VMware Requirements and Considerations

To register VMware VMs, ensure your vCenter or standalone ESXi host meets these software versions and user privilege requirements. Check your software versions and the user role privileges you'll need on vCenter or standalone ESXi below.

For information on the supported cloud regions where you can back up this source, see Supported Workloads and Cloud Regions.

Firewall Ports

Ensure that the ports listed in the VMware section of the Firewall ports topic are open to allow communication between the Cohesity SaaS Connector(s) and VMware environment.

Support Matrix

Before you register your VMware sources, ensure that you have the supported VMware environments. For more information, see Supported Software for Cohesity DataProtect as a Service.

Add User Privileges for vCenter Sources

If the VMware source is vCenter, ensure that the user account has the role privileges listed for each category below.

Starting with VMware vSphere 8.0 version, the Profile-driven Storage privilege level is replaced with VM Storage Policies.

Category Privileges Notes

Cryptographic Operations*

  • Add Disk

  • Direct Access

  • Encrypt New

* Required only for encrypted VMs

Datastore

  • Allocate space

  • Browse datastore

  • Configure datastore*

  • Low level file operations

  • Move datastore

  • Remove file

* Required only if Source Datastore throttling is enabled.

Folder
  • Create folder

  • Delete folder

 
Global
  • Disable Methods

  • Enable Methods

  • Licenses

  • Log event

  • Manage custom attributes

  • Set custom attribute

 
Host > Configuration
  • Maintenance

  • Query patch

  • Storage partition configuration

 
Host > Local operations Reconfigure virtual machine  
Network
  • Assign network

 
Profile-driven Storage
  • Profile-driven storage update

  • Profile-driven storage view

 
Resource
  • Assign virtual machine to resource pool

  • Migrate powered off virtual machine

  • Migrate powered on virtual machine

 
Session
  • View and stop sessions

 
Virtual Machine > Change Configuration
  • Acquire disk lease

  • Add existing disk

  • Add new disk

  • Add or remove device

  • Advanced configuration

  • Change Settings

  • Change Swapfile placement

  • Configure Raw device

  • Display connection settings

  • Remove disk

  • Rename

  • Toggle disk change tracking

  • UpgradeVirtualHardware

 
Virtual Machine > Change Operations (For Runbook)
  • Change CPU count

  • Change Memory

  • Change Settings

  • Change resource

  • Modify device settings

  • Rename*

* Rename permission is required for a copy recovery.
Virtual Machine > Edit Inventory
  • Create new

  • Register

  • Remove

  • Unregister

 
Virtual Machine > Guest Operations
  • Guest operation modifications

  • Guest operation program execution

  • Guest operation queries

 
Virtual Machine > Interaction
  • Connect devices

  • Guest operating system management by VIX API

  • Power off

  • Power on

 
Virtual Machine > Provisioning
  • Allow disk access

  • Allow read-only disk access

  • Allow virtual machine download

  • Customize guest*

  • Mark as template

*Required for Runbook

Virtual Machine > Snapshot Management
  • Create snapshot

  • Remove snapshot

  • Revert snapshot

 
vApp
  • Add virtual machine

  • Assign resource pool

  • Unregister

 
vSphere Tagging
  • Assign or Unassign vSphere Tag

  • Assign or Unassign vSphere Tag on Object

 

Add User Privileges for Standalone ESXi Sources

If the VMware source is standalone ESXi, ensure that the user account has the role privileges listed for each category below.

Category Privileges Notes
dvPort Group
  • Create

  • Modify

 
dvSwitch
  • Create

  • Delete

 
Datastore
  • AllocateSpace

  • Browse

  • Config*

  • Delete*

  • DeleteFile

  • FileManagement

  • Move*

  • Rename*

  • UpdateVirtualMachineFiles*

  • UpdateVirtualMachineMetadata*

* Required only if Source Datastore throttling is enabled
Folder
  • Create

  • Delete

 
Global
  • DisableMethods

  • EnableMethods

  • Licenses

  • LogEvent

  • Manage custom attributes

  • Set custom attribute

 
Host > Configuration Storage  
Host > Local operations Delete virtual machine  
Network Assign  
Resource
  • AssignVMToPool

  • ColdMigrate

  • HotMigrate

 
System
  • Anonymous

  • Read

  • View

 
vApp
  • AssignResourcePool

  • AssignVM

  • Unregister

 
Session View and stop sessions  
Virtual machine > Configuration
  • AddExistingDisk

  • AddNewDisk

  • AddRemoveDevice

  • AdvancedConfig

  • CPUCount

  • ChangeTracking

  • DiskLease

  • EditDevice

  • HostUSBDevice

  • Memory

  • RawDevice

  • ReloadFromPath

  • RemoveDisk

  • Rename

  • ResetGuestInfo

  • Resource

  • Settings

  • SwapPlacement

  • UpgradeVirtualHardware

 
Virtual machine > Guest Operations
  • Execute

  • Modify

  • Query

 
Virtual machine > Interact
  • GuestControl

  • PowerOff

  • PowerOn

 
Virtual machine > Inventory
  • Create

  • Delete

  • Register

  • Unregister

 
Virtual machine > Provisioning
  • DiskRandomRead

  • GetVmFiles

 
Virtual Machine > State
  • Create snapshot

  • Remove snapshot

  • Revert to snapshot

 
Cryptographic Operations
  • Add Disk

  • Direct Access

  • Encrypt

  • Migrate

 

Considerations

  • If you are protecting a VM equipped with vTPM, enable the Cryptographer.ManageKeyServers privilege in the vCenter for the user account registered with Cohesity.

  • If you are recovering a VM equipped with vTPM using a different KMS or replacing the current KMS with a new one, the vTPM VMs may not start after the recovery process, even if the new KMS has the same name.

  • The supported maximum size of the NVRAM file is 10 MB. Contact your Cohesity account team if your NVRAM files are larger than 10 MB.

  • Restoring the NVRAM file from the encrypted VMs is not supported, except for vTPM encryption.

  • The maximum size of a DataSets file can be up to 300 MB. In most cases, the DataSets file size will be a few MBs. Contact your Cohesity account team if the files exceed 300 MB.

  • Restoring the DataSets file from the encrypted VMs is not supported, except for vTPM encryption.

Next > Register your VMware source to protect it!