Best Practices for Cloud-Based Ransomware Recovery for VMware Cloud Foundation

For flawless and non-disruptive recovery operations, you can follow certain best practices based on industry expertise and previous successful experiences.

Table 1. Best Practices for Cloud-Based Recovery for VMware Cloud Foundation
Operation	When or How Often	Description
Schedule snapshots of protection groups.	Initial setup for the VMware Live Cyber Recovery service. Business requirements have changed. A protection group has a low RPO and is regularly failing to complete a snapshot before the next one is scheduled to begin. Job queuing occurs regularly. After you activate ransomware recovery in a recovery plan.	Use multiple schedules to build recovery point depth without excessive recovery point count and to avoid introducing excessive change for older recovery points. See Snapshot Scheduling Best Practices in the VMware Live Cyber Recovery documentation. Use high-frequency snapshots. See High-Frequency Snapshots in the VMware Live Cyber Recovery documentation. To avoid job queuing, reduce other replication loads and distribute jobs evenly over time. As a best practice for ransomware recovery, configure snapshot schedules with a retention of at least 90 days. However, a 90-day retention schedule might result in higher storage capacity consumption. See Snapshot Retention in the VMware Live Cyber Recovery documentation.
Create or update recovery plans.	Initial setup for the VMware Live Cyber Recovery service. Business requirements have changed. The design and architecture of the environment have changed.	For a finer control over the order of workload restore or startup, add enough steps to the recovery plan. Running a script within a script VM provides a lot of flexibility. However, segmenting VM restore and power-on actions with many steps reduces parallelism and increases the time for failover and failback. See Set Up Recovery Plans in VMware Live Cyber Recovery in the VMware Live Cyber Recovery documentation.
Test recovery plans	Initial setup for the VMware Live Cyber Recovery service. At least twice a year to accommodate configuration drifts, architecture changes and new dependencies.	See Running a Test Failover Recovery Plan and Test Failover Example in the VMware Live Cyber Recovery documentation.
Configure user access management.	Initial setup for the VMware Live Cyber Recovery service. Business requirements have changed. Adopting a new security and compliance standard.	Follow the principle of least privilege. Introduce role-based access control for VMware Live Cyber Recovery and VMware Cloud services. For information about user roles and permission in VMware Live Cyber Recovery, see Invite Users to Your Organization in the VMware Live Cyber Recovery documentation. For example personas, see Personas in Cloud-Based Ransomware Recovery for VMware Cloud Foundation.
Restrict network connectivity.	Initial setup for the VMware Live Cyber Recovery service. Business requirements have changed. Adopting a new security and compliance standard.	In protected sites, VMware Live Cyber Recovery connectors only need specific port and destination access. Outbound connection from the connectors in the VMware Cloud Foundation instance requires only port 443. See VMware Live Recovery port list in the VMware Ports and Protocols portal.