Configuring Forest Recovery-only instance of Cayosoft Guardian

This article describes how to deploy and configure a Forest Recovery-only instance of Cayosoft Guardian. A Frost recover instance is a dedicated Guardian deployment used exclusively for Active Directory forest backup and recovery operations. It excludes all non-forest-recovery features such as Threat Detection, Change Monitoring, and Microsoft 365 data collection.

Deploy a Forest Recovery-only Cyosoft Guardian instance when:

• You require isolated, security-hardened recovery infrastructure separate from your main Guardian environment.
• You want to minimize surface area by disabling unnecessary services.
• You must meet compliance requirements for dedicated forest recovery platforms.
• You plan to store forest backup metadata in a separate database (localdb or SQL Server).

Prerequisites

Before you start configuration, make sure that:

• A dedicated Cayosoft Guardian server or virtual machine is prepared for Forest Recovery-only operations.
• A separate SQL database instance is available. Localdb is supported for small environments.
• Network connectivity and permissions are in place for running forest backup and recovery:
  • Running the Forest Backup wizard
  • Running the Forest Recovery plan
• You have administrative credentials for the domain controllers that will be included in the backup plan.

Configuring Forest Recovery-only instance

To configure the Forest Recovery-only instance:

1. Configure the Guardian database.

   NOTE: Forest Recovery-only instances require a dedicated database so forest backup and recovery metadata remains isolated from other Guardian data.
   
   - Use localdb (recommended for labs or small deployments).
   - Use a full SQL Server instance for production environments.
    

2. Configure the database during Guardian installation or from Settings > Database.
3. Open Configuration > Managed Domains and run the Managed Domains wizard.
4. During domain configuration, add only domain partitions. Do not add configuration or application partitions used by features outside forest recovery. This ensures Cayosoft Guardian collects only the directory data needed for forest-level metadata analysis.
5. Go to Configuration > Jobs.

6. Disable any jobs that are not required for Forest Recovery, such as:
   • Change Monitoring jobs
   • Threat Detection jobs
   • Microsoft 365 collection jobs
   • Scheduled reporting jobs
7. Verify that only the jobs required by the Forest Recovery service remain enabled.

To ensure that Threat Detection does not run on the FR-only instance:

1. Go to Settings > System settings.
2. Locate the Threat Detection Settings section.
3. Disable threat detection.

Verifying forest recovery configuration

After the initial setup, verify that the instance is ready for forest backup and recovery:

1. Create a Backup location.
2. Open Forest Recovery > Backup plans.
3. Create or reconfigure your forest backup plan.
4. Make sure that only domain controllers and partitions that belong to the recovery scope are included.
5. Run a test backup.

For more information, on how to manage Forest Recovery plans see Forest Recovery: Create, configure, verify and run forest recovery plan.