Several years ago a client had one of those unfortunate Ransomware experiences (Cryptolocker), and didn't discover the event until about 16 hours after the fact. Their Veeam R.P.O. was 1-hour and retention was 7 restore points. They had the unfortunate idea that they could fail-over to the replica and be back in-production quickly. Of course, the encrypted files were fully replicated by that point and the only recourse was to restore from backup; a time-consuming process!
With the recent Ransomeware events worldwide, I was wondering if a replication job couldn't be set up to have time-scaled restore points. The Replica restore points are, after all, just snapshots. So why couldn't the job provide for individual scaling of each of the replications? What I mean is something like: 1-hour for the first replica, 2-hours for the second, 4-hours for the third and so forth?
This line of thought is precipitated by a phone call I just fielded from a different client who, fully aware of the limitations of Replication from a Ransomeware perspective, increased their SAN snapshots to include 7 days worth of "Replays" and promptly ran out of room on the SAN! I wonder if, using Veeam, we couldn't have our cake and eat it too!