Replication retention scaling - feature or other

[unsichtbarre]

Several years ago a client had one of those unfortunate Ransomware experiences (Cryptolocker), and didn't discover the event until about 16 hours after the fact. Their Veeam R.P.O. was 1-hour and retention was 7 restore points. They had the unfortunate idea that they could fail-over to the replica and be back in-production quickly. Of course, the encrypted files were fully replicated by that point and the only recourse was to restore from backup; a time-consuming process!

With the recent Ransomeware events worldwide, I was wondering if a replication job couldn't be set up to have time-scaled restore points. The Replica restore points are, after all, just snapshots. So why couldn't the job provide for individual scaling of each of the replications? What I mean is something like: 1-hour for the first replica, 2-hours for the second, 4-hours for the third and so forth?

This line of thought is precipitated by a phone call I just fielded from a different client who, fully aware of the limitations of Replication from a Ransomeware perspective, increased their SAN snapshots to include 7 days worth of "Replays" and promptly ran out of room on the SAN! I wonder if, using Veeam, we couldn't have our cake and eat it too!

Thanks,

[foggy]

Not sure this is a good idea, since in this case you're getting much higher RPO and in case of other issues wouldn't be able to failover to a recent state of a VM. I'd recommend to increase the number of restore points so that it cover 24 hours, for example (or any period during which you'd 100% detect the issue).