Hi vAdmins,

After my first post VMware Ransomeware Recovery for VCDR I would like to give you more insights by taking a closer look on the VCDR Console (look and feel), provided by the VMware Cloud Console. This with a focus on how-to setup, configure and manage this all-in-one DR solution.

The image represents an a typical VCDR environment. The deployment and configuration for sites and components, among other components, are covered below.


This awesome Dashboard provides a lot of useful information at a glance, like resources consumption, VCDR Health Status, Consumption of the Cloud File System(s), Protected sites (source), Recovery SDDDC (Cloud), Protection group(s), Protected virtual machines, number of available Recovery Plans (active/running) and much more.

Cloud File System

Backups are encrypted and stored in the native vSphere VM format in a highly efficient cloud storage layer called the Scale-out Cloud File System (SCFS) instead of primary storage in a VMware Cloud on AWS SDDC. This harnesses the benefits of cloud storage economics. The Scale-out Cloud File System is optimized, encrypted and cataloged.

You can simply create a (Scale-Out) Cloud File System by the wizard, just click on the ” Deploy Cloud File System” button, and providing a name.

Since all data is immutable, a DR (test) will create a clone of a snapshot and provides a writable RPO will be assigned to a host with NFS protocol.

Protected Sites

The onboarding proces of a protected site installation is straight forward and provided by a wizard. During this proces you need to select a protected site type (this could be an on-premises site or VMware Cloud on AWS).

Also define a target Cloud File System (created in the previous step) and choose the preferred type of Cloud and Connectivity (Public internet / Direct Connect).

DRAAS Connector

DRaaS Connector is a downloadable, lightweight virtual appliance that enables customers to protect any VMware workload in just minutes with no new software or infrastructure to deploy. DRaaS Connect enables VMware Cloud Disaster Recovery to orchestrate failover from a VMware Cloud SDDC in one AWS AZ to another AZ or from any on-premises vSphere infrastructure, including SAN, NAS, vSAN, vVol, or local storage to VMware Cloud on AWS.

So now that the Source SDDC has been created, you can download and install a connector appliance. This appliance is responsible for the connectivity from the On-Premises environment to the Cloud File System.

Protected SDDC

Here you see an overview of all the site properties including Clusters, Cloud backup target (Cloud file system) Protected VMs including snapshots and protection groups.

Recovery SDDC

This is the part covers how to create a recovery site.

See the demo below and discover al the options.


This section looks is very similar to the previous implementation (based on source) but in this section there are some additional and important configuration sections to review, including:


You can assign one or more clusters for recovery.


Here you can assign network subnets, including DHC and DNS properties.

Pubic IP:

Here you can assign and request a new public IP and tag a label to it (optional).

NAT Rules:

Here you can assign NAT rules, translation for the Public IP to Internal IP (IPV4).

Firewall rules:

Here you can assign Firewall rules, to enable connectivity with the stack.

Protection Groups

Protection groups are a way of grouping virtual machines that will be recovered together. Often, a protection group will consist of virtual machines that support a service or application. 

You can create a protection group, based on a protected site to assign workload (VMs) which can be then used for recovery. You can create multiple groups of VMs. VMs that are a part of a Protection group should exist on the same protected site only. Creation of protection group needs an existing subscription. 

It is also possible to add VMs based on VM name pattern, TAGs or VM Folder.

The protection schedules are the trigger for creation snapshots (RPO) and the replication. The retention settings is responsible for the period that these snapshots are immutably preserved. All this data will be stored on the Cloud File System. Best practices is to set this at least 60 to 90 days (A ransomware is often not detected before this periode).

Virtual Machines

This view shows all virtual machines at a glance including its size.

Another great feature is to restore files by using “Recover Guest Files”, which is also covered in the demo below.

Before you can recover a file you need to select a snapshot first (Recovery Point Object). You can browse an select files to recover.

So let’s start!

TIP: In case many files need to be restored, you can download them as a compressed zip file.

Recovery Plans

Recovery Plans in VMware Cloud Disaster Recovery are like an automated run book, controlling all the steps in the recovery process. The recovery plan is the level at which actions like failover, planned migration, testing, and failback are conducted. A recovery plan contains one or more protection groups and a protection group can be included in more than one recovery plan. This provides for the flexibility to test or recover an application by itself and also test or recover a group of applications or the entire site.

How to create a plan?

The wizard guides you on your way to creating a Recovery plan. See demo!

This last option allows you to activate automated Ransomware Recovery as part of a recovery plan.

For the Dutch audience if you’re interested, on March 7 2023 my colleague Joris Leemreize and I will provide a live demonstration at the Dutch VMUG event.

This post describes the initial configuration. In the next post (and on VMUG), we will demonstrate how to initiate a Disaster Recovery including a Ransomeware Scan.

So stay tuned!

End of this post.

Disclamer: This blog is based on my personal title and assumptions. No rights can be derived from this blog.

Leave a Reply

Your email address will not be published. Required fields are marked *