When faced with a disaster, your recovery plan is put to the test! What order did those VMs need to start up in again? What was the command I needed to run to get that app running on a new IP? What was the VLAN ID for the DR Site? Take the guess work out of your DR plan with Veeam Recovery Orchestrator!
This session will provide an overview of Veeam Recovery Orchestrator (VRO) and the capabilities that will help any company recover from disaster in record time. Whether you need to quickly restore an application from backup that's been hit, or invoke a full site failover, VRO can help ensure you're in the best possible position. Don’t wait until disaster strikes to know you are capable of achieving your recovery objectives. We’ll take a deeper look into Veeam Recovery Orchestrator’s automated testing and SLA dashboards and how they can identify potential impacts to your DR plan before it’s too late.
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
[VeeamOn23] MIA05 The Essential Guide to Veeam Recovery Orchestrator for Disaster Recovery Management
1. Ben Thomas
Solutions Advisor
Veeam Vanguard & Microsoft
MVP
@NZ_BenThomas
The Essential Guide
to Veeam Recovery Orchestrator
for Disaster Recovery Management
Andre Atkinson
Senior Cloud Product Manager
Veeam Vanguard
@Lifes_Backup
6. 1-click recovery at scale
Recover single apps or an
entire site with one click,
secured by role-based access
control
Zero-impact testing
Veeam DataLabs™ tests increase
confidence, simulating disaster
recovery without impacting
production systems
Up-to-date documentation
Automatically updated reports
for pre-checks, tests and
executions help detect & correct
issues with DR readiness
Supported platforms and applications:
Know your
compliance
RTO and RPO reporting
help meet compliance
standards and SLA
targets
Storage:
NetApp, HPE, Lenovo
Azure, vSphere Apps:
Exchange, SQL, SharePoint
Agents:
Windows & Linux
Custom scripting
Veeam Recovery Orchestrator
8. Cloud DR
Recover any backup as an
Azure VM
Agent DR
Recover Veeam Agent backups as
VMs
Clean DR
Scan for ransomware during
recovery
V6 new features
9. DR site
Production site
Source agents
Source VMs
vSphere
datastores
Storage
array
Volumes
Veeam Backup & Replication™
server
Orchestrator
Agent
Veeam Recovery
Orchestrator server
Replica VMs
Instant
VM
Recovery®
Backup
repositor
y
Replication
DR recovery
locations
Backup
Storage
array
Snapshots
Storage replication
CDP replication
Architecture overview of Orchestrator v6
Recovered machines
10. Cloud DR
Recover your backups as Azure VMs
Works with Agent and vSphere backups
Compatible with Windows and Linux OS
Orchestrated cloud restore
11. • An Azure Compute Account must be added to the Veeam Backup & Replication
server.
• An Azure Storage Account must be pre-provisioned.
• At least one Azure vNet must be pre-provisioned.
• A Linux helper appliance must be provisioned in Azure if direct restore of Linux
backups are required.
• (Optional) an Azure cloud proxy can be deployed to improve performance of
restores.
Cloud DR prerequisites
14. Agent DR
Recover Veeam Agent backups to vSphere
Compatible with Windows and Linux OS
Recover Veeam Agent backups to Azure
Orchestrated direct restore
Agent and VM groups can be in the same plan
17. Clean DR
Scan restore points at recovery time
Supports multiple AV solutions in Windows OS
Works for recovery to vSphere and Azure
Works with vSphere and Agent backups
Orchestrated Secure Restore
18. Clean DR
Plus any other anti-virus software with CMD
support
Microsoft
Windows
Defender
ESET NOD32
Smart Security
Symantec
Protection Engine
Veeam Backup
& Replication
Backup
repository
1. Select multiple restore point(s)
Mount Server
2. Mount disks
directly from backup
file to mount server
Anti-virus software
installed with latest
definitions
3. Anti-virus check
4a. No infections found; continue restore
4c. Infection found; stop
restore or complete restore
and connect VM to a
quarantine network
4b. Infection found;
proceed to next available
restore point
Veeam Recovery
Orchestrator server
Orchestrator Agent
22. Start with clean VM (cannot co-exist with existing Veeam Backup & Replication/Veeam
ONE™)
Use single-server deployment ONLY for POCs
Install Veeam Disaster Recovery Orchestrator Agent on all Veeam Backup & Replication
Replication servers
Use embedded Veeam Backup & Replication for VRO standalone deployment
(orchestrating storage ONLY)
• Embedded Veeam Backup & Replication is fully functional.
Embedded Veeam ONE is for VRO categorization only
• No performance data.
• Embedded Veeam ONE can be used to push vSphere tags.
Run VRO & VBR at the DR Site, or at a third site. You don’t want them to be unavailable at
VRO deployment design tips
1
2
3
4
5
6
23. Only supports scanning backups from on-premises repos.
• Object storage and Scale-out Backup Repository™ unsupported at current release.
Only use when you suspect malware might be present in the environment.
• Increases RTO as every disk needs to be scanned by the AV engine.
• Only a single machine per repo can be scanned at a time.
Currently only supports Windows-based workloads.
Quarantine network only supported by cloud DR restores. On-premises plans will
restore without a network connected.
Clean DR tips
24. Automatic tags for Veeam Backup & Replication objects:
• vSphere Backup Jobs.
• Agent Backup Jobs & Protection Groups.
• vSphere Replication Jobs.
• vSphere CDP Replication Jobs.
Import vSphere tags:
• Configure Veeam ONE to import vSphere Tags.
• Tag all your resources in vCenter logically (Prod vs Dev, LoB App A vs LoB App B).
Custom business views:
• Create additional categories in Veeam ONE Business View as needed.
• Manual selections, or based on one or more conditions (Power Status, Datastore
etc.).
Tags – they run the world
1
2
3
Andre to speak
Hey all, so a little bit about myself, my name is Andre Atkinson, and I am a Senior Product Manager focusing on Cloud, I have a background in Backup, storage and automation.
I have been working in IT for the last decade in all manner of roles and have been working with Veeam for probably the last 5 or so years.
My friend Ben Thomas who is up here on stage today with me is a Solutions Advisor and fellow Veeam Vanguard, Ben will be doing the demos today and walking you through some of the Veeam Recovery Orchestrator components
Andre to Speak
Today we’re going to have a chat about Disaster Recovery, some of the common challenges when trying to enact those plans, and then have a look at how Veeam Recovery Orchestrator can help with them. We’ll dive into some of the newly released capabilities of v6, along with some tips and tricks for getting started. Finally, we’ll take a look at the extra value you’ll have access to once you’ve got VRO in your environment, that’s available without needing to have a disaster to recovery from ;)
Andre to Speak
Hands up who has been part of a Disaster Recovery scenario?
Now keeps those hands up if you had a Business Continuity Plan when it happened that you were able to follow?
How about keeping your hands up if you knew all the required staff? Passwords? Were you able to get into the DC if you needed to?
Most of us here have more than likely at some point in our careers been part of a P1 or a major DR event that required us to jump into action and get it resolved, I myself have been part of those type of situations and I can tell you that it wasn’t always smooth sailing, either the Business Continuity plan had gaps or was outdated, and the information was no longer valid.
which brings us to today’s topic of Veeam Recovery Orchestrator and why I reckon you and your business should use it.
Andre to Speak
Why should you use Veeam Recovery orchestrator?
Well, Accidents and outages happen, as I said before we have all more than likely been part of Priority 1 situation which required us to failover to DR, This could have been a ransomware attack or a natural disaster like a flood or hurricane. It could be a staff member accidently causing damage through a failed change or worse case it could have been malicious attack from the inside
NZ see’s it’s fair share of rain, but that doesn’t mean its businesses are prepared for every scenario
As Ben can attest, New Zealand recently had once in a lifetime flood that shut down motorways, forced people to evacuate homes and of course damaged a lot of businesses, even being in a country where it rains a lot some businesses were not prepared, staff were dealing with the floods and their homelife. This forced some business to look at the DR plans and ask some tough questions.
- What happens if you can't access your DC?
- What happens if the Sysadmin can't connect to the system remotely or is uncontactable due to a natural disaster?
for some organizations DR unfortunately isn't a priority until it was required, and at the point its to late. We always say that backup and DR should be treated like an insurance policy, you don’t take out car insurance because you PLAN to crash your car into someone, you take out car insurance incase it ever happens, and you hope it never happens and you never have to use that insurance policy.
Andre to Speak
A good friend and mentor of mine once told me a story where his team got called into a meeting room to run through the Business Continuity Playbook as part of a yearly testing, he was one of the senior staff there and had been through this exercise a few times but in this particular instance the boss sat them all down and pointed to a few key members of the team and said, “right you dead and you are dead”.
Everyone was of course a bit confused by this, but he told the rest of the team that they need to go invoke DR, and keep in mind this was full production DR so all systems, go and invoke DR without these key members, here is the playbook which SHOULD, SHOULD being the key word here, should contain everything you need to successful invoke DR.
Safe to say it didn’t go as smoothly as it should have but luckily in their case, they did perform regular testing of their BCP to make sure it worked, what they didn’t test was assumed roles, if a key staff member was not available could someone else do his bit? And in there is the learning exercise
Can you test it regularly?
When last did you test it?
What was your data size when you tested? Has this grown since last time? Were you protecting 10TB for arguments sake and now you protecting 100TB?
Are your links big enough to handle the additional workload?
Can the DR equipment handle it? Is it still stable? Under warranty?
Can you perform DR with limited staff?
All these questions need to be asked often and by the right people
Andre to Speak
So again, Why should you use Veeam Recovery Orchestrator and how does it solve the problem?
For any of the automation guys in the room like myself, VRO allows you to automate the entire process of testing your Business Continuity plan with Zero impact testing, you can perform full automation and verification failovers of your infrastructure and generate up-to-date documentation of which tests have been successful or not, were you able to restore everything within your required RPO and RTOs? Were you within Compliance all those sorts of things and you can email that straight to your CTO with confidence saying “yip DR has been tested and we all good”
In fact, just schedule the email to go to him directly and cc yourself in to save a step we all love emails, right?
With a single click, you can recover a single application or an entire site right from the web interface all in an automated fashion with the required testing in place, this can of course be done by anyone who has access so no need for the VMware guy, The Storage guy, The network guy all online and running through a complicated multiple step or even multiple page document just to get your business back up and running.
Just log in, click a button and if its all be tested often you should have your business backup in no time
Andre to Speak
Let's step into some what's new with V6 and how you can leverage the latest and greatest to protect your business and with that let’s have a look at some of the latest features
Andre to speak
So as we said V6 comes with an array of new features, but we would like to highlight 3 here today that we think would be the biggest benefit and Ben has worked out some demos for us as well.
Ben to run through architecture before we jump further into the details
Ben to Speak
2 Sites, standard setup, VRO and VBR in DR Site
As expected, we’ve got a bunch of VMs and machines protected by Agents at the source
As with standard DR, usually we have some VMs replicated and maybe in realtime with CDP, VRO can help manage the failover order, as well as post failover tasks
But sometimes you’ve got some secondary machines that are only backed up, or maybe they’re physical. Well VRO can leverage instant VM recovery to include these in your failover plans to your DR vSphere Cluster
And maybe you’ve got a supported SAN, that is leveraging storage replication, well you guessed it, VRO can help orchestrate failing LUNs over, mounting them to the DR Hosts and importing VMs to power them on.
You might’ve noticed a cloud icon in the DR site, and we’ll touch on that now
Andre to Speak
So, cloud DR, this has been one I have personally been waiting for, Cloud DR gives VRO the ability to DR into Azure, This works with both Agent based backups as well as vSphere workloads, Linux or windows doesn’t matter.
I know this is something a lot of people have been waiting for and I'm glad to see it part of the product suite.
Ill hand over to Ben to show us what this looks like in real time, I hope you are as excited as I am.
*Ben
Testing is currently not supported for CDP replica and cloud plans.
Ben to speak
Walk through setup of Recovery Site for Cloud
Walk through setup of Cloud DR Orchestration Plan
Walk through Failover of Cloud DR instance
Andre to Speak
Agent DR allows you to recover your agent-based workloads to vSphere as well as Azure, Much like with CloudDR this was a sort after feature with customers using agents to protect cloud native workloads as well on prem environments.
Ill hand over to Ben to do another Demo for us.
Ben to Talk
Walk through of Recovery Location setup
Walk through of Agent DR Orchestration Plan setup
Walk through of Failover
*Andre to Talk
CleanDR is probably the coolest of the new features in my opinion, CleanDR allows you to orchestrate a Secure Restore. What that means is it allows you to complete a virus scan of the VM before you complete the restore.
This might seem a bit weird but the use case here is that you don’t know when your machine was affected right? There could have been ransomware sitting dormant on the machine without you knowing for days before the attack occurred as an example.
So the idea here is that AV scanners would have updated their definitions and signatures and would now be able to detect this potential malware/ransomware and as a result would be able to eliminate it before the restore completes thus protecting your DR environment.
Alternatively, you have the option to boot the infected machine in a quarantine network to allow security experts to analyze the damage or look for a fix.
Ben to Talk
At Orchestration Plan runtime, select the number of restore points you want to attempt
The mount server will mount the latest backup
The mount server then runs an AV scan using FLR to check for any malware
Depending on the outcome of the AV Scan, Veeam will
A – continue with the plan if no infections are found
B – Scan the next available restore point if an infection has been found
C – Stop the restore or restore to a quarantine network once available restore points have been exhausted
Ben to Talk
Show options for configuring Ransomware scanning
Show output of existing job that scanned for malware
Andre to talk about how awesome the demo was and how we’re going to share our knowledge
Ben to Talk
*Ben works his magic
Ben to Talk
*Ben works his magic
*Ben to talk
Andre to speak
Hopefully we run out of time *jokes*