Here’s the DR planning problem that businesses with multiple locations run into: the math doesn’t scale.
If you have one office, you need one DR solution. Straightforward. But if you have five offices, or ten, or fifteen, the traditional approach says you need DR infrastructure at every site, or at least a secondary site that mirrors the primary. That means duplicating hardware, licensing, networking, and staff time across every location. For a mid-market business with 50 to 500 employees spread across multiple sites, that cost structure is a non-starter.
The result is predictable. Most multi-site businesses protect headquarters and leave branch offices exposed. According to Veeam’s 2025 Ransomware Trends Report, 33% of production workloads are disrupted in the average ransomware attack. If your branch offices hold production data but lack DR coverage, that disruption percentage climbs significantly because you have no recovery path for those locations at all.
There’s a better model, and it doesn’t require multiplying your DR spend by the number of offices you operate.
Why Per-Site DR Doesn’t Work for Most Businesses
The traditional approach to multi-site disaster recovery assumes each location needs its own recovery infrastructure. That made sense when DR meant physical servers in a secondary data centre, because you needed hardware close enough to the protected site to maintain acceptable replication latency.
Cloud-based DR eliminates that constraint. Replication from any site to a centralised cloud environment works over standard internet connections, with Veeam handling WAN optimisation, compression, and incremental-only transfers. Geography between the source and the DR target matters less than it used to because the recovery environment doesn’t need to be physically close to the site it’s protecting. It needs to be available, tested, and ready.
The per-site model also creates an operational burden that’s easy to underestimate. Each location’s DR infrastructure needs monitoring, patching, testing, and periodic hardware refresh. Multiply that by your site count and you’ve created a full-time job (or several) just maintaining the DR environment. For organisations where IT is already stretched thin, that operational overhead is what causes DR testing to slip from quarterly to annually to “we’ll get to it eventually.”
The Centralised Cloud DR Model
A centralised approach works differently. Every site replicates to a single managed cloud DR environment using Veeam Cloud Connect. The cloud-side infrastructure (compute, storage, networking, Veeam gateway) is managed by a partner like Opti9 rather than maintained internally.
This changes the economics fundamentally. Instead of N sites times the cost of DR infrastructure, you have one cloud DR environment that scales with the number of workloads you’re protecting. Adding a new branch office to your DR plan means adding its workloads to the existing replication target, not provisioning new hardware.
From an operational standpoint, centralisation means one environment to monitor, one set of recovery plans to maintain, and one place to run tests. The OptiX Dashboard provides visibility across every protected site from a single pane, so your IT team (or your managed service partner) can see backup status, replication health, and recovery readiness for every location without logging into multiple consoles.
The practical setup looks like this. Each branch office runs Veeam Backup & Replication locally (or has its data protected by a central Veeam server, depending on site size and connectivity). Veeam Cloud Connect establishes an encrypted connection from each site to the Opti9 cloud environment. Backup copies and replicas flow over that connection to the centralised repository. If a site goes down, recovery happens from the central environment regardless of which location is affected.
Tiering Protection by Site Criticality
Not every branch needs the same level of DR coverage. A flagship office that generates 40% of your revenue needs sub-hour recovery. A satellite office with three employees and minimal local data might be fine with next-day restoration.
Tiering your sites by business criticality is what keeps centralised DR cost-effective. The framework is straightforward.
High-criticality sites get Veeam replication with aggressive RPOs (15-30 minutes). Their VMs are maintained as active replicas in the cloud environment, ready to power on during failover. These are your revenue-generating locations, your locations that handle regulated data, and any site where extended downtime would directly impact customers or compliance obligations.
Medium-criticality sites get regular backup copy jobs (every 4-8 hours). Recovery from these backups takes longer because VMs need to be rebuilt from backup data rather than powered on from replica, but the cost per site is substantially lower. Internal offices, administrative locations, and sites with redundant capabilities typically fit here.
Low-criticality sites get daily backup copies with standard retention. These are locations where the data matters but the systems themselves can be rebuilt or replaced without significant business impact. Recovery time is measured in days rather than hours, and the storage cost is minimal.
The tiering conversation happens with business stakeholders, not IT alone. IT knows what’s technically possible. The business knows which locations can’t afford to be offline and for how long. The tiering matrix that comes out of that conversation drives the entire DR architecture and its associated cost.
Handling Bandwidth and WAN Constraints
Branch office internet connections aren’t built for continuous data replication. A satellite office running on a 50 Mbps connection can’t sustain the same replication throughput as headquarters on a dedicated fibre link. DR architecture for multi-site businesses has to account for this reality.
Veeam addresses WAN constraints through several mechanisms that matter for branch office replication. Built-in WAN acceleration reduces the volume of data transmitted by deduplicating and compressing at the source before anything crosses the wire. After the initial full replication (which can be seeded from a physical shipment if bandwidth is severely limited), only incremental changes are transmitted. For most branch office workloads, daily incremental data volumes are measured in gigabytes, not terabytes, making replication viable even on modest connections.
Scheduling also helps. Replication jobs for lower-criticality branch sites can run during off-hours when bandwidth demand is lowest. Veeam’s built-in network throttling prevents replication from competing with production traffic during business hours. These aren’t workarounds. They’re standard configuration options that any competent Veeam deployment should be using.
For organisations with particularly constrained branch connectivity, Veeam’s backup copy jobs offer an alternative to continuous replication. Instead of maintaining near-real-time replicas, backup copy jobs transfer completed backup files to the cloud repository on a schedule that fits the available bandwidth. The RPO is longer, but the bandwidth demand is predictable and manageable.
Compliance Across Every Location
For organisations in regulated industries, DR requirements don’t stop at the headquarters door. HIPAA, PCI-DSS, and SOC 2 frameworks require that every location handling protected data has documented, tested recovery capabilities. A healthcare practice with three clinic locations can’t have DR at the main office and nothing at the satellite clinics. If those clinics store patient data (and they almost certainly do), they need recoverable backups with documented RTOs and tested restoration procedures.
Centralised DR actually simplifies compliance documentation. Instead of maintaining separate DR plans, test records, and recovery documentation for each site, you maintain one plan that covers all locations. Recovery testing validates the entire environment rather than requiring per-site tests. Audit responses reference a single architecture rather than a patchwork of site-specific solutions.
Veeam’s 2025 research found that 98% of organisations have a ransomware response playbook, but less than half include backup verifications (44%) or a pre-defined chain of command (30%). For multi-site businesses, those gaps multiply with each unprotected location. A centralised model with consistent policies across all sites closes those gaps systematically rather than site by site.
Centralise Your DR Without Reducing Coverage
As a Veeam Platinum VCSP Partner, Opti9 provides centralised disaster recovery for multi-site businesses that need consistent protection across every location without the cost and complexity of per-site infrastructure. Our managed Veeam Cloud Connect environment, combined with the OptiX Dashboard for cross-site visibility, gives organisations with 3 to 50+ locations a single, tested DR capability that scales with the business.
