Installing Zerto Virtual Replication :
  
 
The Zerto User Interface in a vSphere Client
When using either the vSphere Web Client or Client console, you must use Internet Explorer version 10 or higher. Zerto recommends using an Internet Explorer version later than version 10.
Database Requirements
By default, an embedded SQL-based database is used but it is possible to use an externally managed database, Microsoft SQL Server. To use an externally managed database, during the installation choose the Custom Installation option.
The following Microsoft SQL Server versions are supported: 2008, 2008R2, 2012, 2014.
You must have the following permissions set:
Public and dbcreator server roles.
Permission to connect to the database engine.
Login enabled.
In User Mapping choose the master database under which to create the Zerto Virtual Replication database and set both db_owner and public for database role membership.
Zerto recommends using SQL Server Enterprise Edition if you have 4 or more sites, or 40 or more hosts with virtual machines being protected or recovered, or more than 400 virtual machines to be protected.
Using an externally managed database requires the following configuration for the machine running SQL Server:
4 CPUs or 2 Dual Core CPUs and 16GB RAM.
20GB to accommodate the database and the logs generated by the Zerto Virtual Manager.
Note: If SQL Server is used, it is your responsibility to make sure that database downtime is planned in coordination with your disaster recovery and business continuity requirements. During database downtime, there will be inconsistencies between Zerto Virtual Managers, such as the management of checkpoints, resulting in problems if a recovery is required.
 
 
Firewall Considerations
Zerto Virtual Manager (ZVM) requires the following ports to be open in the protected and recovery site firewalls:
Port
Description
221
During Virtual Replication Appliance (VRA) installation on ESXi 4.x and 5.x hosts for communication between the ZVM and the ESXi hosts IPs and for ongoing communication between the ZVM in the cloud site – but not the customer site – and a Zerto Cloud Connector.
443
During VRA installation on ESX/ESXi hosts for communication between the ZVM and the ESX/ESXi hosts IPs and for ongoing communication between the ZVM and vCenter Server and vCloud Director.
4005
Log collection between the ZVM and VRAs on the same site.
4006
TCP communication between the ZVM and VRAs and the VBA on the same site.
4007
TCP control communication between protecting and recovering VRAs and between a Zerto Cloud Connector and VRAs.
4008
TCP communication between VRAs to pass data from protected virtual machines to a VRA on a recovery site and between a Zerto Cloud Connector and VRAs.
4009
TCP communication between the ZVM and site VRAs to handle checkpoints.
5672
TCP communication between the ZVM and vCloud Director for access to AMQP messaging.
9080
HTTP communication between the ZVM and Zerto internal APIs, a Zerto Cloud Manager (ZCM), cmdlets, and a VSS Agent.
90812
TCP communication between paired ZVMs3 and between a ZVM and a Zerto Cloud Connector.
9082 and up
When a cloud service provider supplies DRaaS – Two TCP ports for each VRA (one for port 4007 and one for port 4008) accessed via the Zerto Cloud Connector installed by the cloud service provider. There is directionality to these ports. Zerto recommends using a port range starting with port 9082.
For example, Customer A network has 3 VRAs and customer B network has 2 VRAs and the cloud service provider network has 4 VRAs, then the following ports must be open in the firewall for each cloud: The cloud service provider’s VRAs need to use 6 ports to reach customer A’s VRAs, while customer A’s VRAs need 8 ports to reach the cloud’s VRAs. The cloud service provider’s VRAs need to use 4 ports to reach customer B’s VRAs, while customer B’s VRAs need 8 ports to reach the cloud’s VRAs.
9180
Communication between the VBA and VRA.
9669
HTTPS communication between the machine running the Zerto User Interface and a ZVM, and for invoking Zerto RESTful APIs.
9779
HTTPS communication between the Zerto Self-Service Portal for in-cloud (ICDR) customers and a ZVM.
9989
HTTPS communication between a browser and the Zerto Cloud Manager.
1 If the ESX/ESXi hosts are given names, make sure that the Zerto Virtual Manager can resolve these names.

2 The default port set during the Zerto Virtual Replication installation. When pairing the ZVM to a Zerto Cloud Connector, this value must not be changed.

3 When the same vCenter Server is used for protection and recovery, Zerto Virtual Replication is installed on one site only and this port is ignored.

VMware Privileges Required by Zerto Virtual Replication
When Zerto Virtual Replication accesses the vCenter Server, it requires the vSphere privileges assigned to Administrator roles, which includes the following privileges.
Category
Privilege
Notes
Alarms
Create alarm
Only during install and uninstall
Remove alarm
Authorization
Modify permission
Only during install and uninstall
Modify role
Reassign role permissions
Datastore
Allocate space
For source/target replication of datastores
Browse datastore
Low level file operations
Move datastore
Remove file
Update virtual machine files
Datastore cluster
Configure a datastore cluster
For installation of VRAs
Extension
Register extension
Only during install and uninstall
Unregister extension
Update extension
Folder
Create folder
 
Delete folder
Move folder
Global
Cancel task
 
Diagnostics
Disable methods
Enable methods
Global tag
Log event
Manage custom attributes
Script action
Set custom attribute
Host > Configuration
Advanced settings
 
Change settings
Security profile and firewall
Virtual machine autostart configuration
Host > Inventory
Modify cluster
 
Network
Assign network
 
Resource
Assign vApp to resource pool
 
Assign virtual machine to resource pool
Sessions
Validate session
 
Tasks
Create task
 
Update task
vApp
Add virtual machine
 
Assign resource pool
Create
Delete
Import
Power off
Power on
Rename
Unregister
vApp application configuration
vApp instance configuration
vApp managedBy configuration
vApp resource configuration
Virtual Machine > Configuration
Add existing disk
TempDatafile placement is required to restore an offsite backup.
Add new disk
Add or remove device
Advanced
Change CPU count
Change resource
Configure managedBy
Extend virtual disk
Memory
Modify device settings
Raw device
Remove disk
Rename
Set annotation
Settings
Swapfile placement
Upgrade virtual machine compatibility
Virtual machine > Interaction
Power off
 
Power on
Virtual machine > Inventory
Create from existing
 
Create new
Move
Register
Remove
Unregister
Note: The Zerto role must also be available. This role is added to the Administrator user during the Zerto Virtual Replication installation.