The vSphere Replication appliance automatically installs an encryption agent VIB on all ESXi hosts from the vCenter Server inventory. The encryption agent is used to encrypt the outgoing replicated data of the virtual machines that run on these ESXi hosts. 

Prior to vSphere Replication 8.7, all hosts visible to the VR appliance would be automatic candidates for registration to be used by VRMS.   

When using vSphere Replication, all hosts within the vCenter Server inventory are registered automatically.

If you want to exclude hosts or hosts under a given cluster or datacenter from registration in vSphere Replication, you can tag them with the com.vmware.vr.disallowedHost tag. This is valid for the incoming replications on the target site. The tagged hosts are still used for outgoing replications and the virtual machines on the disallowed hosts can be replicated.

VMware vSphere Replication 8.7
VMware vSphere Replication 9.x

Tag the host, cluster or datacenter with com.vmware.vr.disallowedHost

vCenter:Host > Summary > Tags > Assign > Add Tag - com.vmware.vr.disallowedHost :  {Desc: Indicates that a given host (or hosts under a given cluster or datacenter) should not be used by vSphere Replication }(do not rename)

After the tags are added, you will need to restart the services on the appliance to get the changes to take effect or power off and on the appliance.

To restart all the services use the following steps:

1. Log in to the VRMS Appliance Management Interface as admin

2. Click on Services.

3. Restart HMS service