Installing Zerto Cloud Manager : Firewall Ports Used With Zerto Virtual Replication : Zerto Virtual Replication DRaaS Architecture
  
Zerto Virtual Replication DRaaS Architecture
The following diagram shows the basic DRaaS architecture for a VMware environment, with the required ports. DRaaS organizations can manage their disaster recovery via the Zerto User Interface.
The following ports must be opened in the firewalls in both the organization and cloud service provider sites. The # reference numbers refer to the above architecture diagrams:
 
 
Port
#
Description
22
9,24
During Virtual Replication Appliance (VRA) installation on ESXi 4.x, 5.x hosts for communication between the ZVM and the ESXi and Hyper-V host IPs, and for ongoing communication between the ZVM in the cloud site – but not the customer site – and a Zerto Cloud Connector.
443
2,6, 8,19
During VRA installation on ESX, ESXi hosts for communication between the ZVM and the ESX, ESXi host IPs and for ongoing communication between the ZVM and vCenter Server and vCloud Director.
4005
10
Log collection between the ZVM and VRAs on the same site.
4006
11
TCP communication between the ZVM, VRAs, and the VBA on the same site.
4007
16, 21
TCP control communication between protecting and recovering VRAs and between a Zerto Cloud Connector and VRAs.
4008
17, 25
TCP communication between VRAs to pass data from protected virtual machines to a VRA on a recovery site and between a Zerto Cloud Connector and VRAs.
4009
12
TCP communication between the ZVM and site VRAs to handle checkpoints.
5672
20
TCP communication between the ZVM and vCloud Director for access to AMQP messaging.
8100
Communication between the Zerto Virtual Manager and the System Center Virtual Machine Manager in a customer site running Zerto Virtual Replication with Hyper-V.
9080
1,13,15,18
HTTP communication between the ZVM and Zerto internal APIs, a Zerto Cloud Manager, cmdlets, and a VSS Agent, which should only be available to a customer using DRaaS and not ICDR.
9081
7,23,27
TCP communication between the ZVMs and between a customer ZVM and a Zerto Cloud Connector. This port must not be changed when providing DRaaS.
9082 and up
22, 26, 28, 29
Two ports for each VRA (one for port 4007 and one for port 4008) accessed via the Zerto Cloud Connector installed by the cloud service provider. There is directionality to these ports. Zerto recommends using a port range starting with port 9082.
For example, Customer A network has 3 VRAs and customer B network has 2 VRAs and the cloud service provider management network has 4 VRAs, then the following ports must be open in the firewall for each cloud: The cloud service provider’s VRAs need to use 6 ports to reach customer A’s VRAs, while customer A’s VRAs need 8 ports to reach the cloud’s VRAs. The cloud service provider’s VRAs need to use 4 ports to reach customer B’s VRAs, while customer B’s VRAs need 8 ports to reach the cloud’s VRAs.
9180
32
Communication between the VBA and VRA.
9669
3,4, 5,14
HTTPS communication between the machine running the Zerto User Interface and a ZVM, and for invoking Zerto REST APIs.
9779
30
HTTPS communication between the Zerto Self-Service Portal for in-cloud (ICDR) customers and a ZVM.
9989
31
HTTPS communication between the browser and the Zerto Cloud Manager.