This Quickstart section provides information about the iland deployment process of Secure DRaaS with Zerto. Please review this article and the sub-articles to get started with the deployment process.
The following diagram provides the flow of the high-level steps of the deployment process. Each of the sections are then explained with links to further technical instructions and materials.
1. The setup of your iland Secure Cloud DRaaS with Zerto, begins with your iland Project Manager (PM) reviewing the signed work order, as well as any
relevant design documentation (Statement of Work, network diagram, architecture topology, etc.)
2. Once ready, your iland PM will reach out to you to schedule a kickoff call where we will run through the following deployment process and obtain any relevant technical information. The agenda that is normally followed is:
After the call, the iland team will have everything needed to deploy your Secure Cloud Services environment. Login credentials to the environment will be included in a handoff letter sent to your primary technical contact
The deployment of the iland cloud takes place after the project kickoff and it takes 2-3 business days on average. The deployment will depend on the agreed solution design and Statement of Work but typically consists of the following:
Upon completion of this step, the iland project manager sends a handoff letter summarising the deployment.
You can start with the Zerto installation process even before the iland cloud environment is provided. Pre-requisites, access to the software and instructions with screenshots are provided in this instruction - Installing Zerto.
The next step in the setup of your iland Secure Cloud DRaaS with Zerto solution will be to build a VPN tunnel from your production environment to your new iland Secure Cloud environment. The termination point at the iland end is your Replication Edge, which is a virtual firewall appliance provided by VMware NSX. Connected to the Replication Edge is the Replication Network, to which the Zerto Cloud Connector (ZCC) is attached to. The ZCC acts as a proxy between the VRAs on the protected site and the VRAs on the recovery site. On the customer end the VPN tunnel will have to allow traffic to and from the network(s) on which the Zerto Virtual Manager (ZVM) and Virtual Replication Appliances (VRAs) are connected to.
You can complete this step by following the instructions below.
Alternatively, iland can provide you with assistance by building the configuration on the Replication NSX Edge for you by confirming details such as the IP of your firewall, remote subnets, PSK etc. Please get in touch with the iland project manager to coordinate this, as needed.
You will also need to create the appropriate firewall rules on your on-premise firewall. Traffic has to be allowed both ways, from the IP addresses corresponding to your ZVM and VRAs to the ZCC IP address, and back. The TCP ports that need to be open are the following ranges: 4007 - 4008 and 9081 and upwards.
The table below outlines the required firewall rules for Zerto replication:
|Customer environment||iland environment||Port||Direction |
|Zerto Virtual Manager||Zerto Cloud Connector||TCP 9081||Bi-directional|
|Virtual Replication Appliances||Zerto Cloud Connector||TCP 9082 - 9299|
TCP 4007 - 4008
Once the replication VPN tunnel is established, you should be able to successfully ping your Zerto Cloud Connector (ZCC). The ZCC will typically be deployed on the replication network with an IP address ending in .2, in most cases that would be 172.16.12.2. You can also refer to the handoff letter summarizing the deployment or just ask your iland project manager if in doubt.
Once the Replication VPN Tunnel is operational, you should be able to pair to the iland's ZCC. To pair, please log into the Zerto Management console using the credentials specified during the Zerto installation (see Installing Zerto for more information).
Once logged in, choose the "Pair to a site with a license" radio button and type in the IP address of the ZCC server. The ZCC will typically be deployed on the replication network with an IP address ending in .2, in most cases that would be 172.16.12.2. You can also refer to the handoff letter summarizing the deployment or just ask your iland project manager if in doubt. Do not change the Port Number and hit Pair.
Note: If you receive any errors when attempting to pair your site with iland, the first thing to check would be firewall rules on your production firewall. Traffic has to be allowed both ways, as per the table in the previous step.
Zerto will now open on the Sites tab. If you get automatically logged out of the Zerto interface that means that the required firewall rules are only allowed in one direction, i.e. to the iland ZCC. Return traffic must be allowed for the sites to pair successfully.
You can now proceed with the next step.
To be able to replicate, you must install Virtual Replication Appliances (VRAs) on each of your hosts on which the VMs to be protected currently run or may run in the future (for example, following a vMotion). Please follow our instruction - Deploying VRAs to complete this process.
With VRAs deployed, the next step is creating the Virtual Protection Groups (VPGs). That is where your to-be-protected VMs will be grouped as an entity which to be replicated and failed over as a whole. After completing this step, you will have started replicating to iland! The iland project manager will reach out to you to schedule an onboarding session and go through the process. Alternatively, you can follow our instructions in the Creating VPGs article to complete this process.
Note: Initial Bandwidth burst charges during the initial sync are waived.
Once at least one recovery group hase been fully replicated, the iland project manager will reach out to you to schedule an onboarding session on the test failover functionality offered by Zerto. On the session, we go through the triggering a test through the iland Secure Cloud Console. You can find detailed instructions on the test failover functionality in the Performing a test failover article.
We would also work with you to understand the ways in which the DR environment will be accessed by your end-users and show you different features of the iland secure console - firewall, NAT rules, SSL, IPSEC VPN and more. This typically happens as part of the Test Failover onboarding or as part of a separate session. The iland project manager will confirm with you what would work best in your situation.
The objective of the project is to provide you with the contracted iland DRaaS infrastructure, assist with the setup as needed and provide onboarding on key aspects of the service. Once the onboarding is complete, we proceed with the closure of the setup ticket.
Please reference our Features and How-To documentation for further information and helpful tips. You can also always contact our 24/7 support team. Please find the iland support contact details on the iland website.