.
  • Keep snapshots until their expiration date. The protection group will be deleted after all existing snapshots have expired.
  • Delete snapshots. The protection group and its existing snapshots are deleted immediately.

vSAN and VMware Live Cyber Recovery

VMware Live Cyber Recovery can leverage vSAN snapshots on the protected site for faster recovery of ransomware-infected VMs in the cloud. VLCR can reduce restore times by using vSAN snapshots to update only the VM deltas at the production site.

For more information, refer to "Fast Restore Using VMware vSAN Local Snapshots" in VMware Live Cyber Recovery.