Restore: Starting a Cloud (Hybrid) Virtualization on a Datto Appliance



This article explains how to start a hybrid (cloud) virtualization on a SIRIS or ALTO device.


  • Datto SIRIS
  • Datto ALTO


Hybrid Virtualization allows you to restore a production machine in the Datto Cloud, and manage it locally through your Datto appliance.

When Hybrid Virtualization initializes a virtual machine within the secure Datto Cloud, it automatically connects the VM to the local network through the Datto appliance using a secure VPN tunnel.

Hybrid virtualization requires an Internet connection. You can only use Hybrid Cloud Virtualization to virtualize a restore point that has already been replaced offsite. The recovery points are available depending on how often and how recently the Datto device replicates offsite.
If you have difficulty connecting to a hybrid virtualization from the Datto appliance GUI, you can connect directly to the Cloud VM through the Recovery Launchpad.


1. Access your Datto appliance's GUI.
2. Click the Restore tab.
3. Select a protected system.
4. Choose Virtualize in the Cloud, and select a Recovery Point to restore from (Figures 1 & Figure 2).
5. Click Start Hybrid Virtualization.

Figure 1: SIRIS hybrid virtualization

Figure 2: ALTO hybrid virtualization

5. In the Virtualization Options pane, select the System RAM, the Storage Controller, and Network Options (Figure 3). For more information about these options, see Restore: Local Virtualization Options.

Common Storage Controller Compatibilities

Operating System IDE SCSI SATA VirtIO
Windows XP - SP3
Server/SBS 2003
Windows 7
Server/SBS 2008 & r2
If you are only virtualizing as a test, Datto recommends leaving the Virtualization Options set to their defaults, and configuring the Network Options to use No Network Connection.

6. Click Build VM.

Figure 3: Virtualization Options

7. Select the VM Security Options as needed (Figure 4). The available options are:

  • Restrict RDP connections only to my IP: Selecting this option will block any attempt to access the cloud VM from any IP other than your own.
  • Require RDP authentication: Selecting this option will cause the VM to prompt for credentials when it receives an access request. RDP authentication credentials are automatically generated by the Datto appliance and displayed in the VM Status pane once you mount and start the VM.

Figure 4: Security options

6. Click Mount and Start VM. The VM status will update to allow access (Figure 5).

Figure 5: Access the VM

To connect to the VM, you can click the RDP link provided to download a preconfigured Windows Remote Desktop session file. Alternatively, you can use the RDP client of your choice, or connect to the VM using VNC.

RDP access to virtualizations requires the connecting workstation to be running Windows Server 2008 SP3 or newer.

Offsite Virtualizations for Microsoft Exchange Servers

Hybrid virtualizations

Hybrid virtualizations are bridged to the local LAN through the Datto device, and use a VPN to connect the two networks. Since the IP of the virtualized server will show as coming from the internal network, exceptions on the router/firewall must be in place to allow mail to properly relay to the next hop. This can be done by adding port forwards outbound, and allowing the appropriate relay server access to the server inbound. Once this is done, ensure the Microsoft Transport Service (MSExchangeTransport) is running, then restart the service. You can find more information on this service from this Microsoft Technet article.

After this is done, A test email should now run through the server and emails should send/receive properly. If this does not work, there may be a different underlying issue.

Cloud virtualizations not bridged to the LAN

Cloud virtualizations not bridged to the local LAN require port forwards on our server in order to allow SMTP(port 25) traffic inbound/outbound. See this article for assistance. 

Once the port forwarding is set up, port 25 will be accessible via the public IP provided in the web UI, above your virtualization. The DNS records must then be updated to reflect these changes. If another server provides mail services, the changes must be made on that server.

Additional resources


Was this article helpful?

3 out of 3 found this helpful

You must sign in before voting on this article.

Calling all Partners! We want to hear your feedback! Please participate in this quick survey and help us build a better, more-relevant Knowledge Base!

Want to talk about it? Head on over to our Community Forum!