Zerto 10 launch event was excellent. Having a Kevin Mitnick as one of the presenters really helps indeed, but Zerto 10 looks pretty solid. With features announced in this release, we won't look at ransomware the same way as we did before. If you have a spare hour, watch the recording here, you won't regret. Now, to the content and to the news about what has been announced that Zerto 10 will bring to fight ransomware and other new features.
The fact that the IT is in war against ransomware isn't new. What changes is that IT has better and better tools to fight it to win battles. Usually, the battle is over when ransomware encrypts your servers, endpoints, and also backups. The first “weapon” we've seen over the couple of years was an immutability of backups. So every vendor now has a possibility to have backups stored within an immutable repository. This is good, but with that, there is also the duration during which you'll need to restore your whole system.
Zerto since several years is now part of HP Enterprise, and that's where Zerto might get an advantage over traditional, software-only data protection vendors.
Zerto has been within the industry for over a 10 years and there are some top challenges that Zerto hears:
- Threads evolution
- Slow speed of recovery
- Low ration of data recovery if you pay the ransom
- Staying with compliance with GDPR, SOX, HIPAA, ….
Zerto Encryption Analyzer
As we know, Zerto is known as a product that is able to tap into a virtual machine’s IO stream causing no overhead or performance problems compared to traditional hypervisor snapshots and use that data to captures and copies the IOs from VMs, to the remote site where a journal system keeps those data.
Zerto 10 adds a new component that will be able to detect encryption within the IOs. Usually where there is an encryption, there might be a ransomware attack happening, right? And that's exactly the Zerto's new feature all about – detect encryption at the early stage! When most, if not all, of your data is already encrypted and you're looking to recover, that's already too late….
The detection is done at the block level so where a possibly encrypted block is detected, it happens in the very early stage.
The detection system is actually sitting within the Zerto VRA appliance (the appliance that is responsible for moving the data at the block level), so all you have to do is activate a single check box, which activates the inline detection that collects the encryption metrics data. Those data can be then sent via a new API to ZVM, or to other systems.
Just to note, this feature has no additional cost.
As being said, you can leverage external systems, via new API and hook it to other anti-malware security systems that are external to Zerto. Here is an example at Github
New Vault architecture with immutability and Encrypted periodic replication via Physical air gap direct connect RCIP (Remote copy over IP)
The architecture of Immutable Vault with which has been announced, has an ongoing encrypted periodic replication with a physical air gap with direct connection via RCIP. The physical connections between the storage systems used with Remote Copy over IP (RCIP) are through an IP-capable network. Each link between a pair of storage systems is a logical link between a controller node on one storage system and a controller node on the other storage system in the configuration. These links use an Ethernet port from each of the nodes in the storage systems. HPE Alletra systems are part of the architecture.
Another feature of Zerto's software, in conjunction with HP, as it is now an HP company, is that they're have a Vault architecture that has a encrypted periodic replication where physical direct connect air gap is maintained. The architecture is on the bellow screenshot from the presentation. All snapshots in the vault are immutable, all Zerto components needed for recovery are stored in the vault.
So if you lose the Production and replication targets, because they're encrypted by a ransomware, you still have a vault that you know that is immutable, disconnected from the network, and clean. So you just need to chose the restore point that has been identified as “clean” before the ransomware started to spread out, an start your production from those immutable copies.
The vault does not have an exposed management port and does not have any single point of compromise. The Resilience Automation Server (RAS) inside the vault is a lightweight VM that works with native HPE switch and array services to control the RCIP on the HPE Alletra. It uses randomization to reduce traffic predictability.
The vault will allow you to recover all the components from a clean restore point (Zerto Virtual Manager, journals and replicas) so you'll be able to rebuild a clean Zerto deployment inside the vault, even if, the outside world has been destroyed by ransomware.
Screenshot from the presentation video.
Hardened Linux Appliance instead of Windows system for Zerto
Another new feature of the Zerto 10 is the new hardened Linux Zerto Virtual Manager Appliance to which Zerto moves to. It is a stripped down Linux with hardened kernel, with minimum services actives, with a reduced attack surface, including an MFA and RBAC.
You don't have to worry about how do you migrate, because Zerto provides a tool that migrates everything, not only the settings, VPGs, Recovery plans etc….. The migration, apparently, is very fast, it takes about 5 min.
The upgrades and updates will be much easier than dealing with Microsoft's MSIs. The UI stays the same so no changes for admins from the usage perspective, no need to learn anything new.
Zerto 10 and Enhanced and Expanded Microsoft Azure Integration at Scale
At azure, the challenge is often a cost, when operating a large infrastructures. Zerto 10 has optimized their footprint in Azure on their components, but also lower the number of API calls so overall, for large scale protection workloads in Azure, the Zerto infrastructure is more “lighter” in terms of resources, but also those API calls.
There is also a new support for multi-disk consistency API leveraging new Azure API co-developed with Microsoft. This will allows applications using multiple disks to have a single consistency point.
Zerto for Microsoft Azure will be available in the Azure Marketplace in July.
Zerto is used in Azure now have the same scalability as on-prem. Migration to and from Azure, DR to and from Azure, all those moves are seamless.
Final Words
Zerto Virtual Replication is able to provide very aggressive RPOs with its journaling technology and continuous replication architecture without putting more pressure on production environment which may be the case with traditional backup systems using VDDK and snapshots.
Zerto is able to replicate your virtual environment across your servers and storage platforms. Zerto provides a robust and easy-to-use migration and disaster recovery solution. Zerto has the ability to thoroughly test your BC/DR plans while maintaining the online state of the production environment.
Zerto is:
- RPOs of seconds
- No impact to production because it does not use snapshots like traditional backup programs.
- Simple workflow for rapid RTOs on day-to-day recovery scenarios.
- Failover, failback and testing are all automated
Links: Zerto website
Zerto 10 Launch Event (recorded)
Press Release:
- https://www.zerto.com/press-releases/zerto-unveils-real-time-encryption-detection-and-cyber-resilience-vault-for-hybrid-cloud-security/
- https://www.zerto.com/press-releases/zerto-10-introduces-enhanced-disaster-recovery-and-mobility-for-microsoft-azure-at-scale/
The Zerto 10 product will be GA and available for downland, in a couple of weeks.
More about Zerto on ESX Virtualization
- Zerto Platform 9.7 U1 supports vSphere 8.0
- Zerto Platform Demo – VMware EXPLORE Barcelona 2022
- Zerto 9.5 U1 Transition to Linux to reduce surface attack
- Protect 10 VMs for Free with Zerto
- Zerto Virtual Replication 9 adds Immutability and Instant Restore from long-term retention repository
More posts from ESX Virtualization:
- Homelab v 8.0 (NEW)
- vSphere 8.0 Page (NEW)
- Veeam Bare Metal Recovery Without using USB Stick (TIP)
- ESXi 7.x to 8.x upgrade scenarios
- A really FREE VPN that doesn’t suck
- Patch your ESXi 7.x again
- VMware vCenter Server 7.03 U3g – Download and patch
- Upgrade VMware ESXi to 7.0 U3 via command line
- VMware vCenter Server 7.0 U3e released – another maintenance release fixing vSphere with Tanzu
- What is The Difference between VMware vSphere, ESXi and vCenter
- How to Configure VMware High Availability (HA) Cluster
Stay tuned through RSS, and social media channels (Twitter, FB, YouTube)
