Virtual Replication Appliance
Virtual Replication Appliances are custom, very thin, Linux-based virtual machines with a small footprint and disk – memory and CPU – that have been hardened to limit the number of running services to the bare minimum. By default they run only the Zerto protocols and SSH. All other protocols and services, such as the Cron services and ICMP redirects, are either not installed or are turned off.
Zerto uses different types of network services and was designed to work in conjunction with existing network security elements.
• | Firewall |
Zerto components can be deployed behind standard firewalls. Zerto relies on the Virtual Replication Appliance's IPtables firewall to block ports that are not required by Zerto.
Note: | Zerto does not support NAT (Network Address Translation) firewalls. |
• | SSH |
The Zerto components do not require SSH for remote access and access can be closed via the firewall software, only allowing SSH access from authorized clients. Zerto support can supply a hardened Virtual Replication Appliance that can limit SSH access to the console only.
The Zerto Virtual Manager communicates, as a client, with ESX/ESXi hosts securely via SSH when running Zerto with VMware vSphere 5.x or later.
Managing VRA Authentication
Access to the VRA is possible via SSH. It is also possible to access the VRA via the hypervisor console, after setting a root password.
To set the root password, follow the instructions in KB1594 to connect to the VRA, and use the passwd command.
It is also possible to add trusted SSH keys using standard OpenSSH commands.
Important: Following any changes to the user accounts and SSH settings, wait 10 minutes before restarting or shutting down the VRA, to ensure that these settings are maintained across upgrades.