As ransomware continues to evolve, we want to ensure our customers are in the best position to protect themselves and their data. In the event the unthinkable happens, we also want our customers to be able to easily recover their infrastructure and data. Today we would like to ask you to ensure your critical servers are being backed up in case you are impacted by ransomware or other malicious software.
Microsoft Azure and MyCloudIT have gone to great lengths to protect our customers data and infrastructure, but users continue to be one of the weakest links in the security chain. Usually malicious software penetrates a customer’s infrastructure by taking advantage of an end users’ trust, or lack of knowledge. With that in mind, we ask that you continue to educate your end users, and administrators, to not click on unknown links, and to always leverage the principle of least privilege access when possible. Microsoft is working hard to incorporate the ‘Just in Time’ security capability, but some legacy applications are unable to function with minimal privileges; and we understand that problem. While we want to prevent attacks as much as possible, we also need to help our customers be prepared in case an attack is successful.
With that in mind, we would like to ask you to review your backup configuration for the critical VMs within your infrastructure. Our Best Practice guidance is that the following Azure VMs should be backed up using the VM backup capability through the Azure portal:
- The RDSMGMT Server – This server contains all your User Profile Disks (UPDs) and most of your customer data.
- The RDSGW Server – This server acts as the web front end to your deployment.
- At least one Session Host (RDSSH-) Server in each collection – While the Session Host Servers should not typically contain user data, backing up one Session Host per collection will greatly reduce the recovery time required if we need to do a complete rebuild.
- Any additional file servers or database servers supporting your deployment. While these may not be MyCloudIT built VMs, they are still very important to your infrastructure and should be included in your recovery plan.
- If your deployment is a domain joined deployment, at least one Active Directory Domain controller as well. For the non-Domain Joined deployments, the RDSMGMT server also acts as your Domain Controller.
We recommend you retain a minimum of 14 days of backups for each of these VMs listed above in case ransomware encrypts your VMs and data. In the event of a breach, we offer services to assist in the recovery of your infrastructure and data.
We have guidance on how to enable VM based backups for an Azure VM.
We are happy to assist you in configuring these backups and will review your existing backup plan to ensure all the critical servers are protected. We have a support team that is happy to meet with you and walk through your configuration as a second set of eyes to ensure all critical workloads are protected. If you would like our help, you are welcome to email them at firstname.lastname@example.org to schedule an appointment.