Home > Data Protection > PowerProtect Data Manager > White Papers > Cloud Disaster Recovery Best Practices > Cloud DR targets
A cloud target is a configuration of an S3 bucket or Azure Storage Account that is used to set a destination for backups, to store collected log files, and to deploy the Cloud DR Server.
When deploying the Cloud DR Server, a cloud target needs to be selected. The region of the Cloud DR Server is determined from the region of the AWS S3 bucket or Azure storage account.
As configuring several cloud targets is possible, for better performance it is recommended to use cloud targets that are located in regions that are geographically close to the data center that is running the production virtual machines and the Cloud DR Add-On/RecoverPoint for VMs/PowerProtect Data Manager.
Using a region that is geographically close to the replication engine can improve the network performance and reduce the time needed to send backup copies to the cloud target, this also helps free up resources to process other backups and send to the cloud.
At least one cloud target has to be configured before the Cloud DR Server can be deployed, or before connecting to an existing Cloud DR Server.
Important: Make sure that the cloud target is created in one of the Cloud DR supported regions. The full list of the supported regions can be found in the simple support matrix published for every release on dell.com/support.
When configuring an AWS Cloud DR Target using the Cloud DR Add-on (when working with Avamar or PowerProtect DP), there are two server-side encryption methods available: the default SSE-S3 managed by AWS or using a default customer key managed by AWS KMS (SSE-KMS). When using the second method, AWS provides the ability to audit the key’s usage, but additional AWS charges may apply.
Important: In case the SSE-KMS encryption method is selected, changing the default customer key from the AWS management console is not supported.