Skip to content
English
Customer ticket portal
  • There are no suggestions because the search field is empty.

Testing Your Application Recovery

Your disaster readiness is only as good as your testing, so it's important that you periodically test your disaster recovery.

Applies to: AWS and Azure workloads

The Arpio console provides a unified testing workflow for both cloud providers. The test initiation, network sandbox, validation, and conclude-test screens are identical for AWS and Azure applications. Where provider-specific differences exist (such as the underlying sandbox mechanism or common allowlist domains), they are noted below.

Jump to:

Below, we will walk through the steps to test the disaster recovery for your Arpio workloads—whether they run in AWS, Azure, or both. You can test application recovery individually or you can test many applications together.

While you are testing application recovery, your production workloads continue to operate in your primary environment. Any data changes that happen in your recovery environment will be discarded at the end of the test.

Initiate the Test

To begin a test, navigate to the application you intend to test by clicking on the application name in the sidebar menu of the Arpio console. Once on the application landing page, click the “Test” button in the upper righthand corner.

This workflow is the same regardless of whether the application runs in AWS or Azure. The Arpio console manages both cloud providers through a single interface.

Choose Applications to Test

The “Launch test of” dialog appears next. You can launch a test of a single application or many applications as long as they share the same primary region and the same recovery region. If you need to test applications in different regions, you can launch tests of them separately.

The Launch Test dialog showing application selection, Recovery Point, Network Sandbox options, and domain/CIDR allowlists:

Select the applications you’d like to test.

Next, drag the slider to select a Recovery Point to recover. The number and age of your recovery points is determined by your Retention Policy. Arpio’s flexible retention policies let you recover not only the latest Recovery Point, but one from a previous point in time. This is essential for ransomware recovery, where you’ll want to choose a point before the attack occurs.

Once you’ve selected your Recovery Point, click Test Recovery.

How the Recovery Point Selector Works with Multiple Applications

When you click the Test button on an application, Arpio automatically selects that application's latest available recovery point as the anchor. This anchor determines the default recovery point window for all other applications you include in the test.

As you check additional applications to include:

  • For each additional app, Arpio selects that app's latest recovery point that is not newer than the anchor. This ensures all applications are recovering from a consistent point in time.
  • If an app's latest recovery point is older than the anchor (for example, because some of its resource backups took longer to complete), that older recovery point is what gets selected — it's the most recent one available within the window.
  • If an app's latest recovery point is newer than the anchor, Arpio steps back to that app's most recent recovery point that falls at or before the anchor time.

You may notice the recovery point slider has room to expand to the right. Dragging the slider further right tells Arpio to use more recent recovery points where available for each app. This means different applications may recover from slightly different points in time, but each will use its latest available data.

Once you've selected your Recovery Point, click Test Recovery.

Using the Network Sandbox

When launching your test, you can optionally enable Arpio's Network Sandbox to isolate your recovery environment from the internet, preventing your recovered workloads from inadvertently interacting with production services. The Network Sandbox supports configurable domain and CIDR allowlists to permit specific outbound traffic your application needs during testing.

For full details on how the Network Sandbox works, including how to enable it, configure allowlists, and monitor blocked traffic, see the provider-specific documentation:

AWS: AWS Network Sandbox

Azure: Azure Network Sandbox

A list of commonly blocked domains for AWS, Azure, and generic container registries is available in the Network Sandbox Common Patterns reference.

Arpio Updates the Recovery Environment

Arpio will now re-configure the recovery environment by applying the selected recovery point. In addition to the resources maintained during standby, compute resources will be created to produce a fully-functional environment. 

Instantiating resources takes a few minutes, depending on how long it takes your cloud provider to boot any servers or recover any databases. For AWS, this means launching EC2 instances, recovering RDS databases, and standing up load balancers. For Azure, this means provisioning Virtual Machines, restoring Azure SQL databases, creating Application Gateways, and recovering Key Vaults and other services.

You can monitor progress in the Arpio console, or you can log into the recovery AWS Console or Azure Portal to see additional details.

The Arpio console displays real-time progress during recovery, including a counter showing the number of resources restored and the overall percentage of completion. The application view is organized into three tabs: Backup (for replication status), Recovery Environment (for test/recovery progress and resource details), and All Issues (for any issues encountered during recovery or backup). The UI updates the status of each resource as it is processed under the Recovery Environment tab.

The Recovery Environment tab for an Azure workload in test mode, showing all resources successfully restored with Network Sandbox enabled:

Perform Additional Validation

You now have a recovery environment running. You can perform any additional validation you deem necessary to confirm that the recovery environment is functional. For examples, see the Infrastructure Validation Checklist.

Arpio presents important details of resources such as DNS names and IP addresses so that you can connect as necessary to validate that the application is running.

For AWS workloads, Arpio displays resource details including EC2 instance IDs, RDS endpoints, load balancer DNS names, and other connection information. For Azure workloads, Arpio displays resource details including Virtual Machine IPs, Azure SQL endpoints, Application Gateway configurations, Key Vault references, and other relevant connection information. 

The “Recovery Environment” tab and the “Backup” tab include a search bar and a “Filter by” menu to help you quickly locate specific resources. You can filter by Status (Success, Queued, Restoring, Failed, Issues, Recently Updated), by Resource Type, or by Resource Group. Filters can be combined using AND/OR logic to narrow the view. This is particularly useful for large applications with many resources, allowing you to quickly identify any resources that are still restoring or that have encountered issues. Each resource displays a status indicator — such as SUCCESS or RESTORING — so you can quickly identify which resources are ready for validation and which are still being provisioned. You can export the full resource list and status details to CSV using the export button for reporting or offline review.

The All Issues tab consolidates all issues encountered during backup and recovery into a single view, organized into two categories:

Recovery Environment Issues — These are issues encountered while restoring resources into the recovery environment during standby, a test or a recovery. For example, a "Network Sandbox Ingress IP Mapping" issue is informational, letting you know that the Firewall's public IP differs from the load balancer's IP and which address to use for testing. Use the "Resume Recovery" button to re-attempt after addressing any blocking issues.

Each issue can be expanded for additional detail. The issue count badge on the All Issues tab (and in the sidebar under "Issues") gives you a quick indicator of how many items need attention.

Sandbox Settings During Validation

If you had enabled the Network Sandbox, the Sandbox Settings button on the Recovery Environment tab allows you to update the allowed domains and CIDR blocks while the test is running. This is especially useful as you discover additional services your application needs to reach during validation. For Azure workloads, it may take a couple of minutes for new firewall rules to take effect after updating the allowlist.

 

Conclude Test 

When you’re done validating the recovery environment, click the “Conclude Test” button. The “Conclude Test” dialog appears:


Complete the dialog by selecting applications that should be concluded and specifying whether or not this test was successful. You can optionally provide notes for future reporting on test activity. 

If you’re testing multiple applications and you have mixed testing results, you can conclude the tests separately and provide different details as necessary.

Once you conclude your test, Arpio will turn down cloud resources that cost money and update other resources to the latest recovery point.

  • AWS: Arpio shuts down EC2 instances, RDS databases, load balancers, and other compute/storage resources. The Network Firewall (if Network Sandbox was enabled) is removed.
  • Azure: Arpio deallocates Virtual Machines, pauses databases, removes Application Gateways, and cleans up other cost-incurring resources. The Azure Firewall (if Network Sandbox was enabled) is removed.