Pairing Changes in ZVR 7.5+

KB Number:
000001646

Symptoms:
In ZVR 7.5, and ZVR 8.0 we have improved security when pairing sites.  Prior to ZVR 7.5, the pairing method was insecure because the receiving site never authorized any pair requests.  The recipient site now must generate a token that is used for pairing a remote site.

Please be aware of the following when pairing in ZVR 7.5:
  • The authentication token when pairing is required.  There is no way to circumvent this.
  • No backwards compatibility.  This means that a newly installed 7.0 site, and a newly installed 7.5 site will not be able to pair.  Both sites must be on ZVR 7.5 in order to pair.
  • Existing ZVR 7.0 sites that are already paired will not lose their pairing as a result of an upgrade.
  • The pairing token expires after 48 hours.
  • The pairing token can be used to pair a single site.  If you have a second site to pair, you must generate a new token for that site.
  • The token is validated and deleted when pairing is completed.

Please be aware of the following when pairing in ZVR 8.0:
  • The authentication token when pairing is required.  There is no way to circumvent this.
  • No backwards compatibility.  This means that a newly installed 7.5 site, and a newly installed 8.0 site will not be able to pair.  Both sites must be on ZVR 8.0 in order to pair.
  • Existing ZVR 7.5 sites that are already paired will not lose their pairing as a result of an upgrade.
  • The pairing token expires after 48 hours.
  • The pairing token can be used to pair a single site.  If you have a second site to pair, you must generate a new token for that site.
  • The token is validated and deleted when pairing is completed.

Cause:
Since we have added security measures to pairing that require an authentication token in ZVR 7.5+, pairing methods have been changed.  In ZVR 8.0, the pairing token complexity has changed along with the introduction of native ZVM -> ZVM encryption. 

Solution:
  1.   The token is generated in the recipient site ZVM GUI (Sites > Generate Pairing Token).  It presents a small window with the token (a string of characters) and a button to copy the 32 character string to your clipboard.  
  2.   Share this token with the user at the requesting site (e.g. email / messenger)  
  3.   From the requesting site, navigate to the ZVM GUI (Sites > Pair).  It presents a small window prompting for 3 items:
    • Hostname / IP of the recipient ZVM
    • Port (default 9081 for ZVR 7.5 and lower.  default 9071 for ZVR 8.0 and higher)
    • Token
  4.  Click Pair

*There are ways to increase / decrease the token complexity (length).  There are also ways to increase / decrease the expiration period for a token.  Please contact Zerto Support for details on how to do this.


Affected Versions:
ZVR 7.0+

Hypervisor:
All

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...