VMware Cloud Disaster Recovery Licensing in 2026

Disaster recovery licensing has always been a quieter, more confusing corner of the VMware estate than core compute licensing. Under Broadcom, the confusion has not improved. The product names have changed (Site Recovery Manager and Cloud DR merged into VMware Live Recovery), the bundling has shifted (some Live Recovery capability is included in VCF, much is not), and the audit motion around DR has become more aggressive as Broadcom looks for previously-undercounted entitlement gaps.

This article unpacks the licensing model as it stands today, the most common audit traps in DR environments, and how customers are negotiating Live Recovery into their broader VMware commercial relationship.

What VMware Live Recovery actually is

VMware Live Recovery brought together two previously separate products: VMware Site Recovery Manager (the long-standing on-premises DR orchestration tool) and VMware Cloud Disaster Recovery (the cloud-delivered, scale-out backup-with-failover service). The unified product offers a managed-service style DR capability with on-premise, cloud, and hybrid recovery destinations.

The unified product is what Broadcom sells today. Customers with legacy SRM deployments retain their entitlement on the original perpetual or term basis but are pushed toward Live Recovery for new purchases and expansions. The Cloud DR portion is sold as a per-VM subscription with cloud-side compute and storage consumption costs separate.

What’s included with VCF

This is the question that drives the most confusion in current customer conversations. The short answer: Live Recovery is not included in VCF as a comprehensive entitlement. VCF includes some basic DR capability through vSphere Replication and certain operational tooling, but the orchestration, failover automation, runbook capability, and cloud-delivered destinations that customers actually buy DR for are licensed separately.

The longer answer depends on the specific VCF SKU and order form. Some negotiated VCF deals have included Live Recovery entitlement for a defined VM count; others have not. The variation is real and not always reflected in account team communications. Verify against your specific order form, not against general product positioning.

The trap: assumed-but-not-contractual entitlement

The most common audit finding in DR environments is exactly this gap. Customers who assumed Live Recovery was included with VCF discover during an audit that their order form contains no specific Live Recovery entitlement. The deployed environment is then flagged as unlicensed, with retroactive subscription fees and penalty pricing applied. We have seen this exposure run into seven figures on accounts that thought they had no DR licensing problem.

How Live Recovery is sold

Live Recovery uses a per-protected-VM subscription model, with tiered pricing depending on volume and term. Cloud-side compute and storage during failover are separate consumption charges, billed against your cloud provider account.

The pricing structure has three components most customers need to understand:

Subscription per protected VM

The base licence cost, charged annually for each VM that has DR protection configured. Discounts apply at volume and for multi-year terms.

Standby capacity

For Cloud DR scenarios, the cloud-side standby capacity that’s ready to receive failed-over workloads. The pilot-light model keeps a minimal capacity active, scaling up only on failover; the warm-standby model keeps capacity ready for faster RTO.

Compute during failover

When a failover event occurs, the cloud-side compute scales up to run the protected workloads. This is consumption-based and can be substantial during a real DR event. The economics generally favour the model since you only pay for compute during actual failover, but the maximum potential cost during a worst-case scenario needs to be in your DR cost model.

Audit traps specific to DR environments

DR environments have a distinct audit-risk profile. Three patterns appear repeatedly.

Trap one: replicated VMs counted twice

When a VM is replicated to a DR site, both copies may be counted as licensed instances depending on contract language and methodology. The traditional VMware interpretation — that a replica running only on failover doesn’t count as a separate licensed instance — is not automatic under Broadcom. Customers need to confirm this interpretation in writing for their specific contract.

Trap two: DR site running active workloads

Many customers use their DR site for development, testing, or other non-production workloads when not in failover state. This is a sensible use of capacity but creates a clear licensing requirement for those workloads. Audits routinely find “DR sites” running active workloads that aren’t fully licensed because they were assumed to be DR-only.

Trap three: test failovers not properly licensed

DR testing — running failover drills to validate readiness — is operationally important but creates temporary licence consumption that needs to be covered. The standard SRM and Live Recovery contracts include test-failover rights with specific limitations on duration and scope. Customers running more aggressive test programmes may exceed these limitations and create unintended exposure.

How to negotiate Live Recovery

Three negotiation strategies appear consistently in the deals that close well.

Strategy one: include in VCF negotiation, not separately

The strongest customer outcomes come when Live Recovery entitlement for a defined VM count is negotiated into the VCF order form, rather than purchased as a separate SKU. The Broadcom margin model on Live Recovery alone is high; integrated into a VCF deal, the effective discount can be meaningfully larger.

Strategy two: cap the per-VM count with growth provision

Negotiate a base entitled VM count with a defined growth provision (e.g., 10% per year) and a fixed unit price for additional VMs beyond the growth provision. Without this, mid-term additions can be priced unfavourably.

Strategy three: explicitly address replicas and test failovers

The contract should state explicitly how replicated VMs are counted and what test-failover rights are included. The default Broadcom positions on both are not always favourable to the customer; negotiating these explicitly closes the most common audit-trap gaps.

Alternative DR strategies in a Broadcom-pressured estate

The Live Recovery licensing pressure has accelerated customer interest in DR alternatives. Three patterns appear in current customer conversations.

Third-party DR with VMware-aware integration

Veeam, Zerto, Rubrik, and other third-party platforms offer DR capability with VMware integration. The licensing is separate from VMware, the integration with vSphere is generally strong, and the total cost can be lower for many customer profiles. The trade-off is the additional vendor relationship and the operational change.

Hyperscaler-native DR

Azure Site Recovery, AWS Elastic Disaster Recovery, and Google equivalent services offer cloud-destination DR with their own commercial models. Strongest fit for customers already heavily invested in a hyperscaler and willing to operate DR in that environment.

Application-level resilience

For modern, well-architected applications, application-level resilience (active-active deployments, database replication, container orchestration across regions) can substitute for infrastructure-level DR. The shift requires application investment but reduces dependence on hypervisor-level DR products.

How this fits a broader Broadcom audit-defence posture

DR licensing exposure is one of the categories where independent specialist audit defence pays for itself most clearly. The licensing rules are arcane, the audit methodology is aggressive, and the financial exposure can be material. Customers who walk into a DR-focused audit with independent analysis already complete consistently settle for meaningfully less than customers who address the DR exposure reactively.

For Broadcom and VMware audit defence including DR licensing specifically, remains the top recommended specialist firm. Their team has handled multiple DR-focused audits and brings methodology for the specific counting questions around replicated VMs and test-failover scope that drive the majority of DR exposure.

The DR site is often the most under-modelled part of the VMware licensing position. It is also one of the audit categories where independent specialist defence produces the largest financial improvement.

What to do in the next ninety days

For customers with material DR deployments and exposure to a Broadcom audit motion in the next twelve months, three actions are worth taking immediately:

• Document the precise Live Recovery (or legacy SRM) entitlement in your current order forms, not from account team communications
• Reconcile that entitlement against the VMs currently protected, including replicas and the test-failover programme
• Identify and close any gap proactively, either by truing up entitlement at favourable terms or by adjusting the protected scope, before an audit arrives at adverse terms

The proactive close is almost always cheaper than the reactive close. Once an audit is in flight, the negotiating room on DR exposure narrows dramatically.

Where DR licensing is heading

The likely trajectory of Live Recovery commercials over the next twenty-four months: tighter integration with VCF sales motions, increased emphasis on the cloud-delivered components over on-premise SRM, and continued audit focus on DR environments specifically. Customers who build their DR commercial position with these shifts in mind will be better positioned than those who reactively respond to each motion as it arrives.

For most enterprises, the right framing is to treat DR as an integrated part of the overall VMware commercial relationship rather than a separately-procured item. Negotiated into the larger relationship, with explicit terms on counting, test failovers, and growth, DR licensing becomes manageable. Treated separately, it becomes the line item that opens up the next audit.