VMware Requirements and Considerations

To register VMware VMs, ensure your vCenter or standalone ESXi host meets these software versions and user privilege requirements. Check your software versions and the user role privileges you'll need on vCenter or standalone ESXi below.

For information on the supported cloud regions where you can back up this source, see Supported Workloads and Cloud Regions.

Firewall Ports

Ensure that the ports listed in the VMware section of the Firewall ports topic are open to allow communication between the Cohesity SaaS Connector(s) and VMware environment.

Support Matrix

Before you register your VMware sources, ensure that you have the supported VMware environments. For more information, see Supported Software for Cohesity DataProtect as a Service.

Add User Privileges for vCenter Sources

If the VMware source is vCenter, ensure that the user account has the role privileges listed for each category below.

Starting with VMware vSphere 8.0 version, the Profile-driven Storage privilege level is replaced with VM Storage Policies.

Category	Privileges	Notes
Cryptographic Operations*	Add Disk Direct Access Encrypt New	* Required only for encrypted VMs
Datastore	Allocate space Browse datastore Configure datastore* Low level file operations Move datastore Remove file	* Required only if Source Datastore throttling is enabled.
Folder	Create folder Delete folder
Global	Disable Methods Enable Methods Licenses Log event Manage custom attributes Set custom attribute
Host > Configuration	Maintenance Query patch Storage partition configuration
Host > Local operations	Reconfigure virtual machine
Network	Assign network
Profile-driven Storage	Profile-driven storage update Profile-driven storage view
Resource	Assign virtual machine to resource pool Migrate powered off virtual machine Migrate powered on virtual machine
Session	View and stop sessions
Virtual Machine > Change Configuration	Acquire disk lease Add existing disk Add new disk Add or remove device Advanced configuration Change Settings Change Swapfile placement Configure Raw device Display connection settings Remove disk Rename Toggle disk change tracking UpgradeVirtualHardware
Virtual Machine > Change Operations (For Runbook)	Change CPU count Change Memory Change Settings Change resource Modify device settings Rename*	* Rename permission is required for a copy recovery.
Virtual Machine > Edit Inventory	Create new Register Remove Unregister
Virtual Machine > Guest Operations	Guest operation modifications Guest operation program execution Guest operation queries
Virtual Machine > Interaction	Connect devices Guest operating system management by VIX API Power off Power on
Virtual Machine > Provisioning	Allow disk access Allow read-only disk access Allow virtual machine download Customize guest* Mark as template	*Required for Runbook
Virtual Machine > Snapshot Management	Create snapshot Remove snapshot Revert snapshot
vApp	Add virtual machine Assign resource pool Unregister
vSphere Tagging	Assign or Unassign vSphere Tag Assign or Unassign vSphere Tag on Object

Add User Privileges for Standalone ESXi Sources

If the VMware source is standalone ESXi, ensure that the user account has the role privileges listed for each category below.

Category	Privileges	Notes
dvPort Group	Create Modify
dvSwitch	Create Delete
Datastore	AllocateSpace Browse Config* Delete* DeleteFile FileManagement Move* Rename* UpdateVirtualMachineFiles* UpdateVirtualMachineMetadata*	* Required only if Source Datastore throttling is enabled
Folder	Create Delete
Global	DisableMethods EnableMethods Licenses LogEvent Manage custom attributes Set custom attribute
Host > Configuration	Storage
Host > Local operations	Delete virtual machine
Network	Assign
Resource	AssignVMToPool ColdMigrate HotMigrate
System	Anonymous Read View
vApp	AssignResourcePool AssignVM Unregister
Session	View and stop sessions
Virtual machine > Configuration	AddExistingDisk AddNewDisk AddRemoveDevice AdvancedConfig CPUCount ChangeTracking DiskLease EditDevice HostUSBDevice Memory RawDevice ReloadFromPath RemoveDisk Rename ResetGuestInfo Resource Settings SwapPlacement UpgradeVirtualHardware
Virtual machine > Guest Operations	Execute Modify Query
Virtual machine > Interact	GuestControl PowerOff PowerOn
Virtual machine > Inventory	Create Delete Register Unregister
Virtual machine > Provisioning	DiskRandomRead GetVmFiles
Virtual Machine > State	Create snapshot Remove snapshot Revert to snapshot
Cryptographic Operations	Add Disk Direct Access Encrypt Migrate

Considerations

If you are protecting a VM equipped with vTPM, enable the Cryptographer.ManageKeyServers privilege in the vCenter for the user account registered with Cohesity.
If you are recovering a VM equipped with vTPM using a different KMS or replacing the current KMS with a new one, the vTPM VMs may not start after the recovery process, even if the new KMS has the same name.
The supported maximum size of the NVRAM file is 10 MB. Contact your Cohesity account team if your NVRAM files are larger than 10 MB.
Restoring the NVRAM file from the encrypted VMs is not supported, except for vTPM encryption.

The maximum size of a DataSets file can be up to 300 MB. In most cases, the DataSets file size will be a few MBs. Contact your Cohesity account team if the files exceed 300 MB.
Restoring the DataSets file from the encrypted VMs is not supported, except for vTPM encryption.

Next > Register your VMware source to protect it!

VMware Requirements and Considerations

Firewall Ports

Support Matrix

Add User Privileges for vCenter Sources

Add User Privileges for Standalone ESXi Sources

Considerations

Are you satisfied with the Cohesity documentation?

Thank you for helping us improve our documentation!

Great!

Company

Resources

Community