Deploy the DRaaS Connector

After the protected site is created for your on-prem vSphere, you need to download and deploy the DRaaS Connector virtual machine in your vSphere environment.

Deploying the DRaaS Connector requires using both the VMware Cloud Disaster Recovery UI and the vSphere UI.

DRaaS Connector VM Requirements

In order to deploy the DRaaS Connector VM, make sure that the vSphere site where you intend to deploy it has the following available resources for the VM:

  • CPU: 8 GHz (reserved)
  • RAM: 12 GiB (reserved)
  • Disk: 100 GiB vDisk
  • Network connectivity:
    • Between DRaaS Connector and vCenter and ESXi hosts
    • Between DRaaS Connector and VMware Cloud Disaster Recovery

Ports Required

Your vSphere network configuration needs the following ports open:




This outbound port is used to set up a secure connection to SCFS services running in AWS.


This inbound/outbound port is used for the connector to subscribe to SCFS services.


This outbound port is used for VMware Cloud Disaster Recovery Auto-support.


This inbound port is used for traffic flowing to ESXi servers on the protected site.

DRaaS Connector Deployment and SSL Certificate Warning

When deploying the DRaaS Connector virtual machine .ova in vCenter 6.7 or newer, if you receive a message stating 'SSL certificate cannot be trusted', you have two options: 

  • Proceed and click Yes to accept the certificate.
  • Install in the necessary certificate authority root certificate in vCenter to enable verification (instructions, below).
  1. In a browser, go to
  2. Download the Entrust Root Certification Authority (G2) Root Certificate (You can also download the cert directly by going to
  3. In your vCenter, go to Menu -> Administration -> Certificate Management
  4. Click to add a new Trusted Root Certificate, and use the downloaded 'entrust_g2_ca.cer'.

Download the DRaaS Connector OVA (VMware Cloud Disaster Recovery UI)

Your first task is to download the DRaaS Connector OVA. Using the VMware Cloud Disaster Recovery UI, you can obtain a URL you can copy to download the OVA into your environment.

  1. In the VMware Cloud Disaster Recovery UI, under Sites → Protected sites, click the protected site on the left side of the application.
  2. On the Protected sites page under Connectors, click the Download button.
  3. In the Download connector dialog, there is a list of steps that guide you in deploying the connector, as well as the URL to the connector OVA, with an option to download it locally to your system.
  4. Click the Copy button to copy the connector download URL. You will need this URL when you deploy the OVA in vSphere wizard after you download the connector.
  5. Make a note of the Console credentials, which you will need to log in to the VM console: ‘admin’/’vmware#1’.
  6. Also copy (or write down) the Orchestrator Fully Qualified Domain Name (FQDN), which is needed when you configure the connector in the VM console.
  7. Click OK.

Deploy the DRaaS Connector (vSphere UI)

When you deploy the DRaaS Connector from the vSphere UI, you need to select the host, cluster, or resource pool. The DRaaS Connector will have access to the resources of the selected object.

For example, a VM has access to the memory and CPU resources of the host on which it resides.

Note: The name you give the DRaaS Connector VM should not be similar to the naming conventions you use to name VMs in your vSphere environment. The purpose of this is to avoid giving the DRaaS Connector VM a name that might match the VM name pattern you use when you define protection groups.

  1. In the vSphere web console, select any inventory object that is a valid parent object of a virtual machine, such as a datacenter, folder, cluster, resource pool, or host, right-click and select ActionsDeploy OVF Template.
  2. Click Next.
  3. In the Deploy OVF Template dialog, Step 1, Select an OVF template, paste the connector OVA URL into the URL field. The exact URL to download the connector OVA is located in the Download Connector dialog. For example: https://<vmware-cloud-dr-ip-address/cloud-connector.ova.
  4. Click Next.
  5. Next, select a location for the connector. Choose a folder or site, and then click Next.
  6. Select a compute resource for the connector, and then click Next.
  7. Review the details for your connector deployment, then click Next to select storage for the connector VM.
  8. Select a storage device for the connector and then click Next.
  9. Select the network for the connector, and then click Next to review the deployment details.
  10. Click Finish. You can now find the Connector VM in your vSphere client.
  11. At this point, you should reserve the memory and CPU resources for the VM, as listed DRaaS Connector VM Requirements.

Configure the DRaaS Connector Using the VM Console

Before you configure the DRaaS Connector VM using the CM console, make sure you have all needed information by filling out this (optional) worksheet:



Console credentials



Note: This password will change at the end of the configuration, and you can obtain the new password in the VMware Cloud Disaster Recovery UI.

If using a static IP address allocation for the Connector:

  • IP address: You can enter up to 3, separated by spaces
  • Subnet mask
  • Gateway
  • DNS servers

Warning: Google DNS servers ( and do not work reliably with VMware Cloud Disaster Recovery. We advise that you to use non-Google DNS servers when configuring the Connector VM.




VMware Cloud Disaster Recovery FQDN


Temporary, site specific passcode

This temporary passcode is used to configure the DRaaS Connector in the VM console CLI.

Tip: A passcode can be obtained in the Download connector VM dialog from inside the VMware Cloud Disaster Recovery UI. Make sure that you open the dialog from the specific site you want the DRaaS connector to able to connect to.

Name) to give the connector, as it will appear in the VMware Cloud Disaster Recovery UI


Note: Use the vSphere web console for this task. Do not use an SSH session to configure the DRaaS Connector VM. You'll need to use the vSphere web console if DHCP is not enabled on your network.

  1. In the vSphere client, select the DRaaS Connector VM, right-click and choose PowerPower on.
  2. Under the VM, click Launch web console.
  3. When the console session is open, log in to the connector VM console using the following credentials: admin/vmware#1.
  4. Next, in the Select the network address IP address allocation, either (a) Static or (b) DHCP.
  5. If you chose (a) for static IP address allocation:

    Enter an IP address, Subnet mask, and Gateway.
    Enter the IP address of the DNS server.

    Note: Google DNS servers ( and do not work reliably with VMware Cloud Disaster Recovery. We advise that you to use non-Google DNS servers when configuring the Connector VM.
  6. Next, enter the Orchestrator FQDN (it is located in the browser URL field).
  7. Next, enter the DRaaS Connector temporary passcode.
  8. Enter a name to identify the connector.(Note: VMware Cloud Disaster Recovery does not support the use of non-ASCII characters for the connector name.)
  9. After the DRaaS Connector has been configured, the console window will return you to the command prompt. You can now return to the VMware Cloud Disaster Recovery UI to Register vCenter for this protected site