Zerto Field Notice FTN-20201101: Zerto Role Based Access Control and VMware vCenter
Viewed 56 times
Field Technical Notice: FTN-20201101
Zerto Versions Affected:
- Zerto 8.5 when using vCenter Role Based Access Control (RBAC) for Zerto operations
Due to the complex variety of deployment scenarios, Zerto is changing the default behavior of checking vCenter role-based privileges for Zerto operations on newly deployed Zerto 8.5 ZVMs to not checking RBAC by default. Users that depend on vCenter role-based privilege checking for Zerto operations may need to contact Zerto Support before deploying a new Zerto 8.5 ZVM to enable continued role-based checks of vCenter privileges.
Zerto installs the following role-based privileges in vCenter on each new ZVM installation:
- Viewer only
- Failover test
- Manage VRA
- Manage VPG
- Manage Site
- Manage ZCC
- Failover live
- File level restore to production
ZVMs that upgrade to Zerto 8.5 are unaffected by this change.
Customers that have assigned Zerto specific roles to their vCenter users have the following options to preserve this functionality on new ZVM installations:
- Deploy Zerto 8.0 on new ZVM installations until Zerto delivers a new installation option on a future version of Zerto
- Use the Zerto ZCM for role-based access control of Zerto operations and resources
- Contact Zerto Support before deploying a new ZVM on Zerto 8.5 to enable checking of vCenter role-based privileges
Actions to take
Zerto recommends checking if vCenter role-based privileges are required for selected Zerto operations before deploying a new ZVM on Zerto 8.5. If vCenter role-based privileges are required for Zerto operations, then continue using Zerto 8.0 for new ZVM deployments.