Ransomware protections

Here is 1 of the KBs:  support.quest.com/.../best-practices-for-protecting-rapid-recovery-core-server-and-repository-from-ransomware

And here is another:

support.quest.com/.../common-recommendations-regarding-rapid-recovery-and-ransomware-infections

Both links are good. phuff is correct in his recommendations.  We went the extra step of disabling RDP and only allowing access to our cores through IPMI on a separate network.

phuff One thing we did not do is setup archives to keep an offline copy as you sugegst.. Can you detail how you did this or point me in the direction of documentation on this?  This is something I will configure as soon as I know how to do it. Thanks!.

You can either manually do this, or setup a scheduled archive: https://support.quest.com/rapid-recovery/kb/186241/how-to-schedule-an-archive#:~:text=On%20the%20button%20bar%20of,list%2C%20enter%20the%20required%20information.

You can set it up to a resource of your own, or to a cloud provider: https://support.quest.com/rapid-recovery/kb/185733/how-to-add-a-cloud-account

The offline archive, you can restore directly from now too, you don't have to re-import it into the repo any longer (as you use to have to do in the past). 

@phuff  Thanks for the reply but we are already pushing an archive to AZURE. This archive runs regularly but it is not "offline" per se. It is offsite in AZURE but any one that gains access to the admin console could 'delete" it at any time.   What I want is an archive that is literally offline as in inaccessible even from the console until required.

Thanks!

Gotcha. Just to clarify, are you talking about the Azure console? If so, then yes you are correct. If you're talking about the RR console, you can only delete the job, not the data. 

"If you're talking about the RR console, you can only delete the job, not the data. "

Interesting. I did not know that .I figured the delete would work just the same as when I delete a repository. So a job could be deleted in the console but I could still recover the data from AZURE and reconnect if I have my keys and such? That changes things a bit.

Thanks!

Correct. Deleting the archive job DOES NOT destroy the archive itself. I encourage you to try it on something trivial (as I did before I replied on 6.4 and 6.5 just to make sure I was correct in that thinking). Same with deleting a replication job, on the source the data stays, the target asks 'do you want to delete?' For archives though, deleting the job, that just deletes the job, nothing else. 

Correct. Deleting the archive job DOES NOT destroy the archive itself. I encourage you to try it on something trivial (as I did before I replied on 6.4 and 6.5 just to make sure I was correct in that thinking). Same with deleting a replication job, on the source the data stays, the target asks 'do you want to delete?' For archives though, deleting the job, that just deletes the job, nothing else.