Cyber resilience has become a must for any organization that runs a modern private cloud. When it comes to cyberthreats, prevention through infrastructure hardening, strong distributed lateral security, and secure recovery are key. The VMware Cloud Foundation platform uniquely delivers this full stack of capabilities to shield organizations from the devastating consequences of ransomware attacks. As part of this mission, VMware Live Recovery has released a set of key enhancements designed to accelerate, scale and simplify both cyber and disaster recovery operations for customers.
Accelerated Failback for Cyber and Disaster Recovery
Modern cyberattacks tend to dwell within an environment for days or even weeks, which is why ransomware recovery requires a deeper history of snapshots compared to traditional DR. Malware also moves laterally and infects production workloads before these get replicated to immutable copies in the cloud filesystem. This renders them unusable at the time of recovery, which forces IT teams to roll back days or even weeks to find a viable snapshot candidate to restore.
The need to roll back to older recovery points inevitably results in a larger data variation between the snapshot candidate that’s validated in the isolated recovery environment (IRE) and the workloads in production. Given the nature of delta-based failback, this requires larger data transfers from the IRE back to production and could delay the recovery process, especially if this is being done for dozens of VMs at a time.
To address this challenge, VMware Live Recovery now integrates with vSAN snapshot manager. When steady state replication from the on-premises VCF production site is configured with local vSAN snapshots (with the appropriate retention policies), customers can restore their workloads using local copies instead of transferring back data deltas from the cloud back to production. The recovery point candidates are safely validated in the IRE with NGAV and behavioral analysis, but instead of restoring a cloud-based snapshot to production, VMware Live Recovery connects with the vSAN snapshot manager to recover from a local snapshot. This makes the data delta orders of magnitude smaller and removes the data transfer bottleneck between the IRE and production which reduces failback time by up to 16x.
DR failback times have also been optimized thanks to sync back support. When workloads are run directly off the cloud filesystem versus undergoing failover to the recovery SDDC, incremental changes in virtual machines are now periodically transferred from the cloud filesystem back to production. This avoids the transfer of large data deltas that could accumulate and delay the failback process, especially when the VMs are running off the cloud filesystem for longer periods of time.
Increased Scale and Simplified Operations
To deliver increased scale, better performance, and optimized cost to our Enterprise customers with large data estates, VMware Live Recovery now supports up to four cloud filesystems per recovery SDDC. Customers can now benefit from increased snapshot storage capacity of up to 1.75PB. In addition, the ability to have multiple datastores mounted to a single recovery site delivers improves replication performance, simplifies topology design and VM networking configurations, and drives down cost by reducing the number of recovery SDDCs required. To further increase scale, each cloud filesystem can be paired with its own dedicated source site and then subsequently recovered to a single target SDDC.
Advanced Snapshot Selection Metrics for Cyber Recovery
The first stage in VMware Live Recovery’s cyber recovery workflow is designed to help IT teams identify and select recovery point candidates for subsequent validation in the IRE. This is done through Guided Restore Point Selection, a feature that allows customers to visualize a snapshot timeline along with metrics such as VMDK rate of change and file entropy which inform potential encryption based on how the data within the recovery point behaves over time. This allows them to confidently select snapshot candidates for recovery and reduces the number of iterations needed to find a good restore point.
VMware Live Recovery now supports advanced snapshot selection metrics, which provide additional visibility to users on indicators such as file creation or modification rates and creation of new files with known ransomware or irregular extensions. This helps IT teams better understand their snapshot inventory health and more confidently select recovery candidates, which results in less validation iterations and faster cyber recovery.
New announcements are coming at Explore Vegas. Attend one of our sessions or come by the Expo to watch VMware Live Recovery in action!