You can configure some extra security features to ensure your replication data will not be compromised throughout your disaster recovery plan:
Use Microsoft Active Directory to access to Zerto Virtual Replication
- Zerto Virtual Manager runs as a Windows service. This Windows machine should be joined to your domain.
- Your vCenter Server should be also joined to your domain. Then you can use a domain service user to configure Zerto integration with vSphere.
- After, you can ensure that all Zerto users must authenticate your domain to manage your DR solution.
Use a dedicated network for replication traffic
- Isolate replication traffic on a dedicated VLAN for Virtual Replication Appliances, VRAs.
Customize firewall rules
- Create rules to allow only the needed ports. This table contains the most important:
|22||During Virtual Replication Appliance installation on ESXi 4.x and 5.x hosts for communication between the Zerto Virtual Manager and the ESXi hosts IPs.|
|443||During Virtual Replication Appliance installation on ESXi hosts for communication between the Zerto Virtual Manager and the ESXi hosts IPs and for ongoing communication between the Zerto Virtual Manager and vCenter Server.|
|4005||Log collection between the Zerto Virtual Manager and Virtual Replication Appliances on the same site.|
|4006||TCP communication between the Zerto Virtual Manager and Virtual Replication Appliances on the same site.|
|4007||TCP control communication between protecting and recovering Virtual Replication Appliances.|
|4008||TCP communication between Virtual Replication Appliances to pass data from protected virtual machines to a Virtual Replication Appliance on a recovery site.|
|4009||TCP communication between the Zerto Virtual Manager and site Virtual Replication Appliances to handle checkpoints.|
|9081||TCP communication between Zerto Virtual Managers.|
|9180||Communication between the VBA and Virtual Replication Appliance.|
|9669||HTTPS communication between machines running Zerto User Interface and Zerto Virtual Manager.|
Use network encryption between sites
- Communication across networks can be encrypted using network encryption software such as VPN and IPsec.
Assign roles and permissions to each user
- When it is installed, Zerto Virtual Replication adds privileges to vSphere to perform specific actions in Zerto Virtual Replication. These privileges include:
- Live Failover / Move.
- Manage Sites.
- Manage VPG.
- Manage VRA.
- Test Failover.
- Zerto Official Security/Hardening Guide: Security and Hardening – Zerto Virtual Replication.