Cloud Tech Associate

Disaster Recovery Course

#CyberFit
Certification

Acronis #CyberFit Cloud Tech Professional Certification

Consists of the following courses (specializations)

You are here

Sections
1. Getting Started
2. Adding Cloud Servers
3. Other Operations

This and other courses are also available on LMS:

• Visit https://partners.acronis.com/training for more information
Getting Started
Setting Up Disaster Recovery (DR Advanced Pack)
Disaster Recovery with Cyber Protection

Acronis Cyber Protect Cloud

Advanced Disaster Recovery
▪ File-level, disk-level, image and application backups
▪ Backup popular workloads like Mac, Windows,
▪ Production and test failover to
Linux, Microsoft 365, Google Workspace, Hyper-V,
Acronis Cloud
VMware, and more
▪ Runbooks: disaster recovery
▪ Flexible backup storage options
orchestration
▪ Acronis active protection
▪ VPN-less deployment option
▪ Archive encryption
▪ IPsec Multisite VPN support, L2 site-
▪ Incremental and differential backups to-site open VPN
▪ Antimalware and anti-virus protection ▪ Multiple templates
▪ Vulnerability assessments ▪ Custom DNS configuration
▪ Instant restore with RunVM
and more…
Simplify Clients’ Disaster Recovery With a Turn-
Key SaaS Solution
ACRONIS DATA CENTER
Cloud recovery sites

All components out-of-the-

box
Hot and cold On-demand Virtual
Management Backup and DR
storages compute router
console servers
Easier and quicker PoC and
deployment stages
CLIENTS’ ENVIRONMENTS

Agent Agent
Single console helps you
Agent for Hyper-V Agent for VMware
for Windows for Linux
easily offer disaster recovery
Hyper-V VMware
Administrator Windows
server
Linux
server
for your clients
VM VM VM VM VM VM

Other virtual platforms and

Virtualization platforms physical machines
Cloud-Based Disaster Recovery
▪ In Acronis Disaster Recovery Add-On, the following cloud servers can be created:
• Recovery Server: A cloud server that is created based on an existing backup (backup must be
stored on cloud storage), can be turned on for testing or failover purposes
• Primary Server: A cloud server that is created based on a template, can be used for
production workloads, e.g., as a new server or as part of a cluster
▪ For initial setup and configurations, login to the Cloud Console
Cloud-Based Disaster Recovery
▪ Limitations:
• Disaster Recovery is not supported for:
a) Platforms: Virtuozzo virtual machines and containers | MacOS
b) Windows: machines with dynamic disks | removable media without either GPT or MBR
formatting | Active Directory service with FRS replication
c) Linux: machines with logical volumes (LVM) or volumes formatted with XFS file system | file
system without a partition table
d) CDP recovery points (data contained in CDP recovery points will be lost during failover)
e) Forensic backup cannot be used
Disaster Recovery for Any Workload
Physical and virtual machines ▪ Windows ▪ Linux

▪ VMware vSphere ▪ Virtualization

Virtualization platforms ▪ Microsoft Hyper-V ▪ Citrix XenServer
▪ Linux KVM

Cloud servers for real-time ▪ For applications with built-in

application replication replication like SQL Server
AlwaysOn

Windows SQL Share Active Citrix Linux VMware Red Hat Linux
Exchange Hyper-V
Server Server Point Directory XenServer Server vSphere Virtualization KVM
Supported Environments
Category
Supported OS for Recovery
Server
Supported virtualization
platforms for Recovery
Server
Supported virtualization
platforms for VPN appliance
Requirements for VPN
appliance
Details
‒CentOS 6.6 and above, Debian 9 and Ubuntu 16.04
‒Windows Server 2008/2008 R2 and above except for Windows Server 2016 Nano Server
‒Windows Desktop OS not supported due to Microsoft product Terms
‒VMware ESXi 5.1 and above
‒Windows Server 2008 with Hyper-V and above except for Windows Server 2016 Nano Server
‒Kernel-based Virtual Machines (KVM)
‒Red Hat Enterprise Virtualization 3.6 and above and Red Hat Virtualization 4.0
‒Citrix XenServer 6.5 and above
‒Azure virtual machines
‒VMware ESXi 5.1 and above
‒Windows Server 2008 with Hyper-V and above except for Windows Server 2016 Nano Server
‒1 vCPU, 1 GB RAM, 8 GB HDD
‒TCP 443 (outbound) for VPN connection, TCP 80 for automatic update of appliance
Getting Started
1. Configure connectivity type to cloud recovery site:
• Site-to-site connection | Cloud-only mode | Point-to-site connection
2. Configure Protection Plan to perform backup of machines to be protected either directly or
replicate to Acronis cloud storage
3. Create Recovery Servers based on the machine that was backed up
4. Perform test failover to check everything works
5. [Optional] Configure Runbooks and Point-to-Site VPN
6. Perform failover in a DR scenario
Connectivity
▪ To access cloud servers, 3 types of connectivity are available:
• Site-to-site connection:
a) Requires installation of VPN appliance on-premises (local site), creates a VPN tunnel to enable secure communications
between local and cloud servers

b) Cloud servers are accessible through local network, point-to-site VPN and public IP addresses (if assigned)

c) Typically chosen when local and cloud servers are tightly dependent, i.e., in a partial failover scenario to allow cloud
servers to communicate directly with local servers

• Cloud-only mode:
a) No VPN appliance required, local site and cloud site are independent networks

b) Cloud servers are accessible through point-to-site VPN and public IP addresses (if assigned)

c) Typically chosen when local and cloud servers do not need to communicate with each other, i.e., in partial failover
scenario for independent servers
Connectivity
• Point-to-site remote VPN access:
a) Available only after site-to-site connection or cloud-only mode is configured

b) Uses OpenVPN client to connect to cloud or local servers

c) Typically used to remotely access cloud servers when using cloud-only mode or when local site is down (when using site-
to-site connection)

d) If site-to-site connection is available, local servers can also be accessed remotely (from outside of the company network)
via point-to-site VPN

▪ For cloud servers that requires access from Internet such as web servers, public IP
address can be assigned during cloud server setup
Connectivity – Initial Configuration

Choose a
connectivity type
Connectivity – Initial Configuration

Deploying VPN
gateway
VPN-less deployment option – Cloud only
Onboard clients more quickly and easily
VPN virtual appliance is not necessary for
“point-to-site” connectivity.

Switch from the “point-to-site” to “site-to-

site” mode as you wish.

This option is especially useful for customers

who want to quickly evaluate the service or
don’t need to extend the local network to the
cloud site.

Why?
Connect clients’ quickly and easily with
point-to-site or site-to-site connectivity
Connectivity – Setup Cloud-Only Mode

Click to show
connectivity
properties

Add additional
cloud networks
Connectivity – Setup Site-to-Site Connection

Click to download
VPN appliance

VPN Gateway
deployed in Cloud Site
Connectivity – Setup Site-to-Site Connection

Download VPN
appliance
Connectivity – Initial Configuration
1. Go to Disaster Recovery tab and choose type of connectivity
2. Once type of connectivity is selected, VPN gateway will be deployed in cloud site
3. For Site-to-site connectivity:
• Download either the VMware or Hyper-V appliance for installation on-premises
• Install, configure and register the appliance
3. For Cloud-only mode:
• VPN gateway will be pre-configured with 1 cloud network
• Click on Add network to add more networks for cloud site (to be used by cloud servers)
Connectivity – Installing VPN Appliance
1. Download the VPN appliance:
• Choose either VMware or Hyper-V appliance to
download

2. Prepare the host before installing the VPN

appliance:
• In VMware vSphere, ensure that that Promiscuous
mode and Forged Transmit are enabled and set to
Accept for all virtual switches that connect the VPN
appliance to the production networks. To access this
setting, in vSphere Client, select the host > Summary >
Network, select the switch > Edit settings… > Security
• In Hyper-V, create a Generation 1 VM with 1024 MB of
RAM. It is recommended to enable Dynamic Memory
for the VM. Once the VM is created, go to Settings >
Hardware > Network Adapter > Advanced Features
and select Enable MAC address spoofing check box
Connectivity – Installing VPN Appliance
3. Install and power on the VPN appliance
4. Open the appliance console and login with
admin | admin
5. [Optional] Change the password
6. [Optional] Change the network settings if
needed, define which interface will be used as
the WAN for Internet connection
7. Register the appliance using Customer
Administrator credentials1

1 If 2FA is enabled for the account but not configured, it must be setup first before trying to
register the VPN appliance as the TOTP will be required.
Connectivity – Site-to-Site Connection

Click to view
cloud servers
Click to view
local servers Local network
reported by Add cloud
VPN appliance networks
Connectivity – Site-to-Site Connection

VPN Appliance settings

Connectivity – Site-to-Site

VPN gateway settings

Connectivity – Site-to-Site
▪ The status of the site-to-site connection will be shown after it has been
successfully setup:
• Up to 5 local networks can be reported and linked to the cloud site via the VPN
tunnel
• Number of local servers and cloud servers (after they have been created) in each network,
i.e., having an IP address in the network, will be shown
• More networks can be added to the cloud site (up to a total of 5 overall) by clicking on Add
networks on the connectivity gateway, cloud networks added will be independent
from local networks
Connectivity – Properties

View and configure

connectivity properties
including for Point-to-Site
VPN
Connectivity – Properties
▪ Operations available from Properties:
• Site-to-site section:
a) Enable/disable site-to-site connection | Download VPN appliance | Local routing

• Point-to-site section:
a) Enable/disable point-to-site VPN to local site | Re-generate configuration file | Download configuration for
OpenVPN

1 There may be situations where local networks are not registered in the VPN appliance and hence not reported to the connectivity gateway
Connectivity – Configuring Point-to-Site VPN

1. Download OpenVPN configuration from Disaster Recovery > Connectivity >

Properties, regenerate configuration if necessary
2. Download and install OpenVPN client on the machines from which to
connect to cloud or local servers remotely and import the configuration file
3. Initiate the point-to-site VPN connection using cloud console accounts
IPsec Multisite VPN Support
Strengthen security for your clients
Integrates secure protocols and
algorithms, so you can easily support
clients with multiple sites that are
hosting critical workloads with higher
requirements for security, compliance,
and bandwidth.

Transparent connections and tunnels

status and self troubleshooting.

Why?
Easily support clients with multiple sites that are
hosting critical workloads
Custom DNS configuration
Provide flexibility by setting up custom
DNS configurations
Easily adjust DNS settings for your cloud
servers, that are dependent on your own
DNS services.

Set up custom DNS settings for Disaster

recovery cloud servers for the whole
disaster recovery infrastructure in the
Acronis cloud

Why?
Makes it even easier for you to
support your clients
Multiple networks support
Support more complex customer infrastructures
Extend up to five local networks to
the Acronis Cloud Recovery Site
through the single site-to-site
connection.

Failover complex environments

where protected servers are
distributed across several network
segments.

See connectivity statuses of all five

networks in one view.

Why?
Support different kinds of clients by
supporting more complex infrastructures
Adding Cloud
Servers
Adding Recovery and Primary
Servers
Recovery Server
▪ Pre-requisites:
• A Protection Plan with Backup must be applied to the machine you want to protect:
a) Backup the Entire Machine or disks/volumes containing the OS and applications and data for failover
b) Cloud storage must be selected as one of the locations for backup
c) Recommended to run the Backup Plan at least once to ensure that cloud backups are successfully created

▪ Operations available:
• Test failover | Production failover | Failback
Recovery Server

Create Recovery Server

Recovery Server

Configure Recovery Server

Recovery Server

Recovery Server
configurations
Recovery Server
1. Select the machine you want to protect and click Disaster recovery
2. Click on Create recovery server button
3. Select the number of virtual cores and the size of RAM for the Recovery Server
4. Specify the IP address the Recovery Server will have during production failover
5. [Optional] Select the Test IP address checkbox and specify the IP address, allows
connection to the Recovery Server via RDP or SSH during a test failover, if unchecked, only
console access is possible
6. [Optional] Select the Internet access checkbox to enable the Recovery Server to be able to
access the Internet during a production failover or test failover
7. [Optional] Select the Public IP address checkbox, public IP address will be shown after
configurations is complete
Recovery Server
8. [Optional] Set the RPO threshold which defines the maximum time interval allowed
between the last suitable recovery point for a failover and the current time, typically set to
the same as backup frequency, e.g., if backup frequency is daily, then RPO threshold
should be 1 day
9. [Optional] If the original backups are encrypted, specify the password that will
automatically be used when starting the Recovery Server
10. [Optional] Change the name and description
11. Click Done
Recovery servers RPO compliance tracking

Improve SLA compliance

Define recovery point thresholds for the
recovery servers to identify how "fresh"
the cloud backup of the original machine
(to perform failover) should be.

Track recovery point objective (RPO)

compliance in real time via the web
console.

Why?
Provide competitive SLAs and ensure you
are able to meet them
Recovery Server – Failover & Test Failover

List of Recovery
Servers
Recovery Server – Failover & Test Failover

Recovery Server
actions

Recovery Server
properties
Recovery Server – Failover & Test Failover

Test failover and

production failover
Recovery Server – Failover & Test Failover
▪ Failover is the process of moving a workload from on-premises to the cloud:
• When initiated, the Recovery Server starts and depending on the connectivity, can be
accessible from local network, point-to-site VPN or Internet if public IP is assigned
• All Protection Plans are revoked from the original machine and a new Protection Plan
is automatically created and applied to the Recovery Server to create backups for
subsequent Failback
• Once a Failover is initiated, the only way to exit the failover state is a Failback
▪ Test Failover is the process of starting and testing the Recovery Server to
check if it can be used in the event of a real Failover:
• When initiated, the Recovery Server starts and is connected to an isolated test VLAN
and multiple servers can be tested at the same time to check their interaction
Recovery Server – Failover & Test Failover
• Recovery Servers can communicate with each other using their production IP
address in the isolated test network but not directly1 with devices on local network
▪ Failover & Test Failover uses functionality similar to Acronis Instant Restore:
• For Failover, a VM is created based on Recovery Server configurations, linked to the
selected backup of the original machine and Finalized as soon as possible to achieve
best possible performance, i.e., similar to Run as VM + Finalize immediately after
temporary VM is created
• For Test Failover, the VM is not finalized to minimize space consumption on Disaster
Recovery storage which may result in slower performance, i.e., Run as VM only
• Protection agents in the Recovery Server will be stopped to avoid undesired activity
such as starting a backup or reporting outdated statues to Acronis Backup Cloud
1 Point-to-site VPN will be required to connect to Recovery Servers via RDP or SSH when performing test failover
Recovery Server – Failback
▪ Failback is the process of moving the workload from cloud back to on-
premises:
• Available after a Recovery Server has been finalized
• During this process, the server being moved is unavailable, the length of the
maintenance window is approximately equal to the duration of a backup and
subsequent recovery of the server
Recovery Server – Test Failover
1. Select the machine to test from Disaster Recovery > Servers > Recovery Servers
2. Click on Failover and ensure Test failover is selected for the failover type
3. Select the recovery point to use and click on Test failover button
4. The state of the Recovery Server changes to Testing failover
5. Test the failover using any of the following methods:
• In Disaster Recovery > Servers, select the recovery and then click Console to connect to the Recovery Server
• Connect to the Recovery Server via RDP or SSH using the test IP address from both outside and inside (requires
point-to-site VPN)
• Run a script within the Recovery Server, the script may check the login screen, whether applications are started,
the Internet connection and the ability of other machines to connect to the Recovery Server

6. When testing is complete, click Stop testing

Recovery Server – Production Failover
1. Ensure that the original machine is not available on the network
2. Select the machine to failover from Disaster Recovery > Servers > Recovery Servers
3. Click on Failover and ensure Production failover is selected for the failover type
4. Select the recovery point to use and click on Start production failover button
5. The state of the Recovery Server changes to Finalization and after some time, Failover
6. Ensure the Recovery Sever is started by using Console and can be connected to via its
production IP address
7. Once the Recovery Sever is finalized, a Protection Plan will be created and backups of the
Recovery Server will be created and stored on cloud storage
8. To cancel failover, click Cancel failover, all changes starting from the failover will be lost
except for Recovery Server backups
Recovery Server – Failback
1. Select the machine to failback from Disaster Recovery > Servers > Recovery Servers
2. Click Failback to open the Failback dialog box and click Prepare failback, Recovery Server
will be stopped and backed up to cloud storage
3. Wait for the backup to complete and use the backup to perform recovery on-premises
4. Once on-premises recovery is complete and verified, return to the Recovery Server and
click Confirm failback, Recovery Server and recovery points will become ready for next
failover
5. Alternatively, if failover is to continue, e.g., more time required to prepare for on-premises
recovery, click Cancel failover, Recovery Server will start and failback can be attempted
again subsequently
Primary Server
▪ Pre-requisites:
• Connectivity to the cloud site must be setup
▪ Operations with Primary Servers:
• Start or Stop the server
• Edit Primary Server settings
• Backup Primary Server using the pre-defined Protection Plan where only the
Scheduling and Retention rules can be changed, other sections/options are
locked/not available
Primary Server

Create Primary Server

Primary Server

Primary Server
configurations
Primary Server
1. Go to Disaster Recovery > Primary Server and click Create
2. Select a template for the new Primary Server
3. Select the number of virtual cores and the size of RAM for the Primary Server
4. [Optional] Change the virtual disk size and add more disks if required, up to a max. of 10 disks
5. Specify the IP address the Primary Server will have
6. [Optional] Select the Internet access checkbox to enable the Primary Server to be able to
access the Internet
6. [Optional] Select the Public IP address checkbox to assign a public IP to the Primary Server
7. [Optional] Set the RPO threshold which defines the maximum time interval allowed between
the last suitable recovery point for a failover and the current time, typically set to the same as
backup frequency, e.g., if backup frequency is daily, then RPO threshold should be 1 day
Backing Up Cloud Servers
▪ Recovery and Primary servers can be backed up to cloud storage:
• Only possible location is cloud storage
• Each cloud server must have its own Protection Plan, a Protection Plan cannot be
applied to multiple servers and only 1 Protection Plan can be applied to a cloud server
• Application-aware backup is not supported
• Encryption is not available
• Backup options are not available
• Backups are performed according to UTC time
▪ When a Primary Server is deleted, its backups are also deleted
Backing Up Cloud Servers
▪ A Recovery Server is backed up only in the failover state:
• Recovery Server backups continue the backup sequence of the original server
• When failback is performed, original server can continue its Recovery Server‘s
backup sequence
• Backups of Recovery Server can only be deleted manually or as a result of applying
retention rules
• When a Recovery Server is deleted, its backups are always kept
Other Operations
Using Runbooks and Storing
Credentials
Runbooks Improve RTOs and Automate Recovery

Design Test Execute Monitor

Use the intuitive Verify the integrity Execute runbooks Gain disaster recovery
drag-and-drop editor to of your disaster in a few clicks when the orchestration visibility with
define groups of recovery plans by real disaster strikes and a detailed runbook
machines and sequences executing runbooks in minimize RTOs with fast execution real-time view
of action with these the test mode in the failover and failback of and execution history
groups web console multiple servers
Runbooks
▪ A Runbook is a set of instructions for spinning up multiple cloud servers in a
certain order:
• Automate failover of 1 or more Recovery Servers
• Automatically check the failover result by pinging the server IP and checking the
connection to the port you specify
• Set the sequence of operations for Primary Servers running distributed applications
• Include manual operations in the workflow
• Verify the integrity of your disaster recovery solution by executing runbook in Test
mode
▪ Multiple Runbooks can be created and Runbooks can be nested, i.e., using a
Runbook to run other Runbooks
Runbooks

Select Disaster
Recovery > Runbooks

Click to create
runbook
Runbooks
Rename, Close, Save Runbook

Add Step

Instructions
Runbooks

Available actions
Runbooks

Description
can be added

Add description
and delete step
Runbooks
Add more actions to the same
step

Settings for
selected action
Runbooks

Available Runbook
operations and execution
history
Runbooks
▪ A Runbook can have 1 or more Steps that are executed sequentially and
each Step can have 1 or more Actions that are executed simultaneously
▪ Actions available:
• Failover server | Failback server
a) Operations that can be performed with Recovery Servers

• Start server | Stop server

a) Operations that can be performed with Recovery or Primary Servers

• Manual operation
a) Add a text description for manual actions to be taken before proceeding with the next step
Runbooks
• Execute runbook
a) Allows other Runbooks to be nested, each Runbook can only be nested once

▪ For Failover, Failback, Start and Stop server actions:

• Operation parameters:
a) Continue if already done (enabled by default): Warning is shown if action has already been performed and
Runbook will continue on to the next Action/Step; if disabled, operation and Runbook fails if action has already
been performed
b) Continue if failed: When enabled, warning is shown and Runbook continues, when disabled operation and
Runbook fails

• Completion checks (for Failover and Start server actions)

a) Ping IP address: Ping the production IP address of the cloud server until the server replies or the timeout
expires, whichever comes first
Runbooks
a) Connect to port (443 by default): Attempt to connect to the cloud server by using the production IP address
and port until the connection is established or the timeout expires
b) Default timeout value is 10 minutes and can be changed

▪ Once a Runbook has been created, the following operations are available:
• Execute | Edit | Clone | Delete
▪ When executing a Runbook, Execution Parameters will be prompted for:
• Failover and failback mode:
a) Choose whether to run a Test or Production failover
b) Applies to all Failover and Failback actions in the Runbook
Runbooks
• Failover recovery point:
a) Choose Most recent recovery point (default) or Closest before a specified data and time (select a point in time
in the past)
b) If Closest before a specified data and time is selected, the Recovery Point closest before the specified date
and time will be selected for each cloud server in the Runbook

▪ Stopping a Runbook execution:

• A Runbook can be stopped during its execution and all started Actions will be
completed except for those that require user interaction
▪ A Runbook‘s execution history can be viewed to see if it is successful or not
together with its start and end date and time
Encrypted backup support
Comply with data security requirements
Perform failover using encrypted backups and
allow the system to use the securely stored
passwords for automated disaster recovery
operations.

The new Credential Store feature (accessible from

the web console in the Disaster Recovery >
Credential Store tab) allows you to securely store
and manage passwords for encrypted server
backups.

Comply with various data regulations.

Why?
Keep clients’ data safe while complying with
various data regulations
Settings – Credentials

Stored credential for

encrypted backups
Settings – Credentials
▪ When encrypted backups are used for creating Recovery Servers, the
password used for encrypting the backups must be specified during
Recovery Server creation
▪ Password specified will be stored securely in a credential store and used
automatically when performing failover
▪ To manage stored crednetials, go to Settings > Credentials:
• View items linked to a stored credential, multiple backups can be linked to one
credential
• Unlink backups from a stored credential, password will have to be manually specified
during failover
• Edit or Delete a credential
What’s Next?
Certification Path
COMPLETED

Cloud Tech Foundation

Cloud Tech Associate

Protect
Cloud Tech Associate You are here!
(Protect/Backup/DR)
Backup
DR (w/ Files and Notary)

Cloud Tech
Professional
Certification Path
COMPLETED

Cloud Tech Foundation

Cloud Tech Associate

Protect
Backup
DR (w/ Files and Notary)

Cloud Tech Go here next!

Professional
Exam

Before exam: survey to take

• 20 multiple choice
questions
• 60 minutes
• 70% passing grade
• Two attempts given
• Open book
Other Acronis Resources

• Inside Sales

• Field Sales

• Partner Success Managers

• Solution Engineers

• Sales Enablement Team

• Partner Portal for More #CyberFit

Academy Training Courses
Supplemental Materials

The Evangelism Team at Acronis will be

periodically releasing new content
Please check back often
Check email for #CyberFit Academy Updates
Social Media Accounts
• Instagram: https://www.instagram.com/acronis
• Facebook: https://www.facebook.com/acronis/
• Twitter: https://twitter.com/Acronis
• Reddit: https://www.reddit.com/r/acronis/
• YouTube:
https://www.youtube.com/user/Acronis
Cyber Foundation
Building a More
Knowledgeable Future

Create, Spread and Protect

Knowledge with Us!
www.acronis.org
Building New Schools
Publishing Education Programs
Publishing Books