Part 4: Complete Ransomware Recovery Guide

Replication and Data Protection Topologies

In this blog series, we’ve covered password and protection groups, backup and retention strategies, and infection, encryption, and activation events. Now we’ll talk about replication and data protection topologies.

Every customer environment is different, so your protected, backup, and recovery sites may be on premises or in the cloud. We refer to the combination of on-premises and cloud infrastructure as your topology.

Here are the common topologies we’ve seen:

  1. Single Site: The protected, backup, and recovery sites are all in the same on-premises data center.
  2. Prem-to-Prem: The protected site is in an on-premises data center, while backup and recovery sites are in a second (physical) data center.
  3. Prem-to-Cloud: The protected site is located in the on-premises data center, but a backup and/or recovery site is/are in the cloud.

In our experience, the most effective ransomware protection strategy follows the Prem-to-Cloud topology, where both backup and recovery sites are in the cloud. Because ransomware can traverse your network and infect every machine in the data center, it’s always a good idea to keep your backups offsite. 

As you attempt to restore your business operations after an attack, you must restart thousands of VMs instantly and with a guarantee that every ESXi host in use is clean. We highly recommend an on-demand cloud SDDC on modern cloud-native infrastructure as your recovery site, such as VMware Cloud on AWS. It helps keep your environment safe from ransomware, and it lowers the cost of DR infrastructure by up to 90% compared to always-on physical data centers.

The next step after choosing the right site topology is to automate your ransomware recovery. You’ll need an orchestration tool that will detect configuration drifts and send you early warning alerts about possible problems with your DR plans. The tool also needs to provision infrastructure for the on-demand recovery site and enable one-click testing and production failover (and failback). Finally, your orchestration solution will have to restart 1000s of VMs and give you instant RTO by allowing your ESXi hosts to directly mount a live (NFS) datastore hosted in the public cloud. The solution that covers all of these requirements is a SaaS orchestrator that can be accessed from anywhere, even when your primary data center is unavailable.

To learn more about topologies and DR orchestration for ransomware recovery, please download the Complete Ransomware Recovery Guide.

We’ve covered several proactive prevention steps in this series so far. In our next post, we’ll dive into the steps to execute ransomware recovery.