Zerto – vSphere: Security Hardening

You can configure some extra security features to ensure your replication data will not be compromised throughout your disaster recovery plan:

Use Microsoft Active Directory to access to Zerto Virtual Replication

  • Zerto Virtual Manager runs as a Windows service. This Windows machine should be joined to your domain.
  • Your vCenter Server should be also joined to your domain. Then you can use a domain service user to configure Zerto integration with vSphere.
  • After, you can ensure that all Zerto users must authenticate your domain to manage your DR solution.

Use a dedicated network for replication traffic

  • Isolate replication traffic on a dedicated VLAN for Virtual Replication Appliances, VRAs.

Customize firewall rules

  • Create rules to allow only the needed ports. This table contains the most important:

Port

Description

22 During Virtual Replication Appliance installation on ESXi 4.x and 5.x hosts for communication between the Zerto Virtual Manager and the ESXi hosts IPs.
443 During Virtual Replication Appliance installation on ESXi hosts for communication between the Zerto Virtual Manager and the ESXi hosts IPs and for ongoing communication between the Zerto Virtual Manager and vCenter Server.
4005 Log collection between the Zerto Virtual Manager and Virtual Replication Appliances on the same site.
4006 TCP communication between the Zerto Virtual Manager and Virtual Replication Appliances on the same site.
4007 TCP control communication between protecting and recovering Virtual Replication Appliances.
4008 TCP communication between Virtual Replication Appliances to pass data from protected virtual machines to a Virtual Replication Appliance on a recovery site.
4009 TCP communication between the Zerto Virtual Manager and site Virtual Replication Appliances to handle checkpoints.
9081 TCP communication between Zerto Virtual Managers.
9180 Communication between the VBA and Virtual Replication Appliance.
9669 HTTPS communication between machines running Zerto User Interface and Zerto Virtual Manager.

Use network encryption between sites

  • Communication across networks can be encrypted using network encryption software such as VPN and IPsec.

Assign roles and permissions to each user

  • When it is installed, Zerto Virtual Replication adds privileges to vSphere to perform specific actions in Zerto Virtual Replication. These privileges include:
    • Live Failover / Move.
    • Manage Sites.
    • Manage VPG.
    • Manage VRA.
    • Test Failover.
    • Viewer.

REFERENCES

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: