Veeam Recovery Orchestrator (Orchestrator), part of Veeam Data Platform, enhances the user recovery experience by ensuring that businesses can define, test, and plan for data outages. Having the ability to choose which type of recovery method you want to use is crucial, especially when it comes to cyberthreats. There were some major enhancements and new features added into this version of Veeam Data Platform that compliments the robust functionality of Orchestrator version 6. Let’s discuss what new features you can see from the updated Veeam Recovery Orchestrator v7.
Strengthening Your Security Posture
First, let’s start with the Veeam-secure approach. This year alone, Veeam added hundreds of security features into Veeam Data Platform, consisting of Veeam Backup & Replication, Veeam ONE, and Veeam Recovery Orchestrator. These features work in conjunction with each other to detect and identify cyberthreats, respond to them, and recover faster from ransomware while ensuring your business stays secure and compliant. One of my personal favorite updates is the addition of Veeam Threat Center.
Veeam Threat Center (VTC) is a fully integrated dashboard for Orchestrator from Veeam ONE that helps businesses identify their current Veeam security state and assess their overall security and infrastructure object compliance. This dashboard also shows businesses their Data Platform Scorecard, which includes overall platform security compliance, data recovery health, data protection status, and backup immutability status. Each one of these components are crucial when it comes to successfully recovering after a data loss event. The dashboard also shows malware detections, which highlights what restore points or infrastructure objects have been infected or possibly infected by geographic location. This can come in handy when you’re executing recovery plans in Veeam Recovery Orchestrator, since you can quickly identify good data vs. the possibly infected restore points. The widget on the bottom left corner shows all objects that have missed their defined Recovery Point Objective (RPO) in your infrastructure, which is another way to quickly identify if you have missing data that you can’t recover from. Finally, the service level agreement (SLA) compliance overview shows a heatmap for your SLA compliance success, which lets you deep dive into success percentages over a certain period. To learn more about Veeam Threat Center, check out this blog post from my colleague Kirsten Stoner.
When it comes to recovery, nothing is more important than ensuring that the data you are recovering is valid and free from infection. In 2023 version 6 of Orchestrator introduced a malware scan as part of the recovery process, where users can scan backups during recovery with updated anti-virus definitions to ensure no malicious content is detected. To build upon this functionality, you now have the option to scan backups with the YARA rules of your choosing.
A YARA rule is an open-source multi-platform tool that can be used to identify code similarities within malware samples that indicate its presence in the machine. This can be from files, scripts, patterns, or signatures. To learn more about YARA rules and how to use them, check out this blog post by Jackie Ostile.
Another small change in wording (but big differentiator) in the malware scan from v6 to v7 is the ability to “check malware flags” vs. scanning restore points. Essentially, Orchestrator can now search through backups and identify if a restore point has already been marked as suspicious or infected by Veeam Backup & Replication or another 3rd Party tool via the incident API. It will then skip these backups when scanning since it already knows it possibly contains some type of malicious threat. Finally, if Orchestrator finds a restore point to be suspicious or infected that wasn’t previously marked, it will mark it in the Veeam Backup & Replication console and provide some bi-directional communication in Veeam Data Platform as well.
Enhanced Functionality for CDP and Azure
First, let’s cover the enhancements made to Continuous Data Protection (CDP). For those new to CDP, this is a technology that helps you protect mission-critical VMware virtual machines (VMs) when data loss for minutes or seconds is unacceptable. CDP leverages vSphere APIs for I/O filtering instead of snapshots, which can provide minimum recovery time objectives (RTO) in case a disaster strikes. This is because CDP replicas are in a ready-to-start state. To leverage CDP, you must install the I/O filter on each cluster that houses the VMs you plan to protect. Then you can create a CDP policy for the VMs you want to protect, including how many restore points you want to keep and how often you want them replicated. With the 12.1 release, you can now leverage granular recovery from these CDP replicas like Guest OS files, or application-level objects like individual MS SQL tables or schemas.
There is also a new I/O Anomaly Visualizer where you can see a visual representation of the VM’s I/O throughput and rollback during a recovery up to just before a detrimental change took place. CDP functionality has been supported for a few years now; with Orchestrator, we are enhancing this ability with the opportunity to test CDP replicas without stopping your policies from running. The testing itself is fully featured and can include processes like heartbeat checks, network tests, and even custom scripts. This provides additional assurance that if you ever need to failover to a CDP replica, your policies will work in any scenario. Additionally, all reporting features are also included in CDP so you can be sure that your disaster recovery (DR) documentation is never outdated.
Next, let’s cover the new enhancements for recovery to Microsoft Azure. For those that do not have a secondary location to replicate or recover to, just know that you can leverage Microsoft Azure as an option to recover your data. Veeam Recovery Orchestrator lets you take backups from vSphere VMs or Veeam Agents and restore them as Azure VMs as part of your recovery plan. During the recovery process, custom scripts via PowerShell are now supported, that can be injected into your Azure VM that was recovered from a vSphere or agent backup. This will help to validate the new Azure VM as running appropriately.
This process is also supported by the latest Azure APIs RunCommand v2 API. All the script outputs are now captured as part of the reports generated in Veeam Recover Orchestrator, so you can ensure that your recovery to Microsoft Azure is fully documented and your scripts are validated for successful recovery.
This is just the tip of the iceberg with all the new capabilities in Veeam Recovery Orchestrator and Veeam Data Platform 23H2. To learn more, download a trial or check out our demo series on YouTube!