Skip to main content
Question

DC-DR attack scenario

  • November 4, 2022
  • 7 comments
  • 83 views
A
Forum|alt.badge.img+1

Hey Guys,

I have a scenario. I want to replicate VM from DC to DR site. At some point if the VM gets malware attack and the same is replicated to DR site. The DR site also gets malware infected. How to mitigate this kind of a scenario

    Chris.Childerhose
    dloseke
    Madi.Cristil

    7 comments

    MicoolPaul
    Forum|alt.badge.img+23
    • MicoolPaul
    • November 4, 2022

    Hi @Anandu!

     

    This is where you’d have multiple replica points to step backwards through, and you’d complement it with a backup in the DR site should you need to go back further!

     

    Hope this helps 🙂

    Michael Paul - Opinions are my own and do not necessarily reflect the opinion of Veeam | https://micoolpaul.com | Mastodon: @micoolpaul@masto.nu | Bluesky: @micoolpaul.com
    Chris.Childerhose
    BertrandFR
    dloseke
    haslund
    Forum|alt.badge.img+14
    • haslund
    • Mr. VMCE
    • November 4, 2022

    Fully agree witj @MicoolPaul. The alternative is to see if you can “replicate” on an application level for some selected applications. For example, Active Directory you would usually not relocate but rather just have an additional domain controller on the DC running.

    Check out my blog on https://rasmushaslund.com - Rasmus is a Veeam Certified Trainer and passionate about all community work.
    Chris.Childerhose
    MicoolPaul
    dloseke
    dloseke
    Forum|alt.badge.img+8
    • dloseke
    • Veeam Vanguard
    • November 4, 2022

    Unless I’m mistaken, I believe you can also create SureReplica jobs and have it scan the VM image for malware like you can in SureBackup.  Of course, you’ll need to have an up to date AV/Antimalware application to do the scanning, but it may be helpful in identifying malware sitting on the VM.

    https://helpcenter.veeam.com/docs/backup/vsphere/surebackup_job_settings_vm.html?ver=110

    Derek M. Loseke, Senior Systems Engineer | Veeam Vanguard 2025 | Veeam Legend 2022-2024 | VMSP/VMTSP | VCP6-DCV | VSP/VTSP | CCNA | https://technotesanddadjokes.com | @dloseke
    BertrandFR
    HunterLAFR
    Cragdoo
    Forum|alt.badge.img+8
    • Cragdoo
    • Veeam Vanguard
    • November 8, 2022

    Unless I’m mistaken, I believe you can also create SureReplica jobs and have it scan the VM image for malware like you can in SureBackup.  Of course, you’ll need to have an up to date AV/Antimalware application to do the scanning, but it may be helpful in identifying malware sitting on the VM.

    https://helpcenter.veeam.com/docs/backup/vsphere/surebackup_job_settings_vm.html?ver=110

    You’re talking about Sure Restore feature

    https://helpcenter.veeam.com/docs/backup/vsphere/av_scan_about.html?ver=110

    Veeam Vanguard | www.cragdoo.co.uk
    HunterLAFR
    vmJoe
    Forum|alt.badge.img+8
    • vmJoe
    • Veeam MVP
    • November 9, 2022

    I would use the replicas to provide quick failover incase of a physical location, or hardware failure. Recovering from a replica after a malware infection cn be hard as the changes get replicated to the target VM almost instantly if you are using CDP.

    To recover from a Malware attack you’d be better off recovering files from the last know good backup.  The backups can be checked with sure backup and you can use secure restore to make a VM is cleaned of a zero day malware attack before it get recovered.

    Joe Gremillion, VMCA, TOGAF9.2, VeeaMVP
    BertrandFR
    HunterLAFR
    dloseke
    Forum|alt.badge.img+8
    • dloseke
    • Veeam Vanguard
    • November 9, 2022

    Unless I’m mistaken, I believe you can also create SureReplica jobs and have it scan the VM image for malware like you can in SureBackup.  Of course, you’ll need to have an up to date AV/Antimalware application to do the scanning, but it may be helpful in identifying malware sitting on the VM.

    https://helpcenter.veeam.com/docs/backup/vsphere/surebackup_job_settings_vm.html?ver=110

    You’re talking about Sure Restore feature

    https://helpcenter.veeam.com/docs/backup/vsphere/av_scan_about.html?ver=110

     

    SureRestore can do this, but I learned on the VeeamON Update Labwarz that you can do it on SureBackup jobs as well.  I double checked and it’s an option for doing SureReplica jobs as well since it’s the same wizard.

     

     

    Derek M. Loseke, Senior Systems Engineer | Veeam Vanguard 2025 | Veeam Legend 2022-2024 | VMSP/VMTSP | VCP6-DCV | VSP/VTSP | CCNA | https://technotesanddadjokes.com | @dloseke
    HunterLAFR
    vmJoe
    Forum|alt.badge.img+8
    • vmJoe
    • Veeam MVP
    • November 9, 2022

    Unless I’m mistaken, I believe you can also create SureReplica jobs and have it scan the VM image for malware like you can in SureBackup.  Of course, you’ll need to have an up to date AV/Antimalware application to do the scanning, but it may be helpful in identifying malware sitting on the VM.

    https://helpcenter.veeam.com/docs/backup/vsphere/surebackup_job_settings_vm.html?ver=110

    You’re talking about Sure Restore feature

    https://helpcenter.veeam.com/docs/backup/vsphere/av_scan_about.html?ver=110

     

    SureRestore can do this, but I learned on the VeeamON Update Labwarz that you can do it on SureBackup jobs as well.  I double checked and it’s an option for doing SureReplica jobs as well since it’s the same wizard.

     

     

    Sure, but if a file got encrypted at the source, and then get’s replicated to a target it’s still encrypted.  SureReplica can test the viability of failover and scan for malware but it won’t fix errors.  A backup copy might allow you to restore to a clean copy and find the malware that was sitting in the server for a bit before it got triggered.

    Joe Gremillion, VMCA, TOGAF9.2, VeeaMVP
    BertrandFR
    dloseke
    HunterLAFR
    Terms & ConditionsAccessibility statement