VMware Requirements and Considerations
To register VMware VMs, ensure your vCenter or standalone ESXi host meets these software versions and user privilege requirements. Check your software versions and the user role privileges you'll need on vCenter or standalone ESXi below.
For information on the supported cloud regions where you can back up this source, see Supported Workloads and Cloud Regions.
Firewall Ports
Ensure that the ports listed in the VMware section of the Firewall ports topic are open to allow communication between the Cohesity SaaS Connector(s) and VMware environment.
Support Matrix
Before you register your VMware sources, ensure that you have the supported VMware environments. For more information, see Supported Software for Cohesity DataProtect as a Service.
Add User Privileges for vCenter Sources
If the VMware source is vCenter, ensure that the user account has the role privileges listed for each category below.
Starting with VMware vSphere 8.0 version, the Profile-driven Storage privilege level is replaced with VM Storage Policies.
Category | Privileges | Notes |
---|---|---|
Cryptographic Operations* |
|
* Required only for encrypted VMs |
Datastore |
|
* Required only if Source Datastore throttling is enabled. |
Folder |
|
|
Global |
|
|
Host > Configuration |
|
|
Host > Local operations | Reconfigure virtual machine | |
Network |
|
|
Profile-driven Storage |
|
|
Resource |
|
|
Session |
|
|
Virtual Machine > Change Configuration |
|
|
Virtual Machine > Change Operations (For Runbook) |
|
* Rename permission is required for a copy recovery. |
Virtual Machine > Edit Inventory |
|
|
Virtual Machine > Guest Operations |
|
|
Virtual Machine > Interaction |
|
|
Virtual Machine > Provisioning |
|
*Required for Runbook |
Virtual Machine > Snapshot Management |
|
|
vApp |
|
|
vSphere Tagging |
|
Add User Privileges for Standalone ESXi Sources
If the VMware source is standalone ESXi, ensure that the user account has the role privileges listed for each category below.
Category | Privileges | Notes |
---|---|---|
dvPort Group |
|
|
dvSwitch |
|
|
Datastore |
|
* Required only if Source Datastore throttling is enabled |
Folder |
|
|
Global |
|
|
Host > Configuration | Storage | |
Host > Local operations | Delete virtual machine | |
Network | Assign | |
Resource |
|
|
System |
|
|
vApp |
|
|
Session | View and stop sessions | |
Virtual machine > Configuration |
|
|
Virtual machine > Guest Operations |
|
|
Virtual machine > Interact |
|
|
Virtual machine > Inventory |
|
|
Virtual machine > Provisioning |
|
|
Virtual Machine > State |
|
|
Cryptographic Operations |
|
Considerations
-
If you are protecting a VM equipped with vTPM, enable the Cryptographer.ManageKeyServers privilege in the vCenter for the user account registered with Cohesity.
-
If you are recovering a VM equipped with vTPM using a different KMS or replacing the current KMS with a new one, the vTPM VMs may not start after the recovery process, even if the new KMS has the same name.
-
The supported maximum size of the NVRAM file is 10 MB. Contact your Cohesity account team if your NVRAM files are larger than 10 MB.
-
Restoring the NVRAM file from the encrypted VMs is not supported, except for vTPM encryption.
-
The maximum size of a DataSets file can be up to 300 MB. In most cases, the DataSets file size will be a few MBs. Contact your Cohesity account team if the files exceed 300 MB.
-
Restoring the DataSets file from the encrypted VMs is not supported, except for vTPM encryption.
Next > Register your VMware source to protect it!