Introduction
Zerto helps customers accelerate IT transformation by eliminating the risk and complexity of modernization and cloud adoption. By replacing multiple legacy solutions with a single IT Resilience PlatformTM, Zerto is changing the way disaster recovery, retention and cloud are managed. This is done by providing enterprise-class disaster recovery and business continuity software for virtualized infrastructure and cloud environments.
In on-premise environments, Zerto (ZVR) is installed with virtual machines to be protected and recovered.
In public cloud environments, Zerto Cloud Appliance (ZCA) is installed in the public cloud site that is to be used for recovery.
The installation includes the following:
• | For the maximum number of virtual machines, either being protected or recovered to that site, see Zerto Scale and Benchmarking Guidelines. |
• | For the maximum number of volumes, either being protected or recovered to that site, see Zerto Scale and Benchmarking Guidelines. |
Note: | *In vSphere installations, OVF to enable installing Virtual Replication Appliances. |
• | Virtual Backup Appliance (VBA): A Windows service that manages File Level Recovery operations within Zerto Virtual Replication. |
• | Zerto User Interface: Recovery using Zerto is managed in a browser or, in VMware vSphere Web Client or Client console. |
When Zerto is installed to work with an on-premise hypervisor it also comprises the following component:
• | Data Streaming Service (DSS): Installed on the VRA machine, and runs in the same process as the VRA. It is responsible for all the retention data path operations. |
Zerto also supports both the protected and recovery sites being managed by a single vCenter Server, to handle small branch offices. When the protected and recovery sites are the same site, only one installation of Zerto Virtual Replication is required.
Requirements for Each Site
Click to open and review prerequisites and requirements: VMware vSphere environments
Routable Networks
The Zerto architecture supports the following network configurations:
• | In on-premise environments: |
• | Flat LAN networks |
• | VLAN networks, including private VLANs and stretched VLANs |
• | WAN emulation |
• | VPN IPsec |
• | In Cloud environments: |
• | The instance (virtual machine) on which the Zerto Cloud Appliance is installed must use a subnet that is accessible from all Zerto Virtual Managers that may be connected to this instance. |
The Zerto architecture does not support NAT (Network Address Translation) firewalls.
Minimum Bandwidth
• | The connectivity between sites must have the bandwidth capacity to handle the data to be replicated between the sites. The minimum dedicated bandwidth must be at least 5 Mb/sec. |
The Zerto User Interface
For supported browsers, see Interoperability Matrix for All Zerto Versions, in the section Supported Browsers.
The lowest supported screen resolution is 1366x768.
Open Firewall Ports
The following architecture diagram shows the ports that must be opened in the firewalls on all sites.
• | Zerto can be installed at multiple sites and each of these sites can be paired to another site enabling protection across sites. |
• | Zerto also supports protection and recovery on a site being managed by a single vCenter Server. |
• | If a proxy server is used at the site, specify the IP address of the Zerto Virtual Manager in the exception list in the Proxy Server settings. |
The following scenarios are examples of protection and recovery with a single vCenter Server.
When a single vCenter Server is used, port 9081 shown in the above diagram is not used.
• | From one datacenter, a branch office, to another datacenter, the main office, both managed by the same vCenter Server. |
Zerto recommends installing Zerto in the main office site where protected machines will be recovered.
• | From one host to a second host, both managed by the same vCenter Server. |
• | To the same host but using a different datastore for recovery. |
The following table provides basic information, shown in the above diagram, about the ports used by Zerto.
Consider firewall rules if the services are not installed on the same network.
Note: | UDP ports in the 444xx range for DHCP are not required and can therefore be blocked. |
Port | Purpose |
22 | Required between an ESXi host and the ZVM during installation of a VRA. |
443 | Required between the ZVM and the vCenter Server. |
443 | Required between an ESXi host and the ZVM during installation of a VRA. |
445 | Required between LTR service and a network shared repository on top of SMB protocol. |
2049 | Required between LTR service and a network shared repository on top of NFS protocol. |
4005 | Log collection between the ZVM and site VRAs. |
4006 | Communication between the ZVM and local site VRAs and the site VBA. |
4007 | Control communication between protecting and peer VRAs. |
4008 | Communication between VRAs to pass data from protected virtual machines to a VRA on a recovery site. |
4009 | Communication between the ZVM and local site VRAs to handle checkpoints. |
5672 | TCP communication between the ZVM and vCloud Director for access to AMQP messaging. |
9779 | Communication between ZVM and ZSSP (Zerto Self Service Portal). |
9989 | Communication between ZCM, and ZCM GUI and ZCM REST APIs. |
9080* | Communication between the ZVM, Zerto Powershell Cmdlets, and Zerto Diagnostic tool. |
9081* | Communication between paired ZVMs** |
9180* | Communication between the ZVM and the VBA. |
9669* | Communication between ZVM and ZVM GUI and ZVM REST APIs, and the ZCM. |
*The default port provided during the ZVR installation which can be changed during the installation. **When the same vCenter Server is used for both the protected and recovery sites, ZVR is installed on one site only and this port can be ignored. |
If a proxy server is used at the site, specify the IP address of the Zerto Virtual Manager in the exception list in the Proxy Server settings.