Introduction
Zerto helps customers accelerate IT transformation through a single, scalable platform for cloud data management and protection. Built for enterprise scale, Zerto’s simple, software-only platform uses continuous data protection to converge disaster recovery, backup, and data mobility and eliminate the risks and complexity of modernization and cloud adoption. Zerto enables an always-on customer experience by simplifying the protection, recovery, and mobility of applications and data across private, public, and hybrid clouds. Zerto is trusted by over 9,000 customers globally and is powering offerings for Microsoft Azure, IBM Cloud, AWS, Google Cloud, Oracle Cloud, and more than 350 managed service providers.
In on-premise environments, Zerto (ZVR) is installed with virtual machines to be protected and recovered.
In public cloud environments, Zerto Cloud Appliance (ZCA) is installed in the public cloud site that is to be used for recovery.
The installation includes the following:
• | For the maximum number of virtual machines, either being protected or recovered to that site, see Zerto Scale and Benchmarking Guidelines. |
• | For the maximum number of volumes, either being protected or recovered to that site, see Zerto Scale and Benchmarking Guidelines. |
Note: *In vSphere installations, OVF to enable installing Virtual Replication Appliances.
• | Virtual Backup Appliance (VBA): A Windows service that manages File Level Recovery operations within Zerto Virtual Replication. |
• | Zerto User Interface: Recovery using Zerto is managed in a browser or, in VMware vSphere Web Client or Client console. |
When Zerto is installed to work with an on-premise hypervisor it also comprises the following component:
• | Data Streaming Service (DSS): Installed on the VRA machine, and runs in the same process as the VRA. It is responsible for all the retention data path operations. |
Zerto also supports both the protected and recovery sites being managed by a single vCenter Server, to handle small branch offices. When the protected and recovery sites are the same site, only one installation of Zerto Virtual Replication is required.
Requirements for Each Site
Click to open and review prerequisites and requirements: VMware vSphere environments
Routable Networks
The Zerto architecture supports the following network configurations:
• | In on-premise environments: |
• | Flat LAN networks |
• | VLAN networks, including private VLANs and stretched VLANs |
• | WAN emulation |
• | VPN IPsec |
• | In Cloud environments: |
• | The instance (virtual machine) on which the Zerto Cloud Appliance is installed must use a subnet that is accessible from all Zerto Virtual Managers that may be connected to this instance. |
The Zerto architecture does not support NAT (Network Address Translation) firewalls.
Minimum Bandwidth
• | The connectivity between sites must have the bandwidth capacity to handle the data to be replicated between the sites. The minimum dedicated bandwidth must be at least 5 Mb/sec. |
The Zerto User Interface
For supported browsers, see Zerto Virtual Manager - Supported Browsers
The lowest supported screen resolution is 1366x768.
Open Firewall Ports
The following architecture diagram shows the ports that must be opened in the firewalls on all sites.
Zerto can be installed at multiple sites and each of these sites can be paired to any of the other sites.
Zerto supports both the protected and recovery sites being managed by a single vCenter Server or System Center Virtual Machine Manager. For example, in the following scenario:
• | From a branch office, to the main office, both managed by the same System Center Virtual Machine Manager. |
• | From one host to a second host, both managed by the same System Center Virtual Machine Manager. |
• | To the same host but using different storage for recovery. |
It is recommended to install Zerto in the main office site where protected machines will be recovered.
The following table provides basic information about the ports shown in the above diagram.
Consider firewall rules if the services are not installed on the same network.
Note: UDP ports in the 444xx range for DHCP are not required and can therefore be blocked.
Port | Purpose | ||||||||||||
22 | Required between an ESXi host and the ZVM during installation of a VRA. | ||||||||||||
443 |
|
||||||||||||
445 | Required between Extended Journal Copy and a network shared repository on top of SMB protocol. | ||||||||||||
2049 | Required between Extended Journal Copy and a network shared repository on top of NFS protocol. | ||||||||||||
4005 | Log collection between the ZVM and site VRAs , using TLS over TCP communication. | ||||||||||||
4006 | TLS over TCP communication between the ZVM and local site VRAs and the site VBA. | ||||||||||||
4007 | Unencrypted TCP communication between protecting and peer VRAs. | ||||||||||||
4008 | Unencrypted TCP communication between VRAs to pass data from protected virtual machines to a VRA on a recovery site. | ||||||||||||
4009 | TLS over TCP communication between the ZVM and local site VRAs to handle checkpoints. | ||||||||||||
7073 |
Internal port, used only on the ZVM VM. Used for communication with the service in charge of collecting data for the Zerto Resource Planner. Note: Unless you select the checkbox ‘Enable Support notification and product improvement feedback’, data is not transmitted to Zerto Analytics. |
||||||||||||
9007 | Encrypted TCP communication between protecting and peer VRAs. | ||||||||||||
9008 | Encrypted TCP communication between VRAs to pass data from protected virtual machines to a VRA on a recovery site. | ||||||||||||
9071* |
HTTPS communication between paired ZVMs. *The default port provided during the ZVR installation which can be changed during the installation. |
||||||||||||
9080* |
Communication between the ZVM, and Zerto Diagnostic tool. *The default port provided during the ZVR installation which can be changed during the installation. |
||||||||||||
9180* |
Communication between the ZVM and the VBA. *The default port provided during the ZVR installation which can be changed during the installation. |
If a proxy server is used at the site, specify the IP address of the Zerto Virtual Manager in the exception list in the Proxy Server settings.