Our recommended approach is as follows:
Before performing a live failover on your full production environment, 11:11 Systems recommends running a test failover to ensure user access is set up and configured ahead of time, to test access, and to look for possible issues before bringing down the production environment. It may also be useful to perform a live failover on test or development servers to get a good handle on the process. DR testing with Zerto performs a no-impact failover that will spin up and import your VMs to your target DR environment. When the failover servers come online at the DR site, the firewall can be configured for IPSec VPN and SSL VPN access for remote access. You can also choose to open NAT and firewall rules for public access, for example when testing web or terminal services. This can all be done without affecting the production environment or networking. Essentially, the DR site at this point is a separate copy of your live production environment and can be sandboxed to prevent any communication to the public network or your production environment.
The overall process for a live and test failover is very similar, but the live failover operation includes a few extra parameters. The execution parameters for live failovers have three extra settings that are not found in the test failover wizard, and I have detailed those options below: