Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

stuarts24

3 Posts

1262

July 18th, 2017 11:00

RP and ransomware/wipers

Does anyone have experience with ransomware/wiper recovery and RP.  If so, how much LUN journal space is needed to ensure you can recover from being hit by one of these vs. having to go to traditional backups?

Thanks in advance.

Stuart

Idan

675 Posts

July 19th, 2017 01:00

Hi Stuart,

Sure, we've seen many cases where RP is helpful in protecting against ransomware.

As for your question, it would very, depending on the production workload and the required protection window - or in other words, the retention you would like to keep. The journal is configured on a per copy basis so there's no issue to configure different sizes for different applications. The protection windows plays a vital role in protecting against this sort of threats as it would represent the amount of time the organization has until that threat is detected and recovered.

Also, I would recommend to take a look at our Isolated Recovery Solutions, we do have a solution specifically for RP.

Please contact me offline for more details.

Thanks,

Idan Kentor

RecoverPoint Corporate Systems Engineering

idan.kentor@emc.com

stuarts24

3 Posts

July 19th, 2017 07:00

yes I understand that.  For the various LUNs, we have journal space to handle a required protection window of 3 days and most of them have a Current Protection Window equal to that or greater than that.  However, if there is abnormal change in on a LUN, you could potentially blow through that from what I understand.  So lets say I have a 4 TB LUN filled with Word files and RP maintains an average of 3 days for the Current Protection Window.  If this LUN gets hit with Wannacry, will the amount of change that encrypting all the word docs creates wipe out my protection  window?  It would seem like EMC would have some best practices on journal sizing related to protection for issues like Wannacry and Petya.

Idan

675 Posts

July 24th, 2017 03:00

And we do Stuart, as part of the Isolated Recovery Solutions.

Other than isolation, one could also disable allow_long_resync in the copy policy to prevent RP from transferring changes larger than journal volume. While it would depend on the size of the journal and the period of time in which the changes would occur, it can help mitigate. Note that there's a disadvantage to disabling it (also called allow distribution of snapshots larger than journal volume) as if there would be such a case - replication would move to Error and wouldn't be automatically resume itself like when it's enabled.

Hope that helps,

Idan

Was this post helpful?

View All

No Events found!

Top