Azure endpoint access required for a ZCA running Zerto for Azure

KB Number:
000001922

Symptoms:
A Zerto for Azure customer may restrict the access provided to the ZCA either before or after Zerto installation.

Cause:
The Azure endpoints listed in this article are required for installation and for ongoing replication. The access is required for access to the Azure API and other Azure resources that Zerto uses to orchestrate replication, protection, and failover.

Solution:

If a proxy exception is not allowed by the customer's internal security policy for all the Internet traffic generated by the ZCA, then access to the following specific Azure endpoints are required.

Authentication and management of access to Azure resources
management.azure.com
*.management.azure-api.net
login.microsoftonline.com

Azure internal use
https://blogs.msdn.microsoft.com/mast/2015/05/18/what-is-the-ip-address-168-63-129-16/
168.63.129.16:32526

ZCA deployment from Azure template
blob.*.store.core.windows.net
*.store.core.windows.net

Azure internal use
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/instance-metadata-service
169.254.169.254

*.blob.core.windows.net

Azure Analytics
secure.*.microsoftonline-p.com

Azure authentication
portal.azure.com 
graph.windows.net

 


Affected Versions:
Zerto 6.5, 7.0

Hypervisor:
Azure

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...