Skip to content

Discovering Zerto’s Cyber Resilience Vault

TECHunplugged analyst Max Mortillaro recently had the opportunity to travel to San Jose, California for Security Field Day 11. One of the presenting companies, Zerto, a Hewlett Packard Enterprise company, presented on ransomware resilience. The company has been around for a long time and has focused on continuous data protection (CDP) and disaster recovery use cases.

A brief recapitulation on Zerto

Zerto was initially designed as a disaster recovery solution for virtual environments, initially with VMware vSphere, then also with Microsoft Hyper-V. The company provides a best-in-class continuous data protection solution with near-synchronous replication to protect virtualized data and workloads. This technology includes not only real-time replication of every data change, but also includes inline, real-time encryption detection and alerting

Figure 1 – Zerto’s foundational CBP capabilities – Source: Zerto

Another key feature for which Zerto has been consistently praised in the past is the ability to orchestrate fine-grained recovery activities.

Recovery is based on an entire application: the snapshot covers all the components specifically in the application. Since Zerto is a disaster recovery solution, those application groups and dependencies will be configured either during the initial Zerto setup, or when onboarding new applications into Zerto as a part of an organization’s DR onboarding processes.

Figure 2 – Application-centric protection and recovery with Zerto – Source: Zerto

Zerto Cyber Resilience Vault

The Zerto Cyber Resilience Vault is an HPE GreenLake solution based on a reference architecture that includes Zerto as well as the latest HPE Alletra Storage MP all-flash systems. The solution provides an air-gapped vault to which data is continously replicated using Zerto native CDP features. More details on replication will be provided in the following section.

A key capability of the Zerto Cyber Resilience Vault focuses on testing and recovery of workloads in an isolated sandbox. In this sandbox, administrators can securely plan workload recovery activities such as vulnerability scanning, to ensure a workload is ransomware-free prior to its recovery in the production environment. Other activities can include data forensics to understand how the data may have been manipulated, trace back to a source of infection, and more, all without impacting the production workloads or infrastructure.

Figure 3 – Zerto Cyber Resilience Vault: Test and Recovery in the Isolated Sandbox – Source: Zerto

Zerto Cyber Resilience Vault Architecture

From an architectural perspective, the production site is protected by Zerto CDP. This component provides inline detection capabilities, but only protects virtual workloads, therefore native inline detection capabilities are currently limited to virtual machines.

The Zerto Cyber Resilience Vault solution does protect physical servers, but handling is currently performed through third party data protection solutions which will then replicate to the Cyber Resilience Vault.

The cyber resilience vault itself consists of two zones: a landing zone, and a vault zone. The landing zone is online and acts as a primary target for data replication, while the vault zone is air-gapped, with periodic replication happening over RCIP. The vault zone consists of a storage array where data is replicated from the landing zone, and a recovery environment which will be used for test and recovery features.

From a technical standpoint, replication leverages HPE Alletra Storage MP replication via block volumes, and takes advantage of native Alletra Storage MP immutability features.

Figure 4 – Zerto Cyber Resilience Vault Architecture, showing the Landing zone and Vault Zone – Source: Zerto

TECHunplugged’s Opinion

Zerto Cyber Resilience Vault leverages Zerto’s best-in-class capabilities (continuous data protection, DR orchestration) and elevates them, providing HPE with a fully functional cyber resilience vault solution that leverages HPE Alletra storage systems and their immutability features. The architectural implementation is noteworthy and provides better isolation capabilities than what some of Zerto’s / Hewlett Packard Enterprise competitors do.

However, some current limitations must be taken into account when evaluating this solution. The first one revolves around physical workloads, which currently require a third party solution for anomaly detection and vault replication (since Zerto CDP only supports virtual workloads).

The second aspect is triggered by VMware licensing significant price hikes imposed by Broadcom. While not immediately impacting this solution, organizations are currently under heavy pressure to look at exit options, which can include not only Nutanix, but also open source hypervisors. Organizations that currently consider Zerto CDP or the Zerto Cyber Resilience Vault should therefore ask Zerto and HPE about roadmap supportability for VMware vSphere alternatives.

The solution will be available via a CAPEX purchase, HPE will offer several packages based on capacity requirements.

Additional Resources

Check out Tech Field Day website for Security Field Day 11 presentations and videos.

Also, check out TECHunplugged’s review of Zerto’s presentation at Security Field Day 11:

Disclosure: Max Mortillaro was invited to Security Field Day 11 by Tech Field Day, a Futurum Group company, and had his travel and accommodation expenses covered. TECHunplugged was not compensated by Tech Field Day or any presenting companies and has no obligation to create content.