VMware Site Recovery Shared Responsibility Model
Introduction
This guide covers the details of security considerations and implementations for VMware Site Recovery.
VMware Site Recovery is VMware’s disaster recovery service offering for the Amazon Web Services cloud. Customers can protect their workloads by configuring automated workflows and then orchestrate the recovery of protected workloads in both test and disaster scenarios between private data centers and VMware Cloud instances on AWS as well as instances between VMware Cloud on AWS. VMware has been offering disaster recovery as a service and protecting production workloads since 2018 for customers 24x7. Maintenance, patching, and upgrades of the appliances and the SDDC are performed by VMware.
VMware Site Recovery has the following components:
- SRM Server appliance(s)
- vSphere Replication appliance(s)
Shared Responsibility Model
Shared Responsibility Model
VMware Site Recovery implements a shared responsibility model that defines distinct roles and responsibilities of the three parties involved in the offering: customer, VMware, and Amazon Web Services.
Customer Responsibility
On-premises Security - The customer is responsible for installation, configuration, and continuous operations of all the on-premises software components and hardware in compliance with PCI-DSS requirements. This includes the network connection over which communication between on-premises and cloud components occurs. This could include but is not limited to using encryption where applicable, having processes for regular software security patching, credential rotations, auditing, and user access controls.
Security in the Cloud – Customers are responsible for the configuration of the DR protection of their sites, via the Service UI and API interfaces. This includes but is not limited to the configuration of network firewall rules, VPNs, Site pairing, replications, protection groups, inventory mappings, and recovery plans.
VMware Responsibility
Security of the Cloud – VMware is responsible for protecting the software and systems that make up the VMware Site Recovery and VMware Cloud on AWS
AWS Responsibility
Security of the Infrastructure – AWS is responsible for the physical facilities, physical security, infrastructure, and hardware underlying the entire service.
Shared Responsibility Matrix
Details on the shared responsibility model employed by VMware Site Recovery can be found in the table below.
Much of the low-level operational infrastructure is handled by the VMware Site Recovery and VMware Cloud on AWS Engineering and Operations teams, allowing the customer to focus on managing their workloads.
Entity |
Responsibility / Activity |
Customer |
|
VMware |
|
AWS – Amazon Web Services |
|
References
- VMware Cloud on AWS Getting Started Guide
- VMware Cloud on AWS Service Description
- VMware Cloud Services Security Overview
- Amazon Web Services: Introduction to AWS Security