Zerto at Cloud Field Day 17

The Zerto team presented the freshly minted Zerto 10 at Cloud Field Day 17. This was my first time getting to see what’s new in the platform.

Real-Time Detection Meets Real-Time Protection

There are key updates that have arrived into the platform. A really interesting addition to the feature set is the use of detection for profiling behaviors. This is what opens up the door to ransomware resilience and much more.

This release is targeted to VMware hosted environments which is a fantastic place to begin given the amount of Zerto customers running significant VMware estates. It’s also where there is the most low-level control because of years of proven experience.

Streaming Inline Detection – Recovery in Minutes Instead of Days

Real-time discovery through streaming inline detection is a massively important capability. Zerto are able to profile behaviors and make decisions about both protection and recovery. Traditional backup processes are likely to just be backing up the infected data

The journaling process will identify anomalous behavior and mark the change time where something occurred. At the time of release, the tagging of in the journal is the primary action with a great discussion on what could be done in future.

Detection uses multiple NIST accredited algorithms to give a good breadth of coverage for up to date heuristic detection. The next major thing is that they tout zero delay for the activity because they are not running inline with the data movement. Streaming detection allows for a zero-impact detection.

Visualizing the Data with Zerto Analytics

I’m a fan of Grafana so this is exciting to see a very flexible, extensible visualization capability. The Zerto Analytics platform is a SaaS platform so it’s easy to reach and see where issues are occurring. Justin shared a view of the encrypted block change rate which is one of the indicators for a potential ransomware or vulnerability.

We took a look at the REST API which is documented with Swagger for easy navigation.

It’s more common to find folks dabbling with APIs and finding ways that you can interact with the platform. Zerto chose an API-first approach shows the focus on interoperability.

Inside the Vault – The Value of Secrets

One of the challenges with ransomware is that it loves to go after data protection tools. The question is what we do when a worst case scenario occurs.

In order to prepare for the worst, the Zerto cyber resilience vault is designed to be:

  • Isolated
  • Air gapped
  • Immutable
  • Zero trust

There are important protections in place and you can see how a VMware version of the arch

Cloud environments also have options for the cyber resilience vault as well. This is an exciting option that I presume will find many features being developed in the near future. Being able to protect and store your vault-safe objects in the cloud presents some good options.

All of the data in the vault is immutable by default so this is the layer of protection that became an important part of the discussion.

It’s About Recovery…

Backups are great. What’s better is successful restores. The actual value of any backup product is in how it recovers. There are some great sandbox recovery options with extremely low RPO and RTO times which opens up lots of options like:

  • Patch testing
  • Vulnerability testing
  • Running analytics and forensics against recovered VMs

Because the recovery sandbox is safely air gapped from production you can safely run lots of processes without impacting the live environment.

The same recovery processes and quick times will also work for live failover of the real environment. A secure, immutable vault lets you recover a pre-infection or pre-incident instance of the VM. Your vault is also replicated which gives you alternate site recovery options.

There are some risks on the cloud side of the world when it comes to egress but the use-cases for the on-premises vault is where most of the attention is being put for now. It makes sense with the focus being VMware environments which are still dominantly going to be customer-hosted or co-location / managed providers.

ZVM Appliance Architecture – Now with 100% more Kubernetes!

The Zerto Virtual Manager Appliance (ZVMA) is also hardened by default and provides RBAC, MFA, and important baked-in security features.

It’s no surprise that Kubernetes is becoming a core part of the internal operations for the ZVMA. Updates will be able to be done inside the appliance after the initial deployment as an OVF image.

The design is a single instance deployment of microk8s that is self-contained in the VM instance. It’s great to see this just because there are options for other types of deployments now that the working bits are Kubernetes-hosted.

Thanks to Justin and Chris from the Zerto team for a great presentation!

About Zerto

Zerto delivers ransomware resilience, disaster recovery and data mobility with a simple, scalable solution built for virtualized and container-based environments running on-premises or in the cloud.

Zerto website: https://zerto.com

Zerto on on Crunchbase: https://www.crunchbase.com/organization/zerto

Zerto on Partnerbase: https://www.partnerbase.com/zerto

Zerto on Owler: https://www.owler.com/company/zerto


Travel and expenses for Tech Field Day – Cloud Field Day 17 were provided by the Tech Field Day organization, GestaltIT. No compensation was received for attending the event. All content provided in my posts is of my own opinion based on independent research and information gathered during the sessions.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.