Introduction

Zerto helps customers accelerate IT transformation through a single, scalable platform for cloud data management and protection. Built for enterprise scale, Zerto’s simple, software-only platform uses continuous data protection to converge disaster recovery, backup, and data mobility and eliminate the risks and complexity of modernization and cloud adoption. Zerto enables an always-on customer experience by simplifying the protection, recovery, and mobility of applications and data across private, public, and hybrid clouds. Zerto is trusted by over 9,000 customers globally and is powering offerings for Microsoft Azure, IBM Cloud, AWS, Google Cloud, Oracle Cloud, and more than 350 managed service providers.

In on-premise environments, Zerto (ZVR) is installed with virtual machines to be protected and recovered.

In public cloud environments, Zerto Cloud Appliance (ZCA) is installed in the public cloud site that is to be used for recovery.

The installation includes the following:

Zerto Virtual Manager (ZVM): A Windows service that manages everything required for the replication between the protection and recovery sites, except for the actual replication of data. The ZVM interacts with the hypervisor management user interface, such as vCenter Server or Microsoft SCVMM, to get the inventory of VMs, disks, networks, hosts, etc. and then the Zerto User Interface manages this protection. The ZVM also monitors changes in the hypervisor environment and responds accordingly. For example, a VMware vMotion operation, or Microsoft Live Migration of a protected VM from one host to another is intercepted by the ZVM and the Zerto User Interface is updated accordingly.
For the maximum number of virtual machines, either being protected or recovered to that site, see Zerto Scale and Benchmarking Guidelines.
Virtual Replication Appliance* (VRA): A virtual machine installed on each hypervisor hosting virtual machines to be protected or recovered, to manage the replication of data from protected virtual machines to the recovery site.
For the maximum number of volumes, either being protected or recovered to that site, see Zerto Scale and Benchmarking Guidelines.

Note: *In vSphere installations, OVF to enable installing Virtual Replication Appliances.

Virtual Backup Appliance (VBA): A Windows service that manages File Level Recovery operations within Zerto Virtual Replication.
Zerto User Interface: Recovery using Zerto is managed in a browser or, in VMware vSphere Web Client or Client console.

When Zerto is installed to work with an on-premise hypervisor it also comprises the following component:

Data Streaming Service (DSS): Installed on the VRA machine, and runs in the same process as the VRA. It is responsible for all the retention data path operations.

Zerto also supports both the protected and recovery sites being managed by a single vCenter Server, to handle small branch offices. When the protected and recovery sites are the same site, only one installation of Zerto Virtual Replication is required.

Requirements for Each Site

Click to open and review prerequisites and requirements: VMware vSphere environments

Routable Networks

The Zerto architecture supports the following network configurations:

In on-premise environments:
Flat LAN networks
VLAN networks, including private VLANs and stretched VLANs
WAN emulation
VPN IPsec
In Cloud environments:
The instance (virtual machine) on which the Zerto Cloud Appliance is installed must use a subnet that is accessible from all Zerto Virtual Managers that may be connected to this instance.

The Zerto architecture does not support NAT (Network Address Translation) firewalls.

Minimum Bandwidth
The connectivity between sites must have the bandwidth capacity to handle the data to be replicated between the sites. The minimum dedicated bandwidth must be at least 5 Mb/sec.
The Zerto User Interface

For supported browsers, see Zerto Virtual Manager - Supported Browsers

The lowest supported screen resolution is 1366x768.

Open Firewall Ports

The following architecture diagram shows the ports that must be opened in the firewalls on all sites.

Zerto can be installed at multiple sites and each of these sites can be paired to any of the other sites.

Zerto supports both the protected and recovery sites being managed by a single vCenter Server or System Center Virtual Machine Manager. For example, in the following scenario:

From a branch office, to the main office, both managed by the same System Center Virtual Machine Manager.
From one host to a second host, both managed by the same System Center Virtual Machine Manager.
To the same host but using different storage for recovery.

It is recommended to install Zerto in the main office site where protected machines will be recovered.

The following table provides basic information about the ports shown in the above diagram.

Consider firewall rules if the services are not installed on the same network.

Note: UDP ports in the 444xx range for DHCP are not required and can therefore be blocked.

Port Purpose
22 Required between an ESXi host and the ZVM during installation of a VRA.
443
Communication between ZVMA and ZVM GUI and ZVM REST APIs, Zerto Powershell Cmdlets, and the ZCM.
Required between the ZVM and the vCenter Server.
Required between theZerto Cloud Manager (ZCM) and ZVMA.
Required between an ESXi host and the ZVM during installation of a VRA.
445 Required between Extended Journal Copy and a network shared repository on top of SMB protocol.
2049 Required between Extended Journal Copy and a network shared repository on top of NFS protocol.
4005 Log collection between the ZVM and site VRAs , using TLS over TCP communication.
4006 TLS over TCP communication between the ZVM and local site VRAs and the site VBA.
4007 Unencrypted TCP communication between protecting and peer VRAs.
4008 Unencrypted TCP communication between VRAs to pass data from protected virtual machines to a VRA on a recovery site.
4009 TLS over TCP communication between the ZVM and local site VRAs to handle checkpoints.
7073

Internal port, used only on the ZVM VM. Used for communication with the service in charge of collecting data for the Zerto Resource Planner.

Note: Unless you select the checkbox ‘Enable Support notification and product improvement feedback’, data is not transmitted to Zerto Analytics.

9007 Encrypted TCP communication between protecting and peer VRAs.
9008 Encrypted TCP communication between VRAs to pass data from protected virtual machines to a VRA on a recovery site.

9071*

HTTPS communication between paired ZVMs.

*The default port provided during the ZVR installation which can be changed during the installation.

9080*

Communication between the ZVM, and Zerto Diagnostic tool.

*The default port provided during the ZVR installation which can be changed during the installation.

9180*

Communication between the ZVM and the VBA.

*The default port provided during the ZVR installation which can be changed during the installation.

If a proxy server is used at the site, specify the IP address of the Zerto Virtual Manager in the exception list in the Proxy Server settings.