Veeam Recovery Orchestrator helps Veeam users take control of their disaster recovery (DR) strategy by making it easier to plan, document and execute their recovery plan flawlessly in the event of disaster. Built on top of Veeam Backup & Replication and Veeam ONE, Veeam Recovery Orchestrator (Orchestrator) leverages the replica and restore capabilities built into the platform to provide validated recovery documentation and enhance the recovery options available for single applications or entire sites. New features in Orchestrator include Cloud DR, Agent DR and Clean DR, all of which serve their own purpose in having better recorded outcomes in the face of disaster. In this blog post, we are going to take a deeper look into Cloud DR, break down what it is and how users can quickly get started with this new feature.
Why Cloud DR?
According to Veeam Data Protection Trends Report 2023, 46% of organizations intend to use cloud services as their DR site, including cloud infrastructure and DRaaS. The cloud isn’t going anywhere, and as more customers gain education and comfort with these offerings, it only makes sense that cloud services should be evaluated as one of the top modern DR solutions. Veeam has always been focused on data mobility and flexibility in terms of solution offerings for all their customers. In fact, this is part of one of Veeam’s three core pillars: Data Freedom. It’s only natural to want to bring more cloud offerings to all customers so they have the flexibility to recover to wherever meets the needs of their business.
What is Cloud DR?
Cloud DR is the ability to plan and orchestrate the direct restore of backups to Microsoft Azure. Veeam Agents and vSphere virtual machine (VM) backups will be restored as Azure VMs within your Azure subscription. It is supported for both Windows OS and Linux OS, and includes the new Veeam Cloud integrated agents.
Getting started with Veeam Recovery Orchestrator
We have some pre-requisites to cover before we can start orchestrating restores into Microsoft Azure. The process starts with creating a cloud recovery location. This is used to define the cloud resources required when running cloud plans. Orchestrator will then connect to the Veeam Backup & Replication server whose backups we want to use to recover to Azure. The Azure compute account will need to be registered in the Veeam server that’s connected to Orchestrator. From here you can import information about the subscriptions and resources associated with your account and use them to register new VMs in Microsoft Azure. Tip: If you plan to recover Linux workloads into Azure, I suggest creating a helper appliance.
You also have the option to choose what type of Cloud VM configuration you want your backups to leverage in the restore process. You can choose the VM series you want from a table that provides information on the maximum number of vCPU cores, system RAM and attached disks for each VM size. You can select up to three VM configurations and your created VMs will be customized to best match the CPU and memory configuration for the source machines.
While recovering backups to Microsoft Azure, you can leverage Veeam Secure Restore for Windows OS. Secure restore will scan machine data with AV software before recovering it to the production environment. Orchestrator extends this capability by allowing you to also scan multiple restore points until a clean point is found. As an added step in creating a cloud recovery location, you can also create a quarantine network. Here, you have the option to specify the network and subnet you want to connect infected machines too. For example, let’s say none of the restore points found had only clean data. Instead of recovering a potentially malicious machine into production, we can use this quarantine zone to do our own analysis and export the data that we need without the risk of exposing it to the rest of production.
Next, we need to configure a cloud plan, which is an orchestration plan that you create to recover machines from backups to the cloud environment. Here in the plan’s steps, you get to outline all the necessary checks and actions that will take place during a recovery. Here you can select the workloads whose backups you want to be be recovered into Azure, and their processing order, which can be done in parallel or in sequence. You can even choose to halt the plan completely if you encounter any errors during the restore process. Finally, an email can be sent as part of the VM steps when the restore is completed. This is also where you will identify your service level agreements (SLAs) for data recovery. The target recovery time objective (RTO) represents the amount of time it should take for you to recover from an incident and the target recovery point obejctive (RPO) defines the maximum acceptable period for data loss. You no longer have to guess what those SLAs could be; when you run the plan, Orchestrator will update these metrics in the dashboard to determine if your target SLAs can be met.
All this data is collected and generated into multiple reports that allow you to audit any changes in your environment. Here you can verify that what has been configured will work before recovery actually takes place via a readiness check and results for plan testing and execution. These reports can be sent in an email to engineers, auditors, managers and business stakeholders to reassure them that their disaster recovery (DR) plans are up to date and verified.
If everything is green and the readiness check passes, you can now run your cloud plan. Here you can make final adjustments for where you want your backups to be recovered and what restore points you want to utilize. In the screenshot below, we have reached the ransomware scan that will be executed during the restore. You then have the option to make changes to the maximum amount of restore points you want to process and can take follow-up steps if malicious content is found. These steps can include cancelling your restore process completely or completing the restore, but connecting it to the quarantine network you set up during the recovery location process for additional assessment. The results of this ransomware scan will be included in the readiness check and plan execution reports.
During the restore, Orchestrator will connect to the Veeam server and verify the availability of your Microsoft Azure subscription, backup repositories, Azure proxy appliances, resource groups and apply the mapping from the network mapping table to the first processed machine and so on. If the ransomware scan runs and no malicious data is found, it will begin the data transfer process until complete.
That’s it! This is a quick way to get started with orchestrated restores to Microsoft Azure with Veeam Recovery Orchestrator v6! Cloud DR is the first major step toward orchestrated recovery for everyone. I am so excited about this new release and cannot wait to see what is to come! Download a trial to test out free for 30 days here.
