NextDR Installation and Operation Guide

Version: 1.0 Prepared for: Engineering & Operations Teams © 2025 NextDR.ai - All Rights Reserved

Overview

NextDR.ai is an AI-driven disaster recovery orchestration platform that automates backup, recovery, and compliance workflows across Google Cloud environments. It provides a no-code interface to design, test, and execute recovery plans for applications spanning Compute Engine, Cloud SQL, VPCs, networks, and other GCP resources. By integrating natively with Google Cloud, NextDR.ai enables secure, policy-driven recovery operations that can be tested or executed on demand—whether for compliance validation, cyber recovery, or disaster response.

This guide provides detailed, step-by-step instructions for installing and configuring NextDR.ai on Google Cloud Platform (GCP). It covers the setup of required GCP projects, compute resources, networking, service accounts, roles, and permissions to ensure secure and isolated operations between production (source), recovery (target), and control-plane environments.

After installation, the Config and Operations section guides you through setting up and managing your disaster recovery environment within NextDR.ai. You’ll begin by adding NextDR, Source and Target Datacenters, which establish secure access to your respective GCP projects. Once the datacenters are configured, you can create an Application Group, which bundles all resources that need to be protected and recovered as a unit. These can include Compute Instances, Cloud SQL databases, VPCs, networks, firewalls, and other project-level components, ensuring a complete and consistent recovery scope.

With your Application Groups defined, you can then create Recovery Plans using the built-in no-code workflow editor. This intuitive interface lets you design recovery steps in sequence—automating the restoration of compute instances, databases, and networks, along with operational actions like approvals, notifications, and verification steps. Together, these configuration elements enable seamless orchestration of backups and restores across multi-cloud environments while maintaining visibility, consistency, and control of all operational dependencies.

Summary of High-Level RequirementsTo deploy NextDR.ai, you will need:

  • A dedicated GCP project to host the NextDR.ai software, with a compute instance (Ubuntu 24.04 LTS, 2 vCPUs, 16 GB RAM, 30 GB disk) and SSH/sudo access.

  • One or more Source Projects containing production workloads and applications to be backed up.

  • One or more Target Projects (cleanroom or recovery environments) for restoring workloads securely during recovery operations.

  • Properly configured service accounts with custom roles that grant least-privilege access for cataloging, backup and restore operations.

  • Enabled GCP APIs such as Compute Engine, Cloud SQL, Cloud Resource Manager, and IAM Service Account Credentials API.

  • A Cloud Storage bucket for storing Cloud SQL backups.

The installation steps will guide you through creating custom IAM roles, configuring the required GCP projects, assigning permissions, and running the NextDR installer on your compute instance to deploy all components—database, backend services, and UI—using Docker containers.

Create custrom roles

Create custom role "NextDR Backup Role" for backup permissions

Create custom role "NextDR Restore Role" for restore permissions

Configure GCP Projects

Now we will walk through setting up each GCP project in a typical environment

  • Source Project(s) - Where your production resources are located

  • Target Project(s) - Cleanroom or restore location

  • NextDR Project - Where your NextDR compute instance and backup storage is located.

Target Project

Target projects are isolated GCP environments used to recover applications during testing, security drills, or an actual cyber incident. They can serve as controlled “cleanroom” environments where workloads can be validated or restored without risk of reintroducing compromised infrastructure.

  • One or more target projects can be configured. This allows organizations to set up multiple recovery environments for different purposes, such as test environments for disaster recovery drills or production-grade cleanroom restores during incident response.

  • In GCP Console->APIs & Services, enable the following APIs

    • Compute Engine API

    • Cloud SQL API

    • Cloud Resource Manager API

    • IAM Service Account Credentials API

  • Create a target nextdr service account in target project and assign the following custom role "NextDR Backup Role" and "NextDR Restore Role"

    • Create a JSON API key for this service account that later will be used to create the NextDR Datacenter.

    Example

  • Via GCP Console->IAM & Admin->IAM:

Source Project(s)

These project hold the production applications and workloads that will be protected by NextDR.ai.

  • One or more source projects may be configured, depending on how production workloads are distributed across the organization.

  • In GCP Console->APIs & Services, enable the following APIs

    • Compute Engine API

    • Cloud SQL API

    • Cloud SQL Admin API

    • Cloud Resource Manager API

    • IAM Service Account Credentials API

  • Via GCP Console->IAM & Admin->Service Accounts :

    • Create source nextdr service account in source project and assign the following custom role "NextDR Backup Role"

      • Create a JSON API key for this service account that later will be used to create the source Datacenter in NextDR.ai software.

  • Via GCP Console->IAM & Admin->IAM:

    • Grant the NextDR Project service account from NextDR project with the following custom role.

      • NextDR Backup Role and NextDR Restore Role

  • Grant role "Service Account Token Creator" to NextDR compute instance service account.

    • Obtain the compute instance service account where NextDR software is installed:

      • For example, go to Compute Instance->VM Instances->[NextDR compute instance]

      • Within the compute instance properties go to "API and identity management"

        • Example screenshot, get the "Service Account", in this example it's "941219721459-compute@developer.gserviceaccount.com"

      • Go to "IAM & Admin"->IAM->View by Principals" and press "Grant access".

      • Add the compute service account as principal with role "Service Account Token Creator"

        • For example,

      Example

    • NextDR Project

      This project is dedicated to hosting the backup data and running the NextDR.ai software itself. It serves as the control plane and user interface for managing backups, orchestrating restores, and integrating with source and target environments.

      • A dedicated GCP project must be provisioned exclusively for NextDR software. This provides an airgap and permission seperation between your production projects.

      • In GCP Console->APIs & Services, enable the following APIs

        • Compute Engine API

          • Cloud SQL API

            • Cloud Resource Manager API

            • IAM Service Account Credentials API

      • Created Compute Instance for NextDR software

        • Ubuntu 24.04 LTS (minimum)

          • Architecture: x86/64

            • 2 vCPUs

              • 16 GB Memory

                • 30 GB Disk Storage

                  • Static IP Address

                  • SSH capability ( use ssh to install software )

                  • Open ports in firewall: TCP 80, 3000, 8000, 8081, 22

                  • Allow the host ip address via firewall.

                  • In GCP Console, for Compute instance, change Access Scopes

                    • Access Scope should be "Allow full access to all Cloud APIs"

      • Create nextdr service account "nextdrprod" in nextdr project and assign the following roles :

        • NextDR Backup Role

        • NextDR Restore Role

        • Service Account Token Creator

      Example

      • Create a JSON API key for this service account that later will be used to create the NextDR Datacenter.

      • Grant Service Accounts from source and target with permissions

        • Via GCP Console->IAM & Admin->IAM:

          • Add the "nextdr" source and target service accounts with the following permissions

            • Service Account Token Creator

            • NextDR Backup Role

            • NextDR Restore Role

            Example

      • Obtain the Service Account for the compute instance which NextDR software is running. Refer this to [nextdr_compute_service_account] when setting up permissions in Target Project.

Example

  • Via GCP Console->IAM & Admin->IAM:

  • Create cloud storage bucket for Cloud SQL backup storage.

  • Via GCP Console->IAM & Admin->IAM, for all cloud sql that need backup, assign all cloudsql service account to the bucket, with the following role:

    • Backup and DR Cloud Storage Operator

Example

NextDR Installation Steps

Install Prerequisites

Please select an option:

  1. Check and install software package prerequisites

  2. Install the NextDR Supabase database in a local Docker container

  3. Install the NextDR Service application in a local Docker container

  4. Install the NextDR UI application in a local Docker container

  5. Install all modules

  6. Remove existing NextDR Supabase Docker application

  7. Remove existing NextDR Service Docker application

  8. Remove existing NextDR UI Docker application

  9. Remove all modules

q. Exit

Install all modules

Please select an option:

  1. Check and install software package prerequisites

  2. Install the NextDR Supabase database in a local Docker container

  3. Install the NextDR Service application in a local Docker container

  4. Install the NextDR UI application in a local Docker container

  5. Install all modules

  6. Remove existing NextDR Supabase Docker application

  7. Remove existing NextDR Service Docker application

  8. Remove existing NextDR UI Docker application

  9. Remove all modules

q. Exit

Config and Operations

The Config and Operations section guides you through setting up and managing your disaster recovery environment in NextDR.ai. In this section, you’ll learn how to add Source and Target Datacenters, which establish secure access to your respective GCP projects. Once your datacenters are configured, you can create an Application Group, which bundles together all resources that need to be protected and recovered as a unit. An Application Group can include Compute Instances, Cloud SQL databases, VPCs, networks, firewalls, and other project-level properties, ensuring a complete and consistent recovery scope. After creating Application Groups, you can define Recovery Plans, which use a no-code workflow editor to sequence recovery actions step by step. Recovery Plans allow you to automate the restoration of compute instances, databases, networks, and other resources, as well as operational steps such as approvals, notifications, and verifications, ensuring reliable and repeatable disaster recovery execution. This configuration layer enables seamless orchestration of backups and restores across multi-cloud environments while maintaining visibility and control of all operational dependencies.

Login to the NextDR.ui and configure license

  • Using the NextDR admin console userid and password you entered during install, login to the UI

    • Initially, you will be asked to input a NextDR.ui license code that will be provided by the NextDR.ai sales. team.

Setup Email Server Configuration

The Setup Email Server Configuration section allows you to define and manage your organization’s email server settings within NextDR.ai. Here, you can specify the SMTP server details, authentication credentials, and sender information used for system-generated communications. NextDR.ai utilizes this configuration to send approval requests, notifications, and verification emails during the execution of recovery plans. Properly configuring your email server ensures reliable communication and timely updates to all stakeholders throughout the recovery process.

On the NextDR admin console, select "SMTP Settings"

Create NextDR Datacenter

  • On the NextDR admin console, select "DataCenters"

    • Select "Add Datacenter"

    • Name the datacenter, copy and paste your JSON key for the appropriate service account (e.g, if this is the Source Datacenter, obtain the nextdr service account JSON key for the source project. )

    • Create datacenter for NextDR, Source and Target. You can have multiple source and target datacenters.

Create Application Group

An Application Group in NextDR.ai is a logical collection of resources that need to be backed up and recovered together. It can include compute instances, databases, networks, firewalls, and other project-level components, allowing you to manage and orchestrate disaster recovery at the application level rather than individually for each resource.

  • On the NextDR admin console, select "Applications"

    • Select "New Application" Group

    • When creating new Application group, set the target Datacenter to "NextDR" project, and select a target bucket in the "NextDR" Project. This will ensure that all backup data is kept isolated in the "NextDR" Project.

    • Here you can add compute instances, cloud sql resources that need data protection.

    • You can schedule a backup of the application group

    • You can also view history of your application backup operations.

Recovery Plan

The Create Recovery Plan section in NextDR.ai allows you to build and manage multiple recovery plans for different applications or environments. Each recovery plan lets you define a source and target project, then use a no-code workflow editor to design the recovery process step by step. Within the editor, you can add actions such as recovering compute instances, restoring databases, reconfiguring networks, and applying firewall settings, as well as operational steps like approvals, notifications, and verification checks. This flexible and intuitive approach allows users to create fully automated and repeatable recovery workflows without writing any code, ensuring consistent and reliable disaster recovery execution.

  • On the NextDR admin console, select "New Recovery Plans"

    • Select a Name, description, Application Group and Destination Datacenter

    • Select "Create Plan"

  • Once a Recovery Plan is created, you can view and edit the recovery plan steps by selecting "View" on a recovery plan.

  • Once you "View" the recovery plan you add steps, execute plans, and see execution history.

NextNextDR Release Notes

Last updated