One of the cool features of VMware Cloud Disaster Recovery (VCDR) is the Enhanced Ransomware Recovery capability. This is a quick post to talk through how to turn it on in your VCDR environment, and things you need to consider.
The first step is to enable the ransomware services integration in your VCDR dashboard. You’ll need to be an Organisation owner to do this. Go to Settings, and click on Ransomware Recovery Services.
You’ll then have the option to select where the data analysis is performed.
You’ll also need to tick some boxes to ensure that you understand that an appliance will be deployed in each of your Recovery SDDCs, Windows VMs will get a sensor installed, and some preinstalled sensors may clash with Carbon Black.
Click on Activate and it will take a few moments. If it takes much longer than that, you’ll need to talk to someone in support.
Once the analysis integration is activated, you can then activate NSX Advanced Firewall. Page 245 of the PDF documentation covers this better than I can, but note that NSX Advanced Firewall is a chargeable service (if you don’t already have a subscription attached to your Recovery SDDC). There’s some great documentation here on what you do and don’t have access to if you allow the activation of NSX Advanced Firewall.
Like your favourite TV chef would say, here’s one I’ve prepared earlier.
Recovery Plan Configuration
Once the services integration is done, you can configure Ransomware Recovery on a per Recovery Plan basis.
Start by selecting Activate ransomware recovery. You’ll then need to acknowledge that this is a chargeable feature.
You can also choose whether you want to use integrated analysis (i.e. Carbon Black Cloud), and if you want to manually remove other security sensors when you recover. You can, also, choose to use your own tools if you need to.
And that’s it from a configuration perspective. The actual recovery bit? A story for another time.