#CyberFit Academy

#CyberFit Academy
#CyberFit Academy
Cyber Protect Cloud
Cloud Tech Associate Advanced
Disaster Recovery
#CyberFit

#CyberFit Academy
 Meet your Instructor

Ernie Hilborn
Partner Enablement Manager
Ernie is an IT industry veteran with more than 35 years of
Mesa, Arizona (USA) experience. He has held various positions ranging from
installer, to “Manager of Information Systems.” He is a
English seasoned public speaker and has a passion for channel
[email protected] partners and making them successful.
He is also the founder of a nonprofit in Arizona which
provides free glider rides for people with disabilities.

#CyberFit Academy
Learning Objectives

After finishing this instruction you will be

able to
• Understand who needs Disaster Recovery and why
• Explain how Disaster Recovery is a vital part of modern
Cyber Protection
• Build confidence in your technical acumen regarding
Acronis Cyber Protect Cloud and Disaster Recovery as a
Service (DRaaS)

#CyberFit Academy
Course Modules

1. Case Study
2. Why do we need Disaster Recovery?
3. High Level Overview and Benefits
4. Getting Started
5. Adding Cloud Servers
6. Other Operations

#CyberFit Academy
Cyber Protect Cloud
Case Study

#CyberFit Academy
 Dallas Stars
(Professional ice hockey team based in Dallas, Texas)

Using Veeam for on-site backup and off-site

recovery of Hyper-V infrastructure

Cloudberry to back up unstructured data

Solutions provided by local MSP and Leased co-

location space in 3rd party data center for DR.

194 workstations / 314 M365 mailboxes / 44

servers / 193TB

#CyberFit Academy
 Case Study

Challenges

✓ Managing two unintegrated

backup vendors
✓ No protection for workstations
or Microsoft 365
✓ Disaster recovery was separate,
difficult to test, and expensive.

#CyberFit Academy
 Case Study

Requirements

✓ Protect all devices and data

✓ Unified console for easy
administration (“our biggest
objective”)
✓ Consolidate vendors: improve
operational efficiency

#CyberFit Academy
 Case Study
Benefits

Single console for Expanded cyber Cost savings - by canceling

all services protection for co-location lease for DR site
workstations and and replication software
Microsoft 365 (saving $25K per year)

#CyberFit Academy
Cyber Protect Cloud
Why do we need Disaster
Recovery?

#CyberFit Academy
The New World of Threats

Natural disasters Pandemics Hardware failure, Accidental data Cyberattacks

software corruption deletion
• Only 6% of • Requires a Up to 30M SMBs 14% of data loss is • 93% of businesses
outages are different kind of are vulnerable to IT caused by human were attacked within
caused by planning failure without error, such as the past three years(2)
natural scenario comprehensive deleting or
disasters(1) monitoring(2) overwriting files(3) • Malware attacks
• Affects people increased by 25%(4)
• Affects facilities
and infrastructure • By 2021 cybercrimes
will cost $6 trillion
per year(4)

Natural Human
(1) Actual Tech Media, (2) IDC, (3) Tech Radar, (4) Symantec 2019 ISTR

#CyberFit Academy
 Business disruption happens

21% 51% 70% 93%

Of data breaches Of data breaches Of organizations are Of businesses
in 2021 were caused in 2021 were caused likely to suffer business experienced attacks
by accidentally by criminal and collapse by 2022 within the past three
deleting or overwriting malicious attacks1 due to unrecoverable years3
files or folders1 data loss2

1 Acronis Cyberthreats Report 2022

2 Gartner 2022
3 IDC 2022

#CyberFit Academy
Clients can’t afford downtime
(examples)

4/10 14.1 hours

businesses average annual
suffered a data downtime for
breach in 2020 businesses

$8,600 545 hours

average hourly cost average annual
of unplanned hours of lost staff
downtime for an productivity
SMB

#CyberFit Academy
Overcome supply chain issues

3-6 weeks

#CyberFit Academy
Consider the expected, and unexpected
Traditionally, managing this scenario wouldn’t be possible

Better planning
Scattered Data and
Regulations and for people
geographic devices live
compliance (business and
locations elsewhere
personal)

Difficulty getting
Communications
data to backup
and training
and recover
New World
When you have a comprehensive Considerations
platform, you have true power – Remote Protecting the
work supply chain
no matter where your clients are or which
devices they’re using.

Prioritizing data, Document, Exposure to greater

systems, automate, risk outside of IT’s
and needs and test regular infrastructure

#CyberFit Academy
Forwarding-thinking SPs Grow Revenue with DRaaS
Protect your clients’ data, applications, and systems beyond backup

Increase Improve Control Decrease Offer

ARPU SLAs Costs Churn DRaaS

▪ Sell more cyber ▪ Proactively avoid ▪ Reduce expenses ▪ Improve client ▪ Easy additional
protection downtime by using one tool satisfaction and revenue:
services for all your daily keep them coming • Little investment
▪ Faster remediation
back for more • Turn-key solution
▪ Get more margin with improved tasks:
for Acronis Cyber
on in-demand endpoint and data • Onboarding ▪ Demonstrate value Protect Cloud
services protection • Monitoring and simplify
• Management ▪ Better protection
▪ Improve attach ▪ Win more clients renewals
• Assistance for your clients
rate and sell more with better SLAs ▪ More services
▪ No new HW/staff
▪ RunVM mean stickier
required
Technology clients

#CyberFit Academy
Who Needs DRaaS?
Companies that: Key industries:

• Rely on mission-critical applications and

data
• Are subject to regulated compliance
requirements Financial Services Healthcare Legal
• Are partners in stringent supply chains
• Are located in disaster-prone areas
• Lack technical resources
• Have heavy reliance on IT for business Transportation Business Services Manufacturing
functions
• Lack disaster recovery experience

Construction Small-to-midsized Energy

Businesses Utilities

#CyberFit Academy
Regulatory requirements and controls for backup and DR

§ 164.308
Administrative
safeguards

#CyberFit Academy
 Two important DR acronyms!
Recovery Point Objective (RPO) Recovery Time Objective (RTO)

▪ How much data loss is acceptable to an ▪ How much downtime is acceptable before DR
organization in the event of a disaster? Another systems are online and available?
perspective is how long can they operate their ▪ Different systems may have different RTO times.
business manually.
▪ Accounting, payroll, and order processing systems
▪ This determines how often to back up a server or may have shorter RTOs than an archive or file
VM. If the RPO is 4 hours you need to back up server.
every 4 hours or less.
▪ This helps decide which servers should be
▪ The RPO time may be different for different included in DR and which can be delayed. This
systems. saves costs.
▪ Must be discussed in detail and with all levels of
management.

#CyberFit Academy
DRaaS vs DIY Disaster Recovery

Easier protection of Better functionality Speed of entry and Easy access,

critical workloads at a lower cost deployment self-service

New on-site
Simplified appliance option Secure Pay-as-you-go
testing is available infrastructure pricing

#CyberFit Academy
Cyber Protect Cloud
High Level Overview and Benefits

#CyberFit Academy
Integrated Platform
An integrated solution of cyber security, backup, disaster recovery,
management and automation built specifically for SPs

#CyberFit Academy
Integrated Platform
An integrated solution of cyber security, backup, disaster recovery,
management and automation built specifically for SPs

Technicians

Owner

#CyberFit Academy
Integrated Platform
An integrated solution of cyber security, backup, disaster recovery,
management and automation built specifically for SPs

Disaster Recovery

Base Disaster Recovery Advanced Disaster Recovery

▪ Test failover ▪ Production and test failover
▪ Cloud-only VPN connection ▪ Cloud-only and site-to-site VPN
connections
▪ Multiple templates
▪ Cyber Protected DR
▪ Runbooks

Technicians

Owner

#CyberFit Academy
DR for Any Workload
Physical servers and virtual machines ▪ Windows ▪ Linux

▪ VMware vSphere ▪ Red Hat Virtualization

Virtualization platforms ▪ Microsoft Hyper-V ▪ Citrix XenServer
▪ Linux KVM

Application-aware backup and recovery ▪ Microsoft Exchange ▪ Microsoft SharePoint

▪ Microsoft SQL Server ▪ Microsoft Active
Directory
Cloud servers for real-time ▪ For applications with built-in
application replication replication like SQL Server AlwaysOn

Windows SQL Share Active Citrix Linux VMware Red Hat Linux
Exchange Hyper-V
Server Server Point Directory XenServer Server vSphere Virtualization KVM

#CyberFit Academy
Are there different categories of disasters?
(may be different for each customer)
Can a single workstation or server
failure be a critical event?

CEOs workstation
Marketing server on the day of a
product launch?

1. Loss of local network but servers are still running?

2. Would loss of Internet access be a critical event?
3. How would an immediate evacuation order be handled? (wildfire or chemical sp
What about a long-term evacuation?

1. Computer room, building-wide, local, regional, or even larger.

How would these sizes of disasters affect your response?
Don’t forget to take care of your employees and their families!

#CyberFit Academy
Are there different categories of disasters?
(may be different for each customer)
• CEOs workstation
Can a single • Marketing server on the day of a product launch?
Loss of local network but servers are still running?
workstation or
Would loss of Internet access be a critical
server failure be a event?
critical event?
How would an immediate evacuation order be
handled? (wildfire or chemical spill)
• What about a long-term evacuation?
Computer room, building-wide, local, regional,
or even larger.
• How would these sizes of disasters affect
your response?
• Don’t forget to take care of your employees and
their families!

#CyberFit Academy
Your complete cyber protection services
All managed from a single user interface

Data Protection Cybersecurity Disaster Recovery

Backup and Restore Endpoint Management Disaster Recovery

and Security
Primary focus: Primary focus:
▪ Prevent the loss of valuable Primary focus: ▪ High availability of critical
data ▪ Detection and deflection applications
▪ Data located on servers, of malware attacks ▪ Rapid recovery to avoid
workstations, and mobile ▪ Vulnerability assessment and costly downtime
devices configuration management
▪ URL filter
▪ Patch management

#CyberFit Academy
 Section Summary
Everyone needs DRaaS in their business at some point
1 Single (familiar) console and single agent install to manage

Disaster Recovery for your critical workloads, yet easy to

2 understand billing

Plan for several disaster scenarios and assist with ongoing

3 DR tests.

Predictable SLAs
4

#CyberFit Academy
Cyber Protect Cloud
Getting Started
Setting Up Disaster Recovery (DR Advanced Pack)

#CyberFit Academy
Disaster Recovery with Cyber Protection

Acronis Cyber Protect Cloud

• File-level, disk-level, image and application Advanced Disaster Recovery

backups
• Backup popular workloads like Mac,
Windows, • Production and test failover to Acronis
Linux, Microsoft 365, Google Workspace, Cloud
Hyper-V, VMware, and more • Runbooks: disaster recovery orchestration
• Flexible backup storage options • VPN-less deployment option
• Acronis Active Protection • IPsec Multisite VPN support, L2 site-to-site
• Archive encryption open VPN
• Incremental and differential backups • Multiple templates
• Antimalware and anti-virus protection • Custom DNS configuration
• Vulnerability assessments
• Instant restore with RunVM
• and more…

#CyberFit Academy
Simplify Clients’ Disaster Recovery With a Turn-Key SaaS
Solution
ACRONIS DATA CENTER
Cloud recovery sites
All components out-of-
the-box

Management Backup and DR

Hot and cold On-demand Virtual Easier and quicker PoC
storages compute router
console servers and deployment stages

CLIENTS’ ENVIRONMENTS Single console helps

you easily offer disaster
recovery for your clients
Agent Agent
Agent for Hyper-V Agent for VMware
for Windows for Linux

Hyper-V VMware
Administrator Windows Linux
server server
VM VM VM VM VM VM

Other virtual platforms

Virtualization platforms and physical machines

#CyberFit Academy
Example: How DRaaS Works
Disaster Recovery as a Service (DRaaS) is the replication and hosting of physical or virtual servers by a
third party to provide fail over in the event of a man-made or natural catastrophe.

Failover

Failback

Client’s Cloud recovery site

infrastructure by third party

#CyberFit Academy
Example: How DRaaS Works
Advanced Disaster Recovery: following cloud servers can be created:

Recovery Server: Primary Server:

Cloud server created based on a template.

Cloud server created based on existing
Can be used for production workloads
backup (backup must be stored on cloud
(e.g., as a new server or part of a cluster),
storage). Can be turned on for testing or
as a replication target, or Active Domain
failover purposes
Controller

For initial setup and configurations: login to the Cloud Console

#CyberFit Academy
Cloud-Based Disaster Recovery
Limitations - Disaster Recovery is not supported for:

X Platforms: Virtuozzo virtual machines and containers | MacOS

Windows: machines with dynamic disks | removable media without either

X GPT or MBR formatting | Active Directory service with FRS replication

Linux: File systems without a partition table| Linux workloads that are backed up with an
X agent from a guest OS and have volumes with the following advanced Logical Volume Manager (LVM)
configurations: Striped volumes, Mirrored volumes, RAID 0, RAID 4, RAID 5, RAID 6, or RAID 10 volumes.

CDP recovery points (data contained in CDP recovery points will be lost
X during failover)

X Forensic backup cannot be used

#CyberFit Academy
Supported Environments
Category Details

‒ CentOS 6.6 and above, Debian 9, Ubuntu 18.04, 20.x, and 21.x
Supported OS for Recovery
‒ Windows Server 2008/2008 R2 and above (including Server 2022) except for Server 2016 Nano Server
Server
‒ Windows Desktop OS not supported due to Microsoft product Terms

‒ Windows Server 2008 with Hyper-V and above except for Windows Server 2016 Nano Server
‒ Kernel-based Virtual Machines (KVM)
Supported virtualization
platforms for Recovery ‒ Red Hat Enterprise Virtualization 3.6 and above and Red Hat Virtualization 4.0
Server
‒ Citrix XenServer 6.5 and above
‒ Azure virtual machines

Supported virtualization ‒ VMware ESXi 5.1 and above (including 7.0)

platforms for VPN appliance ‒ Windows Server 2008 with Hyper-V and above except for Windows Server 2016 Nano Server

Requirements for VPN ‒ 1 vCPU, 1 GB RAM, 8 GB HDD

appliance ‒ TCP 443 (outbound) for VPN connection, TCP 80 for automatic update of appliance

#CyberFit Academy
DR of Azure VMs to Acronis Cyber
Protect Cloud
✓ Perform Disaster Recovery (DR) failover of
Azure VMs to Acronis Cyber Protect Cloud
✓ Enhanced protection against Azure cloud
outages for SPs utilizing public cloud. Provides
predictable and simple monthly billing.
✓ Acronis charges for storage: does not charge
for outbound network traffic consumption
and hot disks usage

Scenarios:
✓ DR failover of Azure VMs to Acronis Cyber
Protect Cloud from Acronis-hosted backups
✓ Manual failback from Acronis Cyber Protect
Cloud to Azure VM via the restore functionality

#CyberFit Academy
Protect VMware ESXi 7.0
Workloads with Advanced DR
✓ Extend disaster recovery protection to
VMWare ESXi 7.x workloads backed up
agentless:
• Production failover of VMware ESXi 7.x
workloads to Acronis Cyber Protect
Cloud
• Test failover of VMware ESXi 7.x
workloads to Acronis Cyber Protect
Cloud
• Automated failback of virtual machines
from Acronis Cyber Protect Cloud to on-
premises VMware ESXi 7.x hosts

#CyberFit Academy
Getting Started

1. Configure connectivity type to cloud recovery site: Site-to-site connection

2. Configure Protection Plan to perform backup of Cloud-only mode

machines to be protected either directly or
replicate to Acronis cloud storage
Point-to site connection
3. Create Recovery Servers based on the machine
that was backed up
4. Perform test failover to check everything works
5. [Optional] Configure Runbooks and Point-to-Site
VPN
6. Perform failover in a DR scenario

#CyberFit Academy
Connectivity
To access cloud servers, 3 types of connectivity are available

Site-to-site connection:

• Requires installation of VPN appliance on-premises (local

site). Creates VPN tunnel to secure communications
between local and cloud servers
• Cloud servers are accessible through local network, point-
to-site VPN and public IP addresses (if assigned)
• Typically chosen when local and cloud servers are tightly
dependent (example: partial failover scenario to allow
cloud servers to communicate directly with local servers)

#CyberFit Academy
Connectivity
To access cloud servers, 3 types of connectivity are available

Cloud-only mode:

• No VPN appliance required (local site and cloud site are

independent networks)
• Cloud servers accessible through point-to-site VPN and
public IP addresses (if assigned)
• Typically chosen when local and cloud servers do not
need to communicate with each other (example: partial
failover scenario for independent servers)
servers)

#CyberFit Academy
Connectivity
To access cloud servers, 3 types of connectivity are available

Point-to-site remote VPN access:

• Available only after site-to-site connection or cloud-only mode

configured
• Uses OpenVPN client to connect to cloud or local servers
• Typically used to remotely access cloud servers when using cloud-only
mode or when local site is down (when using site-to-site connection)
• If site-to-site connection available: local servers can be accessed
remotely (from outside of company network) via point-to-site VPN
• For cloud servers that requires access from Internet such as web
servers, public IP address can be assigned during cloud server setup

#CyberFit Academy
IPsec Multisite VPN Support

Use case

1. Clients with multiple sites hosting critical workloads and higher requirements for security,
compliance, bandwidth
2. 3rd parties software/managed service providers sites connected via VPN IPsec tunnel
3. Clients with devices supporting IPsec and not willing to dedicate a separate host for L2 VPN
appliance

Solution
1. IPsec Multisite VPN support
2. Focus on solution security: only secure protocols and algorithms, authentication keys are stored
encrypted
3. Transparent connections and tunnels status and self troubleshooting

#CyberFit Academy
Connectivity – Initial Configuration

Choose a
connectivity type

#CyberFit Academy
Connectivity – Initial Configuration

Deploying VPN
gateway

#CyberFit Academy
VPN-less deployment option –
Cloud only
Onboard clients more quickly and easily

• VPN virtual appliance is not necessary for

“point-to-site” connectivity.

• Switch from the “point-to-site” to “site-to-

site” mode as you wish.

• This option is especially useful for

customers who want to quickly evaluate
the service or don’t need to extend the
local network to the cloud site

Connect clients’ quickly and easily with point-to-site or site-to-site

Why?
connectivity

#CyberFit Academy
Connectivity – Setup Cloud-Only Mode

Click to show
connectivity
properties

Add additional cloud

networks

#CyberFit Academy
Connectivity – Setup Site-to-Site Connection

Click to download VPN

appliance

VPN Gateway
deployed in
Cloud Site

#CyberFit Academy
Connectivity – Setup Site-to-Site Connection

Download VPN
appliance

#CyberFit Academy
Connectivity – Initial Configuration

1. Go to Disaster Recovery tab and choose type of

connectivity
2. Once type of connectivity is selected, VPN
gateway will be deployed in cloud site
3. For Site-to-site connectivity:
• Download either the VMware or Hyper-V
appliance for installation on-premises
• Install, configure and register the appliance
4. For Cloud-only mode:
• VPN gateway will be pre-configured with 1
cloud network
• Click on Add network to add more networks
for cloud site (to be used by cloud servers

#CyberFit Academy
Connectivity – Installing VPN
Appliance
1. Download the VPN appliance:
Choose either VMware or Hyper-V appliance to
download
2. Prepare the host before installing the VPN
appliance:
• In VMware vSphere, ensure that that Promiscuous mode and
Forged Transmit are enabled and set to Accept for all virtual
switches that connect the VPN appliance to the production
networks. To access this setting, in vSphere Client, select the
host > Summary > Network, select the switch > Edit settings… >
Security
• In Hyper-V, create a Generation 1 VM with 1024 MB of RAM. It is
recommended to enable Dynamic Memory for the VM. Once the
VM is created, go to Settings > Hardware > Network Adapter >
Advanced Features and select Enable MAC address spoofing
check box

#CyberFit Academy
Connectivity – Installing VPN
Appliance
3. Install and power on the VPN appliance
4. Open the appliance console and login with admin
| admin
5. [Optional] Change the password
6. [Optional] Change the network settings if needed,
define which interface will be used as the WAN for
Internet connection
7. Register the appliance using Customer
Administrator credentials1

#CyberFit Academy
Connectivity – Site-to-Site Connection

Click to view
cloud servers

Click to view
local servers
Local network Add cloud
reported by VPN networks
appliance

#CyberFit Academy
Connectivity – Site-to-Site Connection

VPN Appliance
settings

#CyberFit Academy
Connectivity – Site-to-Site Connection

VPN gateway
settings

#CyberFit Academy
Connectivity – Site-to-Site

The status of the site-to-site connection will be shown after it has been
successfully setup:

• Up to 5 local networks can be reported and linked to the cloud site via the
VPN tunnel
• Number of local servers and cloud servers (after they have been created)
in each network, i.e., having an IP address in the network, will be shown
• More networks can be added to the cloud site (up to a total of 5 overall)
by clicking on Add networks on the connectivity gateway, cloud networks
added will be independent from local networks

#CyberFit Academy
Connectivity – Properties

View and configure connectivity

properties including for Point-
to-Site VPN

#CyberFit Academy
Connectivity – Properties

Operations available from Properties:

• Site-to-site section:
• Enable/disable site-to-site connection | Download VPN appliance | Local
routing 1
• Point-to-site section:
• Enable/disable point-to-site VPN to local site | Re-generate
configuration file | Download configuration for OpenVPN

1 There may be situations where local networks are not registered in the VPN
appliance and hence not reported to the connectivity gateway

#CyberFit Academy
Connectivity – Configuring Point-to-Site VPN
1. Download OpenVPN configuration from Disaster Recovery >
Connectivity > Properties, regenerate configuration if necessary

2. Download and install OpenVPN client on the machines from which

to connect to cloud or local servers remotely and import the
configuration file

3. Initiate the point-to-site VPN connection using cloud console

accounts

#CyberFit Academy
IPsec Multisite VPN Support
Use case

1. Clients with multiple sites hosting critical workloads and higher requirements for security,
compliance, bandwidth
2. 3rd party software/managed service providers sites connected via VPN IPsec tunnel
3. clients with devices supporting IPsec and not willing to dedicate a separate host for L2 VPN
appliance

Solution
1. IPsec Multisite VPN support
2. easy customer onboarding:
✓ simple configuration steps : recommended default configuration, video guide
✓ migration from L2 Open VPN connectivity with re IP assignment, that doesn’t requires re deployment
3. focus on solution security: only secure protocols and algorithms, authentication keys are stored encrypted
4. transparent connections and tunnels status and self troubleshooting

#CyberFit Academy
Allow DHCP traffic via L2 site-to-
site VPN Tunnel
✓ Enable clients to use own DHCP
server when one or more endpoints
are in failover to Acronis Cloud, and
DHCP traffic is sent via L2 site-to-
site VPN tunnel.
✓ Perform DHCP server failover
to continue leasing IP
addresses to on-premises
environment from disaster
recovery site in Acronis Cloud

#CyberFit Academy
IPsec Multisite VPN Support

#CyberFit Academy
Functionality and Use Cases out of Scope
# IPsec functionality
1 NAT Traversal support
2 Remote gateway FQDN support
3 IPsec connection certificate authentication
4 Secondary IPsec connection to the same gateway for HA
5 Other IPsec tunneling and AD integration for remote access solutions (p2s)

# Other use cases, that often mentioned with IPsec

1 Virtual Firewall management on DR cloud site
2 Primary servers failover testing (e.g. SQL always on cluster secondary node test failover)
3 Dedicated MPLS connection via 3d party service providers. Network equipment colocation in
Acronis Data Center
4 Software-defined WAN (SD-WAN)
5 Virtual firewall between cloud networks

#CyberFit Academy
IPsec Multisite VPN Support
Use case

1. Clients with workloads that require custom DNS settings for Disaster recovery cloud servers
2. Example of such services: Microsoft Active Directory domains, Simple DNS (Bind on Centos)

Solution

1. Possibility to set up custom DNS settings for Disaster recovery cloud servers for the whole disaster recovery
infrastructure in the Acronis cloud
2. when DNS server IP renew takes place, Cloud Servers will use the newly obtained IP addresses of the DNS
servers by next request to Cloud DHCP server

#CyberFit Academy
IPsec Multisite VPN Support

#CyberFit Academy
 Section Summary

1 Setup is fast and easy

2 Multiple VPN(less) options for connectivity

3 Custom DNS Available

#CyberFit Academy
Test your knowledge

#CyberFit Academy
Cyber Protect Cloud
Adding Cloud Servers
(Adding Recovery and Primary Servers)

#CyberFit Academy
Recovery Server
Pre-requisites: Available Operations:

A Protection Plan with Backup must be Test failover

applied to the machine you want to protect:
Production failover
a) Backup the Entire Machine or
disks/volumes containing the OS and
applications and data for failover Failback

b) Cloud storage must be selected as one of

the locations for backup
c) Recommended to run the Backup Plan at
least once to ensure that cloud backups are
successfully created

#CyberFit Academy
Recovery Server

Create Recovery
Server

Create
CreateRecovery
Recovery
Server
Server

#CyberFit Academy
Recovery Server

Create Recovery
Server

#CyberFit Academy
Recovery Server

Recovery Server
configurations

#CyberFit Academy
Recovery Server

1. Select the machine you want to protect and click Disaster recovery

2. Click on Create recovery server button

3. Select the number of virtual cores and the size of RAM for the
Recovery Server

4. Specify the IP address the Recovery Server will have during

production failover

#CyberFit Academy
Recovery Server
5. [Optional] Select the Test IP address checkbox and specify the IP address,
allows connection to the Recovery Server via RDP or SSH during a test failover,
if unchecked, only console access is possible

6. [Optional] Select the Internet access checkbox to enable the Recovery Server
to be able to access the Internet during a production failover or test failover

7. [Optional] Select the Public IP address checkbox, public IP address will be

shown after configurations is complete

8. [Optional] Set the RPO threshold which defines the maximum time interval
allowed between the last suitable recovery point for a failover and the current
time, typically set to the same as backup frequency, e.g., if backup frequency is
daily, then RPO threshold should be 1 day

#CyberFit Academy
Recovery Server
9. [Optional] If the original backups are encrypted, specify the password
that will automatically be used when starting the Recovery Server

10. [Optional] Change the name and description

11. Click Done

#CyberFit Academy
Recovery servers RPO compliance
tracking
Improve SLA compliance
• Define recovery point thresholds for
the recovery servers to identify how
"fresh" the cloud backup of the
original machine (to perform failover)
should be.
• Track recovery point objective (RPO)
compliance in real time via the web
console.

Why? Provide competitive SLAs and ensure you are able to meet them

#CyberFit Academy
Firewall policies management
Scenario
User creates a Disaster Recovery Cloud Server with default security policies
and can define outbound and inbound firewall policies (e.g. opens SSH
access to this server)

Migration
To assure continuity of the end-customer's services, all the existing firewall
rules on Border Firewall for Disaster Recovery Cloud Servers (Recovery and
Primary) will be migrated as is :
1. inbound - deny all, except TCP: 80, 443, 8088, 8443 and UDP: 1194
2. outbound - allow all
3. All per customer custom rules

After C21.04 going forward, all new Disaster Recovery Cloud Servers (Recovery
and Primary) will be created with the following default rules:
1. inbound - deny all, except TCP 443
2. outbound - allow all, except TCP 25

Licensing - Feature is available in Acronis Cyber Protect and legacy

editions

#CyberFit Academy
Recovery Server – Failover & Test Failover

List of Recovery
Servers

#CyberFit Academy
Recovery Server – Failover & Test Failover

Recovery Server
actions

Recovery Server
properties

#CyberFit Academy
Recovery Server – Failover & Test Failover

Test failover and

production failover

#CyberFit Academy
Recovery Server – Failover & Test Failover

Test Failover is the process of starting and testing the Recovery Server to
check if it can be used in the event of a real Failover:

• When initiated, the Recovery Server starts and is connected to an isolated

test VLAN and multiple servers can be tested at the same time to check
their interaction
• Recovery Servers can communicate with each other using their
production IP address in the isolated test network but not directly with
devices on the local network
• Beginning with the C22.12 update, automated test failovers can be
scheduled. Once the VM has been started, a console screen shot is
taken and emailed before being shut down.

#CyberFit Academy
Recovery Server – Failover & Test Failover

Failover & Test Failover uses functionality similar to Acronis Instant Restore:

• For Failover, a VM is created based on Recovery Server configurations, linked to the

selected backup of the original machine and Finalized as soon as possible to achieve best
possible performance, i.e., similar to Run as VM + Finalize immediately after temporary VM is
created
• For Test Failover1, the VM is not finalized to minimize space consumption on Disaster
Recovery storage which may result in slower performance, i.e., Run as VM only
• Protection agents in the Recovery Server will be stopped to avoid undesired activity such as
starting a backup or reporting outdated statues to Acronis Backup Cloud

1Point-to-site VPN will be required to connect to Recovery Servers via RDP or SSH when performing test failover

#CyberFit Academy
Failover From Immutable Recovery
Points
✓ Mitigate malicious or accidental deletion of
recovery points by protecting them with
immutable storage
✓ Enabling immutable storage allows to initiate
failover to Acronis Cloud from a deleted
recovery point – whether during regular testing
or real disaster

#CyberFit Academy
Recovery Server – Failback

Failback is the process of moving the workload from cloud back to on-
premises:

• Available after a Recovery Server has been finalized

• During this process, the physical server being moved is unavailable, the length
of the maintenance window is approximately equal to the duration of a backup
and subsequent recovery of the server

#CyberFit Academy
Recovery Server – Test Failover
1. Select the machine to test from Disaster Recovery > Servers >
Recovery Servers

2. Click on Failover and ensure Test failover is selected for the failover
type
Failover

3. Select the recovery point to use and click on Test failover button

4. The state of the Recovery Server changes to Testing failover

#CyberFit Academy
Recovery Server – Test Failover

5. Test the failover using any of the following methods:

• In Disaster Recovery > Servers, select the recovery and then click
Console to connect to the Recovery Server
Failover
• Connect to the Recovery Server via RDP or SSH using the test IP
address from both outside and inside (requires point-to-site VPN)
• Run a script within the Recovery Server, the script may check the login
screen, whether applications are started, the Internet connection and
the ability of other machines to connect to the Recovery Server

6. When testing is complete, click Stop testing

#CyberFit Academy
Recovery Server – Production Failover

1. Ensure that the original machine is not available on the network

2. Select the machine to failover from Disaster Recovery > Servers >
Recovery Servers Production
Failover
3. Click on Failover and ensure Production failover is selected for the
failover type

4. Select the recovery point to use and click on Start production

failover button

#CyberFit Academy
Recovery Server – Production Failover
5. The state of the Recovery Server changes to Finalization and after
some time, Failover

6. Ensure the Recovery Sever is started by using Console and can be

connected to via its production IP address Production
Failover
7. Once the Recovery Sever is finalized, a Protection Plan will be
created and backups of the Recovery Server will be created and
stored on cloud storage

8. To cancel failover, click Cancel failover, all changes starting from

the failover will be lost except for Recovery Server backups

#CyberFit Academy
Recovery Server – Failback
1. Select the machine to failback from Disaster Recovery > Servers >
Recovery Servers (physical servers)

2. Click Failback to open the Failback dialog box and click Prepare
failback, Recovery Server will be stopped and backed up to cloud
storage
Failback

3. Wait for the backup to complete and use the backup to perform
recovery on-premises

4. Once on-premises recovery is complete and verified, return to the

Recovery Server and click Confirm failback, Recovery Server and
recovery points will become ready for next failover
5. Alternatively, if failover is to continue, e.g., more time required to
prepare for on-premises recovery, click Cancel failover, Recovery
Server will start and failback can be attempted again subsequently

#CyberFit Academy
Automated Failback for Virtual Machines

Problem Solution

Automated failback with close-to-zero

downtime: the virtual machine in the
cloud continues to run as data is
transferred to the local site.
Old version of the failback was fully manual and Customers can manage the whole
misleading, moreover it caused tremendous process in one panel which significantly
reduces efforts needed to do a failback.
downtime
System provides information about
progress of the failback and estimates
downtime which makes the planning of
the failback much easier.

#CyberFit Academy
Automated Failback for Virtual
Machines

Competitive advantages

• One of the lowest switchover downtime on

the market and it can be the key
differentiator from other solutions.
• The enhanced User Experience which
makes the process of failback easy and
understandable (there are instructions
integrated into the interface).

#CyberFit Academy
Automated Failback for Virtual Machines

#CyberFit Academy
Automated Failback for Virtual Machines
Cancel data transfer Back to data transfer

Planning Data Transfer Switchover Validation

The virtual machine on the cloud site is working The virtual machine on the cloud site is not working
Preparation for the Transferring data to the local Switching from the cloud to Validation of the virtual
failback process site the local site machine on the local site

1. Restore your IT 1.Data is transferred to the local 1.The virtual machine on the cloud 1.Validate that the virtual machine
infrastructure at the local site. site, while the virtual machine on site is turned off and the remaining on the local site is working
the cloud site continues to run. data is transferred to the local site. correctly, and confirm the failback.
2. Plan the failback process Note that after you confirm the
and set the failback 2.Start the switchover when more 2.When all the data is successfully failback, the system will delete the
parameters than 90% of the data is transferred transferred to the local site, the virtual machine in the cloud, and
to the local site(You can start the switchover will end the validation the failover process will be
3. Start the data transfer switchover earlier, but that will phase will start. completed.
result in a longer downtime
period.) 3.If something goes wrong, you 2.If the machine on the local site
can return to the data transfer does not work correctly, return to
phase. The virtual machine in the the data transfer phase. The virtual
cloud will be turned on, and the machine in the cloud will be
date transfer will continue. turned on.

#CyberFit Academy
Primary Server

i
Pre-requisites:
• Connectivity to the cloud site must be setup

i
Operations with Primary Servers:
• Start or Stop the server
• Edit Primary Server settings
• Backup Primary Server using the pre-defined Protection Plan
where only the Scheduling and Retention rules can be changed,
other sections/options are locked/not available

#CyberFit Academy
Primary Server

1. Go to Disaster Recovery > Primary Server and click Create

2. Select a template for the new Primary Server

3. Select the number of virtual cores and the size of RAM for the
Primary Server

4. Optional] Change the virtual disk size and add more disks if
required, up to a max. of 10 disks

#CyberFit Academy
Primary Server

5. Specify the IP address the Primary Server will have

6. [Optional] Select the Internet access checkbox to enable the

Primary Server to be able to access the Internet

7. [Optional] Select the Public IP address checkbox to assign a

public IP to the Primary Server

8. [Optional] Set the RPO threshold which defines the maximum time
interval allowed between the last suitable recovery point for a
failover and the current time, typically set to the same as backup
frequency, e.g., if backup frequency is daily, then RPO threshold
should be 1 day

#CyberFit Academy
Primary Server

Create Primary Server

#CyberFit Academy
Primary Server

Primary Server
configurations

#CyberFit Academy
Backing Up Cloud Servers

Recovery and Primary servers can be backed up to cloud

storage:
• Only possible location is cloud storage
• Each cloud server must have its own Protection Plan, a
Protection Plan cannot be applied to multiple servers and
only 1 Protection Plan can be applied to a cloud server
• Application-aware backup is not supported
• Encryption is not available
• Backup options are not available
• Backups are performed according to UTC time
When a Primary Server is deleted, its backups are deleted.are
also deleted

#CyberFit Academy
Backing Up Cloud Servers

A Recovery Server is backed up only in the failover state:

• Recovery Server backups continue the backup sequence of

the original server
• When failback is performed, original server can continue its
Recovery Server‘s backup sequence
• Backups of Recovery Server can only be deleted manually or
as a result of applying retention rules
• When a Recovery Server is deleted, its backups are always
kept
are also deleted

#CyberFit Academy
 Section Summary

1 Adding recovery servers is fast and easy (3 clicks)

2 Creating primary servers is simple powerful

Same familiar console

3 Easy to failover and failback

#CyberFit Academy
Test your knowledge

#CyberFit Academy
Cyber Protect Cloud
Other Operations
Using Runbooks and Storing Credentials

#CyberFit Academy
Runbooks Improve RTOs and Automate Recovery

Design Test Execute Monitor

Use the intuitive Verify the integrity Execute runbooks Gain disaster recovery
drag-and-drop editor to of your disaster in a few clicks when the orchestration visibility with
define groups of recovery plans by real disaster strikes and a detailed runbook
machines and sequences executing runbooks in minimize RTOs with fast execution real-time view
of action with these the test mode in the failover and failback of and execution history
groups web console multiple servers

#CyberFit Academy
Runbooks

A Runbook is a set of instructions for spinning up

multiple cloud servers in a certain order:
• Automate failover of 1 or more Recovery Servers
• Automatically check the failover result by pinging the server
IP and checking the connection to the port you specify
• Set the sequence of operations for Primary Servers running
distributed applications
• Include manual operations in the workflow
• Verify the integrity of your disaster recovery solution by
executing runbook in Test mode

Multiple Runbooks can be created and Runbooks can be nested,

i.e., using a Runbook to run other Runbooks

#CyberFit Academy
Runbook Examples

Runbook examples Manual step examples

▪ Small environment ▪ Notify “C” level executives of the event

1. Start Domain Controller ▪ Notify employees where to go to work, if changed
2. Start database server ▪ Verify all local servers are powered off
3. Start web server, which gets its data from the DB ▪ Change company DNS server
▪ In a large environment a runbook may be used to be ▪ Notify suppliers and/or customers
certain that all systems have been started.
▪ Notify local officials or regulators, if necessary
▪ Enterprise environmental – by department using a
single runbook calling other runbooks:
• Accounting/Payroll runbook
• CRM/Order Management runbook
• Support/Dev runbook

#CyberFit Academy
Runbooks

Select Disaster
Recovery > Runbooks
Click to create
runbook

#CyberFit Academy
Runbooks

Rename, Close,
Save Runbook

Add Step

Instructions

#CyberFit Academy
Runbooks

Available actions

#CyberFit Academy
Runbooks

Add description and

delete step

#CyberFit Academy
Runbooks
Add more actions to the
same step

Settings for
selected action

#CyberFit Academy
Runbooks

Available Runbook
operations and execution
history

#CyberFit Academy
Runbooks
Actions available

Failover server | Failback server Execute another runbook

• Operations that can be performed with • Allows other Runbooks to be nested,

Recovery Servers each Runbook can only be nested
once
Start server | Stop server

• Operations that can be performed with

Recovery or Primary ServersServers
i
A Runbook can have 1 or more Steps
that are executed sequentially and each
Manual operation
Step can have 1 or more Actions that are
• Add a text description for manual actions
executed simultaneously
to be taken before proceeding with the
next step
#CyberFit Academy
Runbooks

Completion checks (for Failover and Start server actions)

Ping IP address:

• Ping the production IP address of the cloud server until the server replies
or the timeout expires, whichever comes first

Connect to port (443 by default):

• Attempt to connect to the cloud server by using the production IP address and
port until the connection is established or the timeout expires
• Default timeout value is 10 minutes and can be changed
• Servers

#CyberFit Academy
Runbooks

i
Once a Runbook has been created, the following operations are
available:

Execute Edit Clone Delete

#CyberFit Academy
Runbooks
i When executing a Runbook, Execution Parameters will be prompted for:

Failover and failback mode:

• Choose whether to run a Test or Production failover

• Applies to all Failover and Failback actions in the Runbook

Failover recovery point:

• Choose Most recent recovery point (default) or Closest before a specified data and time (select
a point in time in the past)
• If Closest before a specified data and time is selected, the Recovery Point closest before the
specified date and time will be selected for each cloud server in the Runbook

#CyberFit Academy
Runbooks
i
A Runbook can be stopped during its execution
and all started Actions will be completed except
for those that require user interaction

i
A Runbook‘s execution history can be viewed to
see if it is successful or not together with its start
and end date and time

#CyberFit Academy
 Encrypted backup support
Comply with data security requirements
• Perform failover using encrypted backups and
allow the system to use the securely stored
passwords for automated disaster recovery
operations.

• The new Credential Store feature (accessible

from the web console in the Disaster Recovery
> Credential Store tab) allows you to securely
store and manage passwords for encrypted
server backups.

• Comply with various data regulations.

Why? Keep clients’ data safe while complying with various data regulations

#CyberFit Academy
Settings – Credentials

Stored credentials for encrypted backups

#CyberFit Academy
Settings – Credentials
i
When encrypted backups are used for creating
Recovery Servers, the password used for
encrypting the backups must be specified during
Recovery Server creation

i
Password specified will be stored securely in a
credential store and used automatically when
performing failover

#CyberFit Academy
Settings – Credentials
i
To manage stored crednetials, go to
Settings > Credentials

• View items linked to a stored credential, multiple backups can be linked to one
credential
• Unlink backups from a stored credential, password will have to be manually
specified during failover
• Edit or Delete a credential

#CyberFit Academy
 Section Summary

1 Runbooks make recovery automatic and easy

2 Runbooks can contain manual steps as well for

ultimate flexibility

3 Credentials for encrypted backups are safely stored

in cloud console

#CyberFit Academy
Where To Find Release Notes
Per Month

Change the release date to month

desired (22.08 below modify for
release)

https://dl.managed-
protection.com/u/baas/rn/22.08/en-
US/AcronisCyberCloud_relnotes.htm

Will even touch on known issues

and limitations / workarounds

#CyberFit Academy
Thank you for watching!

#CyberFit Academy
#CyberFit Academy
#CyberFit Academy
Cyber Foundation
Building a More Knowledgeable Future

Create, Spread and Protect

Knowledge with Us!
www.acronis.org
#CyberFit
Building New Schools
Publishing Education Programs
Publishing Books

#CyberFit Academy