SRM - Site Recovery Manager

How to install SRM for VMware Cloud on AWS


What is VMware Site Recovery

VMware Site Recovery brings VMware’s enterprise-class Software-Defined Data Center (SDDC) Disaster Recovery as a Service to the AWS Cloud. It enables customers to protect and recover applications without the requirement for a dedicated secondary site. It is delivered, sold, supported, maintained and managed by VMware as an on-demand service.VMware Site Recovery works in conjunction with VMware Site Recovery Manager and VMware vSphere Replication to automate the process of recovering, testing, re-protecting, and failing-back virtual machine workloads. VMware Site Recovery can address multiple DR use cases for organizations, and it can be used between a customer’s datacenters/remote locations and a VMware Cloud on AWS SDDC or between two SDDCs deployed in different AWS availability zones or regions.


Visit VMware Site Recovery Resources for further information including the VMware Site Recovery Evaluation Guide.

Activate the Site Recovery Add On

To use the VMware Site Recovery service, you must activate VMware Site Recovery at the recovery site on VMware Cloud on AWS. If VMware Cloud on AWS serves as both the protected and recovery sites, it will need to be activated in both SDDCs.


  1. For the selected SDDC, Click on the Add Ons tab
  2. Under the Site Recovery Add On, Click the ACTIVATE button


  3. If you need to download Site Recovery Manager and vSphere Replication for the on-premises installation, click the download link to open the page that will be used in the following step.

Unless you are doing a shared recovery site configuration with multiple protected sites and one recovery site, leave the Default extension ID option selected. For more information, see the VMware Site Recovery documentation.

*Default extension ID:  Use this option when you deploy Site Recovery Manager in a standard configuration with one protected site and one recovery site.*

*Custom extension ID:  Use this option when you deploy Site Recovery Manager in a shared recovery site configuration, with multiple protected sites and one recovery site. For more details, see the Site Recovery Manager documentation.*
  1. Click ACTIVATE to install the VMware Site Recovery and vSphere Replication components into the SDDC.


The activation process takes approximately 10 minutes to complete.

Download and Install Site Recovery Manager and vSphere Replication On-Prem

If you don’t have vSphere Replication and Site Recovery Manager already installed in your on-premises location, you will need to download those components and install them. If you do have them installed, be sure to review the Site Recovery Documentation & Compatibility Matrices to ensure the versions you have on-prem are compatible with the versions installed into the VMware Cloud on AWS SDDC.


  1. On the page that was opened to download the on-premises components, click GO TO DOWNLOADS (note that the selected version depicted in the screenshot may be different)


  2. Click DOWNLOAD NOW to download the Site Recovery Manager *.iso disk image file

  3. Click DOWNLOAD NOW to download the vSphere Replication *.iso disk image file

(note that version numbers may differ from what is depicted in the above screenshot)


  1. After downloading and unzipping the disk image files, log in to your on-premises vCenter as a user with privileges to install OVFs, select the location you want to install Site Recovery Manager and vSphere Replication to, and for each appliance, right-click and choose Deploy OVF Template…. Power on both appliances after the installations are complete.

For detailed information on installing the Site Recovery Manager and vSphere Replication appliances, see the Site Recovery Manager documentation and the vSphere Replication documentation.

Add screenshots for configuring on-prem VR and SRM appliances

Create Firewall Rules to Allow Traffic from the Protected Site to the VMC SDDC

To allow for Site Recovery Manager and vSphere Replication traffic, it is necessary to create Management Gateway firewall rules. If you are using a VMware Cloud an AWS SDDC for both the protected and DR sites, this will need to be done in both SDDCs.

From EVAL GUIDE: To allow communication and replication traffic between the remote site site and the VMware Cloud on AWS SDDC requires the addition of some firewall rules to the management gateway. Rules may also need to be added for the remote site firewall. Those changes are outside of the scope of this guide.

Create Management Group for On-Premises Components


  1. In your SDDC, click Networking & Security
  2. Click Groups


You will start by creating a group that contains the IP Addresses for your on-prem vCenter, vSphere Replication, and Site Recovery Manager.

  1. Click Management Groups


  2. Click ADD GROUP


  3. Enter On-Prem VC, vSR, SRM in the Name field

  4. Click Set Members


  5. Enter the IP Addresses for your on-premises vCenter, vSphere Replication and Site Recovery Manager Appliances.

  6. Click APPLY


  7. Click SAVE

Create Management Gateway Firewall Rules

Management Gateway Firewall Rules to allow replication traffic from the on-premises site to the VMC SDDC. The below rules represent the simple firewall rule configuration. For more granular firewall rules see Set the NSX-T Edge Management Gateway Firewall Rules for VMware Site Recovery.


  1. In the Networking & Security tab of your SDDC, click Gateway Firewall
  2. Click Management Gateway


  3. Click ADD RULE

  4. Enter On-Prem to SRM in the Name column


  5. Hover over the Source column and click the pencil icon


  6. Click the User Defined Groups radio button

  7. Click the check box next to the On-Prem VC, vSR, SRM group you created earlier

  8. Click APPLY


  9. Hover over the Destination column and click the pencil icon


  10. Click the System Defined Groups radio button

  11. Click the check box next to Site Recovery Manager

  12. Click APPLY


  1. Click the Services field


  1. Select VMware Site Recovery SRM


  1. Click PUBLISH to publish this firewall rule


  1. Go through Steps 3 through 15 three more times to add the SRM to On-Prem, On-Prem to VR, and VR to On-Prem firewall rules depicted in the above screenshot, and PUBLISH them when complete.

Troubleshoot Connectivity Issues

If you are having connectivity issues, you can use the Connectivity Validator to run network connectivity tests to ensure all necessary access is available to perform the use case you select. If a test fails, follow the recommendations to correct the problem.


  1. Click on the Troubleshooting tab for your SDDC
  2. Select Site Recovery from the Connectivity Use Case dropdown
  3. Enter the required Inputs for each Test Group
  4. Click RUN ALL TESTS (note that you can also run test groups individually)

Pair VMware Site Recovery Sites

Screenshots and instructions for site pairing need updated


  1. Navigate to the SDDC and click Add Ons
  2. Click OPEN SITE RECOVERY (If necessary, login with the cloudadmin credentials for that SDDC)


  3. Click NEW SITE PAIR


  4. Enter the vCenter FQDN of your on-prem vCenter in the format in the PSC host name field

  5. Enter the User name for your on-prem vCenter

  6. Enter the Password for your on-prem vCenter

  7. Click NEXT


  8. Click the top-level checkbox to select all Services

  9. Click NEXT


  10. Click FINISH


  11. Click VIEW DETAILS


  12. Enter cloudadmin@vmc.local for the User name

  13. Enter the cloudadmin password for your partner’s SDDC for the Password

  14. Click LOG IN


Once logged in to your on-prem vCenter, you will see the Site Pair Summary

After your site pairing is complete, you can now proceed with configuring mappings, setting up replication for your VMs, creating protection groups and recovery plans, and testing your recovery plans. For details on using Site Recovery Manager, see the Site Recovery Manager documentation and refer to the VMware Site Recovery Evaluation Guide.

Last modified July 22, 2020: date fix (3617bca)