Design Considerations for DRaaS
The organization connects to the cloud service provider via VPN, to a network that has a connection to the internet or to a wider network that enables a connection between the cloud site and the customer site. All the traffic to and from the customer is routed through a Zerto Cloud Connector (ZCC).
A Zerto Cloud Connector is a virtual machine installed on the cloud side, one for each customer replication network. The Zerto Cloud Connector routes traffic between the customer network and the cloud replication network, in a secure manner ensuring complete separation between the customer network and the cloud service provider network. The cloud connector has two Ethernet interfaces, one to the customer’s network and one to the cloud service provider's network. Within the cloud connector a bidirectional connection is created between the customer and cloud service provider networks. Thus, all network traffic passes through the Zerto Cloud Connector, where the incoming traffic from the customer network is automatically configured to IP addresses in the cloud service provider network.
Using Zerto Cloud Connectors ensure the following:
■ None of the customers have direct access to the cloud service provider network and cannot see any part of the cloud service provider network that the cloud service provider does not allow them to see.
■ Each customer has no access to the network of another organization.
If the cloud service provider wants to add more security, it can define a static route that will hop to a different cloud network, specifically for use by the Zerto Virtual Manager and VRAs in the cloud site.
