• This topic has 8 replies, 3 voices, and was last updated January 27, 2017 by Gene T.

Administrator Privilages Not Required

  • I’m a new Zerto user and when I’m told a product requires “Administrator” privileges to vCenter I have a problem with that.  This is a big gaping security hole that needs to be plugged.  I did my own product testing and discovered there are only a couple of additional settings from what is listed in the Security / Hardening guidelines for a vSphere 6.0 implementation.  Those are:

    Global – Disable Methods

    Global – Enable Methods

    Zerto – <All entries>

     

    I created a new role assigned the permissions and was able to install, protect, failover and failback.  If I find any other permissions as I continue my testing I will be sure to post them here.

     

    If anyone else has limited Zerto access to their vSphere environment I would appreciate hearing your experiences.

     

    Thank you.

    Hi Dan!

    Thanks very much for your sharing your experiences and feedback. I’ll compare your notes to ours internally and see if I can provide any further clarification (and documentation updates).

    Thanks again! Keep the feedback coming!

     

    Harry

    Follow me: www.twitter.com/HarrySiii

    I have downloaded and finished my testing on Version 5 of the VMware product.  One additional permission was required:

     

    Host / Configuration / Query patch

    With that in place, installation, test failovers, and failovers have been successful.  I’m not sure why Zerto doesn’t understand why granting full on Administrator permissions is a security risk.  Especially when this level of access is not required.

     

    Thanks and if anyone has found additional permissions I may have missed, please let me know.

    Thanks for posting this.  Has the latest hardening guide been updated with the input above?

    IT Professional with focus on VMware Virtualization and BCDR solutions.

    The “Security and Hardening with Zerto Virtual Replication Version 5.0 Update 1” guide also shows this, which I don’t see in my vCenter Roles/Privileges where the documentation says they are:

    Authorization > Modify Permission

    Authorization > Modify Role

    Authorization > Reassign role permissions

    ^^^ The above is actually under Permissions > Modify Permission | Modify Role | Re-Assign Role Permissions

     

    IT Professional with focus on VMware Virtualization and BCDR solutions.

    So, with all of the above, there’s still something blocking deployment of VRAs.  Given all the sections in the hardening guide to customize for the role, I ended up just enabling each of those top level privileges and I got everything to work, so will work my way backwards to see if I can find what exactly is missing from the hardening guide.  Standby.

    IT Professional with focus on VMware Virtualization and BCDR solutions.
You must be logged in to create new topics. Click here to login