Security
The Zerto Self-service Portal is accessed by a URL that is session dependent and the connection is terminated at the end of the session, when the user logs out. The URL cannot be reused. The session also expires after 10 minutes of inactivity.
Note: | The default timeout can be changed by contacting Zerto Support. |
When the Zerto Self-service Portal is integrated within a cloud service provider portal the access URL is session dependent and unique to each ZORG and requires an SSL connection before it can be created. These combined requirements effectively provide multiple layers of security to ensure customer isolation.
When the Zerto Self-service Portal is accessed directly, the ZORG name, username, and password, specified by the cloud service provider for the ZORG, are required to log on to the Zerto Self-service Portal.
See the following:
Zerto Self-service Portal integrated with the cloud service provider portal without a reverse proxy
Zerto Self-service Portal accessed directly, with a reverse proxy
Zerto Self-service Portal accessed directly, without a reverse proxy
The following diagrams show the user accessing the Zerto Self-service Portal:
Zerto Self-service Portal integrated with the cloud service provider portal and using a reverse proxy
Where:
1. | In the cloud service provider portal, access the BC/DR functionality via a button/iFrame. |
2. | Internally, using HTTPS, retrieve the ZSSP session, as described in step 3, in To set up access to the ZSSP when integrated in a Cloud Service Provider portal:. |
3. | Return the session link text as a custom URL. |
4. | Browse to the custom URL to access the unique session. |
5. | Access the unique session using HTTPS and port 9779. |
See also:
Zerto Self-service Portal integrated with the cloud service provider portal without a reverse proxy
Zerto Self-service Portal accessed directly, with a reverse proxy
Zerto Self-service Portal accessed directly, without a reverse proxy
Zerto Self-service Portal integrated with the cloud service provider portal without a reverse proxy
Where:
1. | In the cloud service provider portal, access the BC/DR functionality via a button/iFrame. |
2. | Internally, using either HTTP or HTTPS, retrieve the ZSSP session: |
For more information about ZSSP APIs, see Zerto Virtual Replication RESTful APIs, in the section ZSSP Sessions API.
3. | Return the session link text as a custom URL. |
4. | Browse to the custom URL to access the unique session using HTTPS and port 9779. |
See also:
Zerto Self-service Portal accessed directly, with a reverse proxy
Zerto Self-service Portal accessed directly, without a reverse proxy
Zerto Self-service Portal accessed directly, with a reverse proxy
Where:
1. | Pass the link to the reverse proxy server: |
https://ZVM_IP:9779, where ZVM_IP is translated to the IP of the Zerto Virtual Manager cloud site.
2. | Zerto Virtual Manager returns the Zerto Self-service Portal login page. |
See also:
Zerto Self-service Portal integrated with the cloud service provider portal without a reverse proxy
Zerto Self-service Portal accessed directly, without a reverse proxy
Zerto Self-service Portal accessed directly, without a reverse proxy
Where:
• | Access the ZSSP via the following URL: https://ZVM_IP:9779, where ZVM_IP is the IP of the Zerto Virtual Manager cloud site. |
When a reverse proxy is used, a proxy server retrieves resources on behalf of the customer from one or more servers. The customer requests are forwarded by the proxy server to the Zerto Virtual Manager. Using a reverse proxy enables customers to keep the Zerto Virtual Manager secured with internal access only, and exposes only the reverse proxy server, on a preferred port.
Additional security can be implemented as follows:
• | By making sure that port 9779 is the only port exposed to the proxy server. |
• | By setting up NAT redirection of the customer traffic, to protect the Zerto Virtual Manager and network from being exposed to the customer directly. |
See also:
Zerto Self-service Portal integrated with the cloud service provider portal without a reverse proxy
Zerto Self-service Portal accessed directly, with a reverse proxy