Introduction

Zerto helps customers accelerate IT transformation by eliminating the risk and complexity of modernization and cloud adoption. By replacing multiple legacy solutions with a single IT Resilience PlatformTM, Zerto is changing the way disaster recovery, retention and cloud are managed. This is done by providing enterprise-class disaster recovery and business continuity software for virtualized infrastructure and cloud environments.

In on-premise environments, Zerto (ZVR) is installed with virtual machines to be protected and recovered.

In public cloud environments, Zerto Cloud Appliance (ZCA) is installed in the public cloud site that is to be used for recovery.

The installation includes the following:

Zerto Virtual Manager (ZVM): A Windows service that manages everything required for the replication between the protection and recovery sites, except for the actual replication of data. The ZVM interacts with the hypervisor management user interface, such as vCenter Server or Microsoft SCVMM, to get the inventory of VMs, disks, networks, hosts, etc. and then the Zerto User Interface manages this protection. The ZVM also monitors changes in the hypervisor environment and responds accordingly. For example, a VMware vMotion operation, or Microsoft Live Migration of a protected VM from one host to another is intercepted by the ZVM and the Zerto User Interface is updated accordingly.
For the maximum number of virtual machines, either being protected or recovered to that site, see Zerto Scale and Benchmarking Guidelines.
Virtual Replication Appliance* (VRA): A virtual machine installed on each hypervisor hosting virtual machines to be protected or recovered, to manage the replication of data from protected virtual machines to the recovery site.
For the maximum number of volumes, either being protected or recovered to that site, see Zerto Scale and Benchmarking Guidelines.
Note: *In vSphere installations, OVF to enable installing Virtual Replication Appliances.
Virtual Backup Appliance (VBA): A Windows service that manages File Level Recovery operations within Zerto Virtual Replication.
Zerto User Interface: Recovery using Zerto is managed in a browser or, in VMware vSphere Web Client or Client console.

When Zerto is installed to work with an on-premise hypervisor it also comprises the following component:

Data Streaming Service (DSS): Installed on the VRA machine, and runs in the same process as the VRA. It is responsible for all the retention data path operations.

Zerto also supports both the protected and recovery sites being managed by a single vCenter Server, to handle small branch offices. When the protected and recovery sites are the same site, only one installation of Zerto Virtual Replication is required.

Requirements for Each Site

Click to open and review prerequisites and requirements: VMware vSphere environments

Routable Networks

The Zerto architecture supports the following network configurations:

In on-premise environments:
Flat LAN networks
VLAN networks, including private VLANs and stretched VLANs
WAN emulation
VPN IPsec
In Cloud environments:
The instance (virtual machine) on which the Zerto Cloud Appliance is installed must use a subnet that is accessible from all Zerto Virtual Managers that may be connected to this instance.

The Zerto architecture does not support NAT (Network Address Translation) firewalls.

Minimum Bandwidth
The connectivity between sites must have the bandwidth capacity to handle the data to be replicated between the sites. The minimum dedicated bandwidth must be at least 5 Mb/sec.
The Zerto User Interface

For supported browsers, see Interoperability Matrix for All Zerto Versions, in the section Supported Browsers.

The lowest supported screen resolution is 1366x768.

Open Firewall Ports

The following architecture diagram shows the ports that must be opened in the firewalls on all sites.

Zerto can be installed at multiple sites and each of these sites can be paired to another site enabling protection across sites.
Zerto also supports protection and recovery on a site being managed by a single vCenter Server.
If a proxy server is used at the site, specify the IP address of the Zerto Virtual Manager in the exception list in the Proxy Server settings.

The following scenarios are examples of protection and recovery with a single vCenter Server.

When a single vCenter Server is used, port 9081 shown in the above diagram is not used.

From one datacenter, a branch office, to another datacenter, the main office, both managed by the same vCenter Server.

Zerto recommends installing Zerto in the main office site where protected machines will be recovered.

From one host to a second host, both managed by the same vCenter Server.
To the same host but using a different datastore for recovery.

The following table provides basic information, shown in the above diagram, about the ports used by Zerto.

Consider firewall rules if the services are not installed on the same network.

Note: UDP ports in the 444xx range for DHCP are not required and can therefore be blocked.

 

 

Port Purpose
22 Required between an ESXi host and the ZVM during installation of a VRA.
443 Required between the ZVM and the vCenter Server.
443 Required between an ESXi host and the ZVM during installation of a VRA.
445 Required between LTR service and a network shared repository on top of SMB protocol.
2049 Required between LTR service and a network shared repository on top of NFS protocol.
4005 Log collection between the ZVM and site VRAs.
4006 Communication between the ZVM and local site VRAs and the site VBA.
4007 Control communication between protecting and peer VRAs.
4008 Communication between VRAs to pass data from protected virtual machines to a VRA on a recovery site.
4009 Communication between the ZVM and local site VRAs to handle checkpoints.
5672 TCP communication between the ZVM and vCloud Director for access to AMQP messaging.
9779 Communication between ZVM and ZSSP (Zerto Self Service Portal).
9989 Communication between ZCM, and ZCM GUI and ZCM REST APIs.
9080* Communication between the ZVM, Zerto Powershell Cmdlets, and Zerto Diagnostic tool.
9081* Communication between paired ZVMs**
9180* Communication between the ZVM and the VBA.
9669* Communication between ZVM and ZVM GUI and ZVM REST APIs, and the ZCM.

*The default port provided during the ZVR installation which can be changed during the installation.

**When the same vCenter Server is used for both the protected and recovery sites, ZVR is installed on one site only and this port can be ignored.

If a proxy server is used at the site, specify the IP address of the Zerto Virtual Manager in the exception list in the Proxy Server settings.