πNOTE: The availability of this feature may be limited based on the license type, region, and other criteria. To access this feature, contact support.
Overview
What is Scheduled Cyber Recovery Testing (SCRT) plan?
Think of this as a Fire Drill for your data. The system automatically runs a test on your schedule (Quarterly, half-yearly, or Yearly) to make sure everything works perfectly before an emergency happens.
Key Benefits:
Enhanced Cyber Readiness: Regular testing ensures that your recovery team is prepared and that your backup data is functional before an actual emergency occurs.
Regulatory Compliance: Automated testing provides the documented proof of "recoverability" required by many industry standards and legal regulations.
Prerequisites
For VMware
Requirement | What it is | Why it matters |
Backup Proxy: Reserved Proxy Pool | A dedicated Reserved Proxy Pool must be configured. Using a reserved pool ensures that testing activities do not interfere with your standard production backup window. | Without these, the system cannot move backups into the recovery area. |
Target Environment | A vCenter or ESXi host. | This is the "physical" destination where your recovered virtual machines will live. |
Sandbox Network | A fenced-off, isolated network segment. | Prevents recovered virtual machines from accidentally talking to your live office network. |
Storage Quota | Available space in your recovery destination. | You cannot recover 4TB of data if you only have 2TB of recovery space. |
Threat Scanner | Tools like ClamAV or similar, IOC Library and Threat Intelligence | Helps the system to scan your data for malware. |
π‘ Tip
Identify Your "Critical 10": Since the Scheduled Cyber Recovery Testing (SCRT) plans are limited to 10 VMs for testing, start with your most vital application (e.g., your Finance software or your Customer Database).
Prepare your Scripts: If your servers need special settings (like a new IP address) to work in the Sandbox, have those PowerShell or Bash scripts ready to upload in Step 5 - Post-restore actions.
Script Requirements:
Allowed file types: .ps1, .sh
Maximum size: 100KB
Naming convention: Script filenames must not contain Unicode characters
To ensure a successful recovery test, the following environment requirements and safety constraints must be met:
How to create a Scheduled Cyber Recovery Testing Plan?
Access Path: From the Cloud Platform console dashboard, navigate to Global Navigation icon > Cyber Resiliency > Ransomware Recovery > Cyber Recovery > Get Started with Cyber Recovery > Create a Cyber Recovery > Create Scheduled Recovery Plan.
Following are the steps on how to create a Scheduled Cyber Recovery Testing Plan to proactively test your recovery readiness.
On the Cyber Recovery Plan pop-up, click Create Scheduled recovery Plan and follow the steps mentioned below.
Step 1: General Plan Details - General Tab
Every recovery plan requires basic identification and a schedule to ensure regular testing without impacting active production systems.
Plan Details
Recovery Name: Provide a unique name to identify this plan.
Recovery Description: Briefly explain the purpose of this specific plan.
Testing Frequency
Testing Start Date: The specific date and time when the first recovery test should begin.
Frequency: Choose how often the test should run (Quarterly, Semi-annually, or Yearly) and set the start date and time.
Step 2 : Resource Selection For Recovery - Resources Tab
Select the specific resource that you want to protect and recover. For example, VMware. In case of VMware, you can select a maximum of 10 VMs per plan.
Search Resources
Filter and search resources by the following criteria:
Resource Type: Select the required resource type. For example, VMware.
Organizations: Select the required organization from the dropdown.
vCenter/ESXi Hosts (Only for VMware): Select the vCenter/ESXi Hosts from the dropdown.
Match: Select the match criteria by which the resources must be searched. It can be VMware Folders, Resource Name, Tags, DataStore, Host, or Clusters in case of VMware.
Search Criteria: Filter resources by Organization, vCenter/ESXi Hosts, or specific VM Folders.
Storage Quota
The interface displays a progress bar showing the total size of selected resources against your available storage quota. You cannot exceed 100% of your allocated recovery storage.
Understanding the Storage Quota Calculation for Scheduled Cyber Recovery Testing plan
Storage quota is calculated on a quarterly basis.
Example:
If the total backed-up VM data is 50 TB, and the allowed quota per quarter is 20% of the total backed-up data (10 TB).
Plan Size Distribution Across Quarters:
The total plan size is distributed evenly across quarters, depending on the selected plan frequency:
Plan Frequency | Quarters for Distribution |
Quarterly | 1 quarter - 20% (10 TB) |
Semi-Annual | 2 quarters - 40% (20 TB) |
Annual | 4 quarters - 80% (40 TB) |
Therefore, the quota for each quarter will be 20% of the total backed-up VM data.
Step 3: Snapshot Selection For Recovery - Snapshot Tab
A "snapshot" is a saved or backed up version of your data from a specific point in time. Select which snapshot should be used for recovery.
Recovery Window: Choose how far back to look for backups. You can select 7, 15, or 30 days as the recovery window.
Recovery Options: Select the required option.
Latest Snapshot: Automatically selects the most recent backup available.
Latest Snapshot with no IOC matches: Performs a Threat Hunt first to find the most recent backup that does not contain known Indicators of Compromise (IOCs).
Threat Hunt Criteria: You can scan for specific File Hashes (using predefined libraries or custom values) and File Extensions to ensure the restored data is clean.
This recent snapshot without IOC matches is selected for recovery if you select this option.
π‘Tip: Always use Latest snapshot with no IOC matches if you suspect a virus was present in recent backups.
Step 4: Target Environment Details - Target Environment Tab
This section defines where the recovered resource's data will be hosted. This is an isolated environment to prevent re-infection of your production network.
Field | Description |
Destination VMware Setup | The vCenter instance where the VMs will be restored. |
Backup Proxy Pool | It is recommended to use a Reserved Proxy Pool. This provides dedicated resources that keep your recovery separate from regular backup tasks to ensure better performance. |
Destination Hypervisor | The hypervisor details for the restored VMs. |
Destination Datastore | The storage location for the restored VMs (must meet minimum disk space requirements). |
Compute Restore | The host, cluster, or a resource pool where you want to restore the virtual disk. You cannot select a data center or a folder. |
Folder | A folder under the data center hierarchy where you want to restore the virtual disk. |
Network | The isolated network segment where the recovered VMs will reside. |
Step 5: Post-Restore Actions - Recovery Settings Tab
Once the system is restored, you can automate the clean-up and validation of resources once they are powered on in the recovery environment.
Recovered VM Name
Recovered VM Name Prefix: Add a prefix (e.g. "TEST-") to the names of recovered virtual machines to distinguish them from production.
Post Restore Actions
Detach Network Card: Isolates the recovered virtual machine from your production network upon boot to prevent accidental interference. Keep Detach Network Card active and enabled during testing to avoid IP address conflicts.
Enable OS Boot Configuration: Verifies network connectivity within the guest OS after the virtual machine starts up.
Post-Boot Scripts: Automatically runs custom scripts (PowerShell or Bash) after the virtual machine starts up. You can upload and run up to 5 scripts (e.g.,
.ps1) to reconfigure applications or hostnames. Allowed script file types are .ps1 and .sh, with a maximum file size of 100 KB.Post-Restore Scan: Runs a malware scan on the restored virtual machines and can optionally delete malicious files automatically.
Priority Order for Post Boot script and restore Scans
Select the Run post-Boot scripts after the Post restore scan to prioritize the order for these tasks.
Once you complete all the steps successfully, a new Scheduled Cyber Recovery Testing Plan is created.