Manage cloud recovery sites

This article describes how to manage cloud recovery sites including pre-requirements, resources, cost implications, and lifecycle.

Pre-requirements

Cloud recovery site consists of resources such as virtual machines or file storage. These resources are created within the selected cloud service provider, such as Azure or AWS.

Depending on your cloud provider subscription, you might be charged for resources created in the cloud.

• To create resources in Azure an Entra ID subscription is required. You can use your existing subscription or consider purchasing a new one.

• To create resources in AWS, an AWS account is required. Learn more about AWS pricing.

Azure recovery site

Connection account for Azure

An account with a Contributor role in the resource group is required in case you plan to create a resource group manually and only allow Cayosoft Guardian to create the resources.

A Contributor role for the subscription is required for Cayosoft Guardian to create a resource group with all resources.

Resources in Azure recovery site

By default, Cayosoft Guardian provisions all resources required for the recovery site inside the selected resource group. These resources include a virtual machine, network interface, and disk for each domain controller to be recovered, plus shared resources such as a storage account, virtual network, subnet, network security group, and Relay. If you configure remote access to VMs in the Azure recovery site, additional Azure resources are provisioned during the creation of the Azure recovery site.

Starting from version 7.3, you can alternatively deploy the standby forest recovery site into customer-provided Azure network resources. In this mode, Cayosoft Guardian does not create a virtual network, subnet, or network security group. Instead, Cayosoft Guardian attaches the recovery virtual machines to an existing virtual network and subnet that your cloud or networking team manages. This option supports customers with strict network governance, hub-and-spoke topologies, or pre-approved subnet allocations.

When using customer-provided network resources, the following prerequisites must be met:

• The selected virtual network must be in the same Azure region and the same Azure subscription as the recovery site.
• The required services, such as Microsoft.Storage and any service endpoints used by the Relay and storage account, must be enabled on the selected virtual network or subnet.
• The connection account must have sufficient permissions to attach network interfaces to the subnet and, if used, associate the existing network security group. See Permissions for Forest Recovery in Cayosoft Guardian.

Cayosoft Guardian validates these prerequisites before deployment begins and reports any failures in the deployment wizard.

NOTE: Starting from version 6.1.0, you can configure recovery plans to use a Relay VM instead of the Azure Relay service. This option is available for both new and existing recovery plans and helps reduce dependency on Azure Relay service availability. Switching to a Relay VM may provide improved resilience and control over remote access components.

You will be charged for these resources depending on the type of agreement entered with Microsoft, the date of purchase, and the currency exchange rate. Sign in to the Azure pricing calculator to see pricing based on your current offer with Microsoft.

Deploy Azure recovery site

You can deploy an Azure recovery site from a forest recovery plan or standby forest recovery plan.

To deploy an Azure recovery site from a forest recovery plan:

1. Open the Cayosoft Guardian web portal.
2. Expand the Forest Recovery node.
3. Select the Recovery plans node.
4. Click Add, and then select Forest Recovery plan.
5. In the forest recovery plan, click Deploy recovery site, and then select Deploy to Azure.

6. On the Network page of the wizard, select one of the following options:

   • Create new network resources — Cayosoft Guardian provisions a dedicated virtual network, subnet, and network security group inside the recovery resource group. This is the recommended option when there are no governance constraints on Azure networking.
   • Use existing network resources — Select an existing virtual network, subnet, and, optionally, network security group from the same subscription and region as the recovery site. Use this option when your organization requires the recovery site to be placed in customer-managed networking.
7. Review the site isolation options and adjust them if required.
8. Review the remaining settings, and then click Deploy.

If any validation check fails, such as a region mismatch, subscription mismatch, missing required services on the virtual network, or insufficient permissions on the network resources, the wizard displays the error before deployment proceeds. Resolve the underlying issue, and then retry the deployment.

Delete Azure recovery site

Consider deleting a recovery site in case it is no longer required.

1. Expand theForest Recovery node.

2. Click on Recovery Sites.

3. Select the recovery site and click Delete.

4. Keep theDelete linked Azure resources option enabled to delete resources in Azure.

Deployment schema for Azure

AWS recovery site

Connection account for AWS

Account credentials with necessary permissions are required to connect to Gssuardian. For the detailed list of requirements on the Guardian side, see Planning and preparation: Cayosoft Guardian system requirements . To create an account in AWS with the required permissions, see Forest Recovery: How to create AWS access keys.

Deploy an AWS recovery site

You can deploy an AWS recovery site from a forest or standby forest recovery plan. To deploy an AWS recovery site from a forest recovery plan:

1. Open the Cayosoft Guardian web portal.

1. Expand the Forest Recovery node.

2. Select the Recovery plans node.

3. Press Add and select Forest Recovery plan.

4. Click Deploy recovery site in the forest recovery plan and select Deploy to AWS.

5. Review settings and click Deploy.

Delete an AWS recovery site

Consider deleting a recovery site in case it is no longer required.

1. Expand the Forest Recovery node.

2. Click on Recovery Sites.

3. Select the recovery site and click Delete.

Deployment schema for AWS