How to Perform VMware vSphere Infrastructure Disaster Recovery using Veeam Backup and Replication

Let’s have a look at this article on how to perform VMware vSphere Infrastructure Disaster Recovery using Veeam Backup and Replication. The backup component guarantees your workloads are protected against ransomware, disaster, or bad manipulation. It authorizes the restoration of the data in case of loss. The replication component guarantees that your workloads can rapidly start again in another datacenter in case of threat in the first one.

Products such as VMware vSphere or Microsoft Hyper-V can also handle this task. In this article, I will show you how to take advantage of Veeam Backup, Veeam Copy Jobs, and Replication to recover VMware vSphere infrastructure when a disaster happens. The same steps can be applied to Hyper-V, but in these steps, I will take VMware vSphere as an example.

VMware vSphere Infrastructure Disaster Happened

My VMware vSphere infrastructure has been recently affected with .qgHqUF Ransomware corrupting all my virtual machine files. Every file has been corrupted with the .qgHqUF extension and is now unable to open any file. Attached is a text file with the virus demanding money to decrypt the corrupted data. The Kaspersky Anti-Virus is installed on the virtual machine and physical servers. We have Fortinet Firewall 224B in the environment.

Ransomware can be hard to remove unless a key is found allowing the files to be decrypted. Unfortunately, there is no descriptor tool for this.

Ransomware usually encrypts files and renames them too, generally by changing their file extension, but not always. There are types of ransomware that do not change extensions. The file size generally does change as the file content is encrypted.

Ransomware Encrypted File Extensions List

Here you can find a list of Ransomware-Encrypted File Extensions.

Unfortunately, it happened on my day off. First, all the virtual machines were infected, then the replica was infected, and after that, Veeam backups. Only I had Veeam copy backups on the external hard drive.

Email Communication with Kaspersky

How to find the source system that was compromised
Our servers, mostly virtual machines, were attacked by malware, which encrypted our files with ext. “.qgHqUF”. I have generated the GSI file from one of the infected servers. This server doesn’t have any Kaspersky software installed and was only accessible for this request.
Please let us know which malware has infected us and if Kaspersky can restore the files so we can recover them.

Reply from Kaspersky,

Please accept our apologies for the delayed response.

Our virus analysts checked the provided file but weren’t able to identify the strain of ransomware that produced it. We haven’t found a sample of this malware, so at the moment, the encryption algorithm remains unknown.

For this reason, we also cannot tell for sure whether or not our products can detect this threat. We should note, however, that our products include algorithms that allow detecting even unknown threats, so it’s highly possible that the impact would be lower if the affected machine had Kaspersky protection installed.

If you would like to investigate this attack in more depth, we recommend ordering our Incident Response service: https://www.kaspersky.com/enterprise-security/incident-response

Otherwise, to lower the risk of a similar attack in the future, please follow our standard recommendations:

1. Install all the latest Windows Updates on all devices in the network
2. Disable SMBv1 protocol if possible: https://docs.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3
3. Install the latest versions of Kaspersky products
4. Properly configure Kaspersky product policies

To Perform VMware vSphere Infrastructure Disaster Recovery with Veeam Backup

Table of Contents:

Install ESXi Host
Restore ESXi Host Configuration File
Windows Server Installation
Veeam Backup and Replication
Add Physical Server in Veeam
Add SMB External Repository
How to Add ESXi Host in Veeam
Import Backup Copy Jobs
Restore vCenter Server VM
Verify VMware vCenter Server
Remove ESXi Host
Restore Veeam Configuration Backup
Edit VMware vCenter Server
Verify Veeam Backup Managed Server
Edit Backup Jobs
Verify Backup Repository

Usually, we run virtual machines on the ESXi host, and the hosts are connected to the vCenter server.

How to Install ESXi Host

Follow my article on how to Install VMware ESXi Host. And how to Add iSCSI Storage.

How to Restore ESXi Host Configuration File

Follow my Article, How to Restore ESXi Host Configuration using Putty
Follow my Article, How to Restore ESXi Host Configuration Data using VMware PowerCLI

Windows Server Installation

Visit this article on How to Install Windows Server

Veeam Backup and Replication Installation

Follow this article How to Install Veeam Backup and Replication

Add Physical Server in Veeam Backup

Follow this article on How to Add a Physical Server in Veeam.

Add SMB External Repository in Veeam Backup

Follow this article on How to Add an SMB External Backup Repository.

Add ESXi Host to Veeam Backup and Replication

Follow this article on how to Add ESXi host or vSphere vCenter in Veeam.

How to Import Backup in Veeam

Follow this article on How to Import Backup in Veeam Backup.

VMware vSphere Infrastructure Disaster Recovery

Restore vCenter Server VM

To restore from the backup copy job in Veeam backup and replication, do the following:.
On the Home tab, click on Restore and then VMware vSphere.

Restore from backup.

Entire VM restore.

Entire VM restore.

VM Restore from Copy Backup Job

On the Virtual Machines page, select the VMs that you wish to restore.
Click on the Add button, and then choose from Backup.

In Veeam Backup Browser, select a backup copy job under backup jobs and choose to add.

Choose next.

In full VM restore mode, choose to restore to a new location, and then click next.

Select Target Host

Click on the host button.

Select a host where the selected VMs must be registered, and then choose OK.

Select next.

Click next.

Verify your Target Datastore and Disk type, and click next.

Select the target folder and change VM settings if required, and then choose next.

Specify the Network connection, and then click next.

Type a reason and click next.

At the VM restore summary page, verify the restore settings and click Finish. If you would like to start the recovered virtual machine on the target ESXi host, then tick the box Power on target VM after restoring.

Restoring VM success, click close.

Related: How to Restore Virtual Machine in Veeam Backup

Verify VMware vCenter Server

Now I have successfully logged in to my vCenter server.

Remove ESXi Host from Veeam Backup

Now I am removing the standalone host from Veeam and then restoring the Veeam configuration backup.
Click on the host and choose to remove the server.

Select yes.

Click ok.

How to Restore Veeam Configuration Backup

Follow this article on How to Restore Veeam configuration Backup.
Now we need to verify backup jobs configuration, Inventory, repository, etc.

Edit VMware vCenter Server

Click on the vCenter server and click Edit Server.

Select next.

Verify vCenter credentials and then choose to apply.

Click next.

Select finish.

Now it’s showing you your virtual machines.

How to Verify Veeam Backup Managed Server

Click on the unavailable server, and then choose Edit Server.

Select next.

Verify Windows server credentials, and then choose Next.

Click apply.

Select next.

Click finish.

Now you can see that the Windows server is successfully connected.

Verify your backup jobs.

Also, you need to Verify Veeam Backup Repository

Conclusion:

In this article, we have successfully restored VMware vSphere infrastructure using Veeam copy jobs. Veeam provides a strong solution to handle disaster recovery. In the VMware vSphere world, even though a native solution exists (VMware replica), I strongly recommend using Veeam, which is more flexible and easy to manage.