In our environments running 6.x we have observed the ZVM deploying Z-VRAH appliances from time to time after the initial deployment of the Z-VRA appliances so closing these ports will not impact the automated deployments of these Z-VRAH appliances ? Is version 7.x no longer having this behaviour which would make safe to close these ports? In our case this is very important to know as we won’t be able to get these ports open after the initial deployment if required later.
Mike from Zerto here. Which ports are you referring to? In Enterprise environments, VRAs use ports 4005, 4006, and 4009 for communication with the ZVM and 4007 and 408 to communicate with other VRAs. Are those the ports you are referring to? If so, those ports are used by normal VRAs and should remain open for replication. VRAHs, or Shadow VRAs, get added to a host automatically, so I would recommend keeping the ports open. For more information on Shadow VRAs, please see the following article:
You didn’t answer my question. If we close ports 22/443 after the initial deployment of the VRAs what will happen when one of the appliance will be running out of available virtual disks slots ? What is the deployment mechanism for the shadow appliances vs the normal appliances is it the same or different? Are not the shadow appliances the exact same thing as the VRAs but with a different name ? If so how come ports 22/443 are no longer required to to deploy these vs the normal appliances at the initial deployment ?
Thank you for clarifying, and my apologies for the confusion, as I was unsure about the ports you were referring to. The deployment for the normal VRA puts a piece of Zerto software on the host to allow for communication between the host and the VRA, and that requires ports 22/443 to be enabled. Since that is not needed for a VRAH deployment, ports 22/443 would not be required for a VRAH deployment.