The client has an audit going on, and they are asking specific questions, which we need answers to ASAP as they are in the middle of an audit.
I know the answers to some of these questions but would like validation and answers in writing.
1) What user accounts can make changes to Zerto or Jobs within the ZVM Gui?
2) How can we limit who can get access to and modify Zerto GUI?
3) How can we get audit events on changes to Zerto, such as VPGs, or settings?
4) How long (historically) can we get audit events on changes to Zerto, such as VPGs, or settings?
5) Can we change how long historically we can get audit events?
You can find all the information in my answer:
if you are using Zerto with VMware you can use the vCenter roles and permission to control and restrict access to ZVM. For example, you could create a new role in the vCenter with the Zerto Privilege “Viewer”. Users with that role are then only able to “look” at Zerto but not edit anything.
We can also look into preventing them from logging into the ZVM GUI at all,
I believe that such permission is only defined on the hypervisor level, as we discussed.
More on permissions in the vSphere Administration Guide: http://s3.amazonaws.com/zertodownload_docs/Latest/Zerto%20Virtual%20Manager%20vSphere%20Administration%20Guide.pdf (Chapter 24 – Zerto Permissions in vCenter Server)
VPG settings will be exported every 24 hours to C:\Program files\Zerto\Zerto virtual replication\Exported Settings\ with retention of 30 days.
Changes and events will be displayed in the VPG GUI for the last events, yet all events restored on the ZVM DB as long as the VPG still exists.