Scenario: your server got hit by ransomware. But your local backup is intact. You have successfully got your backup running via VM Instant Boot, but you need a more permanent recovery.
What do you do?
That’s where you can use BackupAssist ER’s Lifeline Media to boot into a recovery environment and reimage your machine’s hard disks.
In this type of recovery you can take a physical or virtual source machine (the one that was backed up), and restore it to a physical or virtual destination (the recovery machine). In industry jargon, that’s known as having P2P, P2V, V2P and V2V recovery options.
- How did I do in the challenge?
- My test setup
- Under the hood: The VM Instant Boot
- How to do it
- My experiences and observations
- Performance analysis
How did I do in the challenge?
|Hands-on with BackupAssist ER
– Creating a bootable Lifeline Media on USB
– Booting the Lifeline Media, and starting the recovery
|3 min 13 sec|
– Waiting for Lifeline Media to be created
– Waiting for data to be copied from backup to the recovery machine.
– Waiting for the recovery machine to boot and detect new hardware, and get to the login screen.
|7 min 57 sec|
|Total time||11 min 10 sec|
For the BackupAssist ER Challenge Leaderboard, my hands-on time is 3 minutes and 13 seconds.
Here’s the video of me doing it:
My test setup
Given the lockdown situation, I had to use the hardware I had lying around at home – the same hardware that I used for my previous recovery (the VM Instant Boot). The recovery machine was a lowly i3 NUC.
Because the original Surface is a physical machine, and the recovery machine is also physical, this is known as a physical-to-physical (P2P) recovery.
|Equipment||Brand / model|
|Original machine backed up||Microsoft Surface Pro 4 (from 2015)
Intel Core m3-6Y30 CPU @ 0.90GHz
4GB RAM. Windows 10, 64-bit OS
|Local backup disk||Intel SSD 520 Series 180GB (from 2012)
Connected via USB 3.0 enclosure, ADATA XPG
|Recovery machine – P2P recovery||Intel NUC NUC8i3BEH
500GB Samsung EVO 850 SSD
Windows 10 with Hyper-V Role installed
Prior to commencing the ER Challenge, I had already cleaned the 500GB Samsung disk, and wiped off the previous OS and data. I did that by booting into Lifeline Media, starting a command prompt, running “diskpart”, selecting the disk and using the “clean” command.
Under the hood: Lifeline Media and Bare Metal Recovery
Lifeline Media is what you boot into on a brand new machine. This will boot a lightweight version of Windows known as the “Recovery Environment”. From here, you’ll have the tools required to do the recovery.
Before starting the recovery, you can load custom drivers at this stage, and also run a command prompt. There are many useful tools, but the one I’d probably use the most is diskpart.
You can also configure networking – which will be necessary to recover from a network share.
The recovery itself is easy once all the necessary drivers are available. It’s literally just a few clicks to start.
How to do it
The first Lifeline Media I created was on a USB 2.0 flash drive. I saw that creating it took quite a while – over 5 minutes, so I managed to find a spare USB 3.0 drive instead. That greatly sped up the creation process, bringing it down to 1 minute 18 seconds, and that’s what you see in the video today.
Booting into Lifeline Media on the “new” machine was really easy and fast. All hardware was auto-detected, and I had no problems with drivers. The backup disk was also automatically detected, and starting the recovery was only four clicks away.
So at least for my simple test scenario, the recovery was predictable and successful… and I’d also say it was simple and intuitive.
There was only one problem I had, and that was the aesthetics of the GUI. The background graphics did not stretch to full screen, and the font size in the GUI made things hard to read. It looks like a scaling issue – and I’m sure it’s something that will be fixed soon. I was using a pre-release version, after all, and the GUI layout had no effect on the actual functionality of the product.
I should also mention an important note about performing the Bare Metal Recovery after a ransomware attack.
If you have had an actual ransomware infection, I recommend that you also clean your hard disks (even consider using “clean all” to write zeros to the disk). Also note that recovering to the same hardware after a ransomware infection is a risk, as there are rare types of malware that infect the firmware – at least in theory. However, via anecdotal reports from our users, we have never had a report of this happening.
|Create the Lifeline Media on USB 3.0 drive||1 minute 18 seconds|
|Boot the Lifeline Media||45 seconds|
|Data transfer (re-image the disk)||5 minutes 33 seconds|
|Reboot, detect new hardware, and get to login screen||1 minute 6 seconds|
I found that the experience was very efficient.
Interestingly, in terms of data transfer, the recovery took less time than the backup!
From my earlier blog, BackupAssist ER Challenge – The Local VM Instant Boot Recovery, the backup (data transfer) took 6 minutes 17 seconds, but the recovery only took 3 minutes 52 seconds.
Given the backup VHDX file size of 50,138,331,579 bytes, the recovery speed is therefore 150,565,560 bytes per second, or 150.6 MB/s.
The fact that the recovery is faster than the backup probably indicates that the target disk (Samsung 500GB SSD) is faster than the original source SSD in my Surface Pro 4.
The challenge was very easy to do, and so intuitive that I’m convinced anyone can do it. I can confirm that BackupAssist ER lives up to the claim of a “predictable and successful recovery”. And the good news is that the Lifeline Media only needs to be created once, and it can be used any time in the future.