10 Best Practices to

Improve Recovery Objectives

V11A

Fabian Kessler,
Product Management Analyst,
Veeam Software
10 Best Practices to Improve Recovery Objectives

Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
No. 1: Back up the right data the right way . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Application-aware processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Application-aware processing — Guest script processing . . . . . . . . . . . . . . . . . . . . . . . 5
Storage snapshots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Cloud-native snapshots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
No. 2: Use immutable backup storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Hardened repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Object Storage with Object Lock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
WORM tape . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
No. 3: Test your backups with SureBackup and Health Checks . . . . . . . . . . . . . . . . . . . . . . . . . 8
No. 4: Ensure that the hardware is fast enough for backup and restore . . . . . . . . . . . . . . . . . . . 9
Potential bottlenecks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Proxy server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Backup repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
No. 5: Choose the right restore mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Operating system or application failure after installing updates . . . . . . . . . . . . . . . . . . 11
Malware/ransomware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
No. 6: Have spare hardware ready (or service) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Where do you want to restore? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
How can you access the recovered data? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
No. 7: Avoid chicken-egg issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Encrypted backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Configuration backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
No. 8: Test a disaster recovery plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
No. 9: Empower application owners with self-service capabilities . . . . . . . . . . . . . . . . . . . . . . 15
Veeam Enterprise Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Enterprise Application Plug-ins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
No. 10: Use current versions of Veeam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Veeam Backup & Replication V10 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Veeam Backup & Replication V11 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
About the Author . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
About Veeam Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

© 2022 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 2
10 Best Practices to Improve Recovery Objectives

Introduction
When we talk about data backup and restore, This recovery objectives don’t follow
we need to talk about two essential terms: a general rule. Each company has other
requirements for their business which defines
• Recovery Point Objective (RPO)
their recovery objectives. If you want to read
• Recovery Time Objective (RTO) about RPO and RTO, our blog post “Why do
recovery time and recovery point objectives
Knowing how much data loss is tolerable matter?” explains more about RPO and RTO
for business impact (RPO) and the maximum and how to gather the information required
amount of time your business can tolerate to define the values for your environment.
to be offline (RTO) is important (Picture 1). It
defines how you build your backup strategy, This white paper will show you best practices
how frequently the backup jobs will run and to help you to achieve and optimize your
what type of backup is required. personal recovery objectives.

Picture 1 — RPO / RTO visualization

No. 1: Back up the right data the right way

Veeam® Backup and Replication™ can As soon as we are familiar with the production
protect several types of source data from data, we can choose the right type of backup
different hypervisors, physical machines, job to protect the data. We can choose from
cloud environment, SaaS offerings and different types:
different types of applications. Before • VM-based backup
starting with the implementation, you
• Agent-based backup
need to think about the data you need
to protect. The first step is to collect • Enterprise application plug-ins
the characteristics of the data you want • NAS backups
to protect. Do you need to protect • (Continuous) replication and Continuous Data
applications? What sort of hypervisor Protection (CDP)
is in use? How important is the data on
this server for the business? What’s your Consult the user guide to get familiar
expected RPO/RTO for each system? with the different type of jobs and their
advantages and disadvantages before you
make your decision.

© 2022 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 3
10 Best Practices to Improve Recovery Objectives

Application-aware processing

Application-aware processing (AAIP) prepares applications With AAIP, you can protect many applications directly within
on VM’s or physical machines for a consistent backup. the backup job settings.

With AAIP, depending on the application you will benefit from

application operating system backup job
the following features with Veeam Backup & Replication:
• Log truncation Active Directory Windows vm and agent

• Transaction log backup Microsoft SQL Windows vm and agent

• Pre-freeze/post-thaw scripts Microsoft Exchange Windows vm and agent
• Item level restore directly in the console
Microsoft Sharepoint Windows vm and agent
To use AAIP, it must be enabled in the job settings and
Oracle Windows / Linux vm and agent
guest OS credentials with the necessary permission must be
provided (Picture 2). MySQL Linux agent

PostgreSQL Linux agent

Picture 2 — general AAIP settings

© 2022 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 4
10 Best Practices to Improve Recovery Objectives

Application-aware processing —
Guest script processing

For applications which don’t support Microsoft Volume

Shadow Copy on Windows or don’t have an integration
in Linux machines, you can rely on pre-freeze/post-thaw
scripts (Picture 3) to ensure that your applications are
prepared for when the backup happens.

You may want to check with the vendor of

the application if any scripts or documentation exists
regarding how you can integrate Veeam with their
application. For example, HCL Domino provides a step-
by-step implementation guide for their product.
Picture 3 — Guest scripting

Storage snapshots

Storage snapshots on your production storage give you low With Veeam Backup & Replication, you can benefit from both
RPOs and RTOs, regardless of the backup software you use. methods with supported storage appliances. Restoring a VM,
You can orchestrate snapshots directly with the storage files or application data from a storage snapshot (Picture 4)
appliance console or with Veeam Backup & Replication. is as easy as it is from a Veeam backup.
A storage snapshot does not just protect a single VM. When
the snapshot is taken, all VMs on that storage volume are
protected at the same time.

Picture 4 — Restoring from storage snapshot

Cloud-native snapshots

Like storage snapshots, you can use cloud-native snapshots

for your workloads (VM, databases) in the cloud. With
Veeam’s cloud products, you can orchestrate this snapshot
(Picture 5) and restore data from them.

Picture 5 — Cloud-native snapshots

© 2022 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 5
10 Best Practices to Improve Recovery Objectives

No. 2: Use immutable backup storage

With the increasing number of ransomware With Veeam Backup & Replication, you have
attacks, it is important to use immutable or several options to protect your backups from
air-gapped backup storage. These days, it is such attacks. You should choose at least one
no longer safe to rely solely on conventional of them for your environment.
storage. Store backups in a way that an attacker
cannot delete them — that way you can protect
your business from a complete data loss.

Hardened repository

A hardened repository is a repository on a Linux server that • Do not install any other applications on the machine.
uses the immutability attribute in Linux file systems. Any Only the basic tools should be installed on the hardened
supported backup file stored in this Linux repository is made repository. Each additional application could introduce
immutable for the configured time. When immutability is new security risks to the server. For example, if you
enabled, all backups are protected for at least seven days decide to install a monitoring agent, additional security
(Picture 6). GFS backups are automatically protected for hardening might be needed.
the entire retention period. However, the the duration
of immutability depends on the requirements for each In addition to security precautions, it is recommended to
individual organisation. use XFS as a file system to benefit from our Fast Clone
technology. With this technology you can create synthetic
Configure the duration of immutability to be shorter than full backups without additional storage consumption.
the retention period of your backup jobs or you get warnings
in your backup job sessions.

There are a few requirements you need to consider when

protecting the hardened repository against various attacks:
• Use a physical machine with internal hard drives. While
it is possible to use a physical server with a SAN storage
instead of internal hard drives, it creates additional
potential security risks. The provided storage can be
deleted on the admin interface of the storage appliance.
• Restrict access to SSH, remote management interfaces and
physical consoles. With root permissions, an attacker can
delete the whole volume / partition. This challenge exists
with every software-based WORM solution. Also pre-
configured appliances face this challenge: once an attacker is
root on an appliance, he can delete everything.
• Consider blocking all unneeded network ports with the on-
Picture 6 — Immutability for hardened repositories
host firewall. If you want to use a hardware firewall, make
sure it has the required throughput, otherwise it will be
a bottleneck for your backup and recovery tasks.

© 2022 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 6
10 Best Practices to Improve Recovery Objectives

Object Storage with Object Lock

Veeam Backup & Replication supports different types of

object storage.

To protect the backups from accidental deletion, the object

storage must support Object Lock. Object Lock enables
Veeam Backup & Replication to store the backup data in such
a way that it can only be deleted after the configured period.
If you have decided to leverage object storage in your backup
strategy, check in the Veeam Ready database which object
storage appliances do support Object Lock with Veeam
Backup & Replication.

Veeam Ready — Object with immutability

The implementation must follow our best practices: Picture 7 — Immutably for object storage

• The data in the object storage bucket/container must be

managed exclusively by Veeam, including retention and
data management. Enabling lifecycle rules is unsupported
and leads to backup and restore errors.
• Versioning and Object Lock must be enabled
simultaneously for the bucket before you enable
the immutability feature (Picture 7). Any other approach
will result in backup offloading errors and the inability to
correctly interact with the backups in the bucket.
• Consult best practice guides from object storage
manufacturers or vendors. Many object storage vendors
recommend specific settings for how Veeam backup
repositories and backup jobs should be configured for
optimal performance.

WORM tape
As an alternative to object storage, tapes are still a viable
backup target. Tape backups give you air-gapped copies of
your backups. For added protection, use WORM tapes to
protect the tapes from being erased. WORM tapes can be
added like standard tapes in the Veeam Backup & Replication
console (Picture 8).

Picture 8 — WORM tapes

© 2022 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 7
10 Best Practices to Improve Recovery Objectives

No. 3: Test your backups with SureBackup and Health Checks

Testing your backups is important. • SureBackup jobs are based on Instant

Let’s imagine the following scenario: VM Recovery sessions. Test your backup
repository to see if it can provide
The operations team updated all
the performance to run multiple VMs
the servers during a maintenance window.
simultaneously with Instant VM Recovery®.
One of the servers only starts with a blue
screen. The operations team calls the help • SureBackup can be used on any
desk and asks to restore the virtual Hyper-V or vSphere Host. It does not have to
machine from the last working state of be the original environment. If possible, use
the backup. a non-productive infrastructure. This way you
do not use the CPU, memory and network
The help desk employee successfully
capacity of the production host for your tests.
restores the virtual machine. However,
when booting up, he finds that the restored A second reason backups need to be tested
machine has the same problem as is if the data on the backup storage becomes
the original VM. After the restore, corrupted (bit rot). This situation can occur
the machine still hangs with a blue screen. especially with unstable backup storage.
While a SureBackup job with CRC testing
Unfortunately, the help desk has to inform
enabled can detect such problems, you can
the operations team that a restore was
also enable health checks within a job. If
not possible.
corrupted data was found, health check marks
Could this have been prevented? Yes, if the restore point as corrupted in the database
the recovery had been tested beforehand. and tries to fix it with a new restore point.
According to our customers, health checks
It is recommended that you regularly test run about three-four times faster in V11a
your backups for recoverability. There are than in previous versions. Running the health
several reasons why a recovery should be check on a daily or weekly basis will help you
tested. One of them is what happened in to discover corrupted backup data.
the scenario above. The virtual machine was
already in a damaged state and was restored In addition to SureBackup jobs and health
in this way. Manual testing is possible, but checks, you can use the Data Integration
neither effective nor economical. With Veeam API to automate the tests with your own
Backup & Replication, you can automate this application. V10: Reuse your data with
testing. SureBackup® jobs can be used to the new Data Integration API
check your backups on a regular basis.
Extra Tip: With Veeam ONE™, you can create
If you have decided to use SureBackup jobs, a weekly report that gives you an overview of
you should consider the following points: all SureBackup jobs.

• SureBackup’s performance depends mainly on Recovery Verification Overview — Veeam ONE

the start-up time of the tested machines. This Reporting Guide
requires good (random) read performance
from the backup repository used.

© 2022 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 8
10 Best Practices to Improve Recovery Objectives

No. 4: Ensure that the hardware is fast enough for backup and restore
To achieve the defined RPO and RTO goals, sufficient hardware is required. This applies not
only to the backup hardware used, but also to components in your production environment
that could become a potential bottleneck.

Potential bottlenecks

Since every backup application processes a large amount of • What transport method does my proxy server use?
data, it is important that the data flow is efficient and that all • Have I allocated sufficient resources to my backup proxy?
resources involved in the backup process are used optimally.
• Do I have suitable storage as the primary backup target?
To meet the desired RPO and RTO, consider the following:
Veeam Backup & Replication provides advanced statistics
• Does my productive environment provide me with on the efficiency of the data flow and lets you identify
enough I/O and read/write speed to meet my RPO/RTO bottlenecks (Picture 9) in data transfer.
requirements?
• How is the productive environment connected to
the backup environment in terms of networking?

Picture 9 — Identify bottleneck

Network

Ensure that the required bandwidth is available. The Veeam It is not recommended to perform these tasks over a slow
proxy server and the primary Veeam backup repository network connection, as this could affect the performance of
should be in the same location as the production the backup job or the recovery process.
environment to optimize backup and restore tasks.

Proxy server

Decide on the optimal transport method. With Veeam Backup Network mode is usually the slowest method for backups
& Replication, you can choose between three transport and restores, especially if your ESXi servers only have
methods for backups and restores: 1Gbit management interfaces. If you still need to use
• Direct storage access network mode, make sure you use a 10Gig NIC for the ESXi
(optional: Backup from storage snapshots) server’s management port.

• Virtual application (HotAdd) SAN storage usually has poor single-stream performance
• Network (NBD) but good parallel-stream performance. So, for restoring
large single discs, hot-add is usually the fastest method. We
Perform backup and restore tests with different transport recommend deploying at least one hot-add proxy for restores
modes to find out which mode offers the best performance if you use other transport modes in your backup jobs.
for your environment.
For more information on our transport methods, see our
white paper 10 Best Practices for VMware vSphere Backups.

© 2022 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 9
10 Best Practices to Improve Recovery Objectives

Backup repository

To optimize backup and restore times, use a physical server To optimize recovery times with a virtual repository, do
with internal hard drives and an enterprise raid controller not use VMFS-based discs for your backup repository on
as the primary backup storage. This will give you the best a vSphere host. You will need to set up a new ESXi host to
performance for backups and restores. open the VMFS datastore in the event of a complete server
failure. This additional step takes time which is better
If you still choose to run your backup repository on a virtual invested in recovering your data.
machine, consider a dedicated virtualisation environment
to ensure that your backup repositories are separated from Deduplication appliances are not recommended as primary
the production environment. backup storage. However, deduplication appliances can be
suitable as secondary backup storage or for long-term storage.

Testing

Test backups and restores in your environment to see if Test the best transport mode for your environment.
your hardware is fast enough for your defined recovery Perform test recoveries with different restore modes
goals. Detect potential bottlenecks early. before putting your backup system into production.

No. 5: Choose the right restore mode

When recovery of data or entire machines To decide on the right method of restoration,
becomes necessary, you can choose one can ask three questions:
between different recovery modes. Veeam
1. What is to be restored?
offers 91 different recovery scenarios with
Veeam Backup & Replication v11. These are 2. Why am I performing this recovery?
summarised in our recovery scenario poster.
Note, however, that not every recovery 3. How much time do I have for
method is suitable for every situation. the recovery (RTO)?
Especially when it comes to restoring entire The following examples explains a few
virtual machines. restore method besides the normal Guest OS
File level restores.

© 2022 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 10
10 Best Practices to Improve Recovery Objectives

Operating system or application failure after installing updates

Most likely only the operating system drive will have issues
after an update of the operating system or an application.
Restoring all drives would overwrite data newer than
the backup. So, only the affected drive must be restored.

The recommended option is to restore the virtual hard

drive with Quick Rollback enabled (Picture 10). Quick
Rollback allows you to write back changed blocks only
(and not the entire hard drive). It must be activated
manually in the restore wizard.

NOTE: Don’t use Quick Rollback in case of a problem

caused by hardware or storage issue, or due to
a power loss. Quick Rollback only works for restores
to the original location.

Picture 10 — Restore with quick rollback

Malware/ransomware

If you have been attacked by ransomware or malware, Also, check the contents of your backups for traces of
it is important that you don’t start immediately with malware. With Veeam Backup & Replication, you can
the recovery. Once you have recovered the machines leverage Instant VM Recovery Sessions or Secure Restore
that you believe have been affected, there is a good (Picture 11) to check the restore point for malware. If
chance that these machines will be reinfected. you use Secure Restore, the recovery time is significantly
higher and chances are you will not achieve your desired
After an attack, assume that all systems have already been recovery time goals.
affected. It is important that you shut down your backup
server and production environment as soon as possible. If you need to restore hundreds or thousands of VMs,
Consult a security expert before you turn a system back on consider restoring everything to an isolated environment.
and restore the data. If you do not have your own security The forensic team can check the machines individually and
department, contact a security company or your security then release them to the production environment.
insurance company if they have one.

Picture 11 — Secure restore

© 2022 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 11
10 Best Practices to Improve Recovery Objectives

No. 6: Have spare hardware ready (or service)

When an emergency has occurred, there is restore your servers to and how you will
not much time to think about where you can access the restored data.
get the hardware to recover your data. In
Depending on your business requirements
the event of a fire in the server room or theft,
and financial possibilities, you will have
you will have lost some or all of your devices.
probably a second data center in a disaster
Therefore, it is important to be prepared
recovery site. But, what can you do if you
for this eventuality. Being prepared means
can’t provide one?
thinking about which platform you want to

Where do you want to restore?

Purchasing new hardware after a server failure can take If you do not have replacement hardware or a second
time. It can take weeks or months to get new hardware. location to run your virtual machines, you can use
So, you need to think about alternatives to overcome the public cloud or find a local service provider to run
this obstacle. your machines.

How can you access the recovered data?

Planning for recovery also means thinking about how Workplace as a service
your staff can access the data after a disaster.
In the case of a strict “no home office” policy, you can
We should think about the client devices and how they turn to a “workplace as a service” provider. With this
can access the server. For the end-user devices, there option, you can rent a complete workplace infrastructure
are two options. for your staff to be up and running in the first few days
after the disaster.
Bring your own device/home office.

In the event of a disaster, consider having your staff work from

their home office or bring their own device into the office. For
these options, usage policies and security measures should
have been established prior to the disaster.

No. 7: Avoid chicken-egg issues

The last thing you want to deal with when disaster strikes is chicken-egg problems. There are
some important points to consider if you want to keep your RTO window small.

© 2022 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 12
10 Best Practices to Improve Recovery Objectives

Encrypted backups

Your company has followed best practices to encrypt all

backups. Now the following scenario occurs:
A fire has burnt down the entire building. The backup server
has been lost. Fortunately, the company has replacement
hardware at its remote site and the backup data still exists
in its cloud-based object storage. The backup data is
encrypted with a strong key so that
it cannot be accessed if it is stolen.
The password to access the encrypted backup files was stored
in a password application on one of the failed servers.
The backup files are available, but the content cannot
be accessed without knowing the password. Without
the encryption key, their backup data is worthless. What
could be done differently to avoid such a situation?
• Keep the encryption password off-site and in a safe
place. The password must be available in case you have
lost your backup server and you need to restore data
from encrypted backup files. One option is to print out
the encryption password and keep it in a safe place, like
a safe deposit box or fireproof safe.
• Use password loss protection. With Veeam Enterprise Picture 12 — Password loss protection enabled
Manager, authorized users can recover data even if
the encryption password is lost. If the password is lost,
the backup server provides a challenge key for Enterprise
Manager. Using asymmetric encryption with a public/
private key pair, Enterprise Manager generates a response
that the backup server can use to unlock the backup
file without the password being available. If you use
Enterprise Manager for password recovery scenarios, you
should place it in a secure location or in a cloud VM.

If password loss protection was successfully enabled, you see

as an indicator the note “Loss protection enabled” (Picture 12)
in your backup job and configuration backup settings.

Configuration backup
After the fire event, you decide to install a new Veeam
Backup & Replication Server to be able to restore your
environment from the cloud-based object storage.
The configuration backup (Picture 13) will allow you to
restore the configuration from the lost backup server to
a newly installed backup server. To be able to do that,
the configuration backup must be available in case you lose
your backup server. A few ideas on how to achieve that:
Picture 13 — Configuration backup
• Use a repository in your secondary location for
the configuration backup job
• Use File Copy Jobs to copy the configuration backup to
a second location
• Use File to Tape Jobs to have a copy of the configuration
backup on Tape

© 2022 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 13
10 Best Practices to Improve Recovery Objectives

No. 8: Test a disaster recovery plan

When an emergency occurs, a quick response • How to check if the recovery was
is expected. The right specialists, both successful
internal and possibly external, must be ready.
• How to return from emergency operation to
Replacement hardware may need to be
normal operation
brought into service. Servers or applications
must be restored in the correct order. Access This plan should not only be documented,
to data must be restored. but tested, as you want to avoid faulty
processes during the actual recovery. Doing
Since the recovery of applications, services
that manually can be really time intensive, so
or the entire data center can be stressful, it is
it should be automatized.
advisable to create a disaster recovery plan.
The plan should contain all the information Veeam offers a solution for orchestrating and
you need to recover from a disaster that may testing disaster recovery plans. The product is
one day occur, including: called Veeam Disaster Recovery Orchestrator.
• Servers and components that are This product allows you to configure your
important for the application or service documented disaster recovery plan as
orchestration plan, whether you protect
• Dependencies on other applications
your environment with backup jobs (Picture
or services
14), replication jobs or storage replication.
• The correct recovery order for This allows you to automate the recovery
the components and verification of your enterprise VMs,
applications and services.

Picture 14 — Veeam Disaster Recovery Orchestrator

© 2022 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 14
10 Best Practices to Improve Recovery Objectives

No. 9: Empower application owners with self-service capabilities

The restore does not necessarily have to

be done by the backup administrator. It can
be delegated to an application or server
owner. If the backup operator performs
the restore, at some point he or she must
involve the application or server owner
to perform a functional check and/or
additional tasks before returning the server
to production status. Coordinating
the proper recovery of data, functional
testing and additional tasks can lead to
longer recovery times.
To reduce this timeframe, provide
application and server owners with
the right tools to perform the recovery
themselves.
Veeam Enterprise Manager
With Enterprise Manager, Veeam offers a solution to
delegate restores to application and VM owners. You Picture 15 — Enterprise Manager restore scope configuration
can configure restore scopes for the users and user roles
(Picture 15).
Enterprise Application Plug-ins
Besides VM restores, Guest OS File Restore and some
applications are also supported. Veeam plug-ins for enterprise applications allow
the configuration of backup jobs as well as recovery to be
We recommend the following best practices for placed in the hands of the application owner. These plug-ins
Enterprise Manager: use the native backup tools of the respective application to
• If possible, Enterprise Manager should be installed at back up and restore data from a Veeam Backup Repository.
a recovery site. This makes it accessible in the event of Veeam offers plugins for various applications:
a disaster recovery scenario. Since it is also needed for
the password loss protection feature, installing it at • Veeam Plug-in for SAP HANA
a recovery site has advantages in case you lose the primary • Veeam Plug-in for Oracle RMAN
backup server and the password to decrypt the backup files. • Veeam Plug-in for SAP on Oracle
• Enterprise Manager can be made virtually highly available For extra protection and to get a second copy of
with hypervisor features such as vSphere HA or similar the backups, you can use a “backup copy job” to a second
technology. repository or send the backup files to tape with a “File to
• To further protect your backup server, the Enterprise Tape job”. If you have a scale-out repository, offloading to
Manager portal should be installed in a DMZ zone. object storage with immutability is supported.

© 2022 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 15
10 Best Practices to Improve Recovery Objectives

No. 10: Use current versions of Veeam

New product versions of Veeam Backup & Replication offer performance and security
enhancements, as well as additional support for new versions of the platforms and applications
being backed up. With each update, recovery options are optimized and new features are added.

Veeam Backup & Replication V10 Veeam Backup & Replication V11
With Veeam Backup & Replication V10 recovery features Along with Veeam Backup & Replication V11, Continuous
such as next-generation Instant Recovery engine and Data Protection (CDP) has been released. CDP allows you
Instant Database Recovery have been introduced. to replicate virtual machines from one vSphere Cluster
The next-generation Instant Recovery engine enables to another vSphere Cluster with a minimum RPO of two
you to initiate Instant Recovery for multiple VMs at once seconds (Picture 16). With CDP, you can do immediate
with much better performance comparted to the previous recoveries to a latest state or desired point in time. This
version. V10 also brought Instant Recovery for individual new opportunity minimizes data loss and eliminates
disks. If the problem occurs only on one disk, there is no downtime in your environment.
need to recover the entire VM.

Picture 16 — Continuous data protection

Conclusion
Following these best practices will ensure that you can meet your recovery point objectives
and recovery time objectives. You will be prepared to recover your data with no more data loss
than expected.
Veeam’s backup and recovery products can help you follow the best practices. To learn more,
download a 30-day FREE trial today!
To conclude the white paper, here are the important key points summarized again:
• Use the right hardware to achieve the goals of your backup strategy
• Use immutable and/or air gapped backup storage
• Have and test your disaster recovery plan

© 2022 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 16
10 Best Practices to Improve Recovery Objectives

About the Author

Fabian Kessler is a member of the Veeam
product management team. Before that,
he worked as a System Engineer at a Veeam
Service Provider in Switzerland. There, he
was responsible for designing and managing
the Veeam environment (Veeam Backup
& Replication, Veeam Cloud Connect and
Veeam Backup for Microsoft 365).

About Veeam Software

Veeam® is the leader in backup, recovery and data management solutions
that deliver Modern Data Protection. We provide a single platform for
cloud, virtual, SaaS, Kubernetes and physical environments. Our customers
are confident their apps and data are protected and always available with
the most simple, flexible, reliable and powerful platform in the industry.
Veeam protects over 400,000 customers worldwide, including more than
82% of the Fortune 500 and over 60% of the Global 2,000. Veeam’s global
ecosystem includes 35,000+ technology partners, resellers and service
providers, and alliance partners and has offices in more than 30 countries.
To learn more, visit www.veeam.com or follow Veeam on LinkedIn
@veeamsoftware and Twitter @veeam.

© 2022 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 17