Article number
000004576
Affected Versions
8.5

Zerto Field Notice FTN-20201101: Zerto Role Based Access Control and VMware vCenter

Viewed 56 times

Notice

Date: 11/1/2020 

Field Technical Notice: FTN-20201101 

Zerto Versions Affected: 

  • Zerto 8.5 when using vCenter Role Based Access Control (RBAC) for Zerto operations 

Description

Due to the complex variety of deployment scenarios, Zerto is changing the default behavior of checking vCenter role-based privileges for Zerto operations on newly deployed Zerto 8.5 ZVMs to not checking RBAC by default.  Users that depend on vCenter role-based privilege checking for Zerto operations may need to contact Zerto Support before deploying a new Zerto 8.5 ZVM to enable continued role-based checks of vCenter privileges.

Background
 

Zerto installs the following role-based privileges in vCenter on each new ZVM installation: 

  • Viewer only
  • Failover test
  • Manage VRA
  • Manage VPG
  • Manage Site
  • Manage ZCC
  • Failover live
  • File level restore to production
Prior to Zerto 8.5, Zerto checks the vCenter privileges for each user for privileges to use each operation.  Starting on Zerto 8.5 and onward, Zerto no longer performs these checks on newly deployed ZVMs.

ZVMs that upgrade to Zerto 8.5 are unaffected by this change.

Customers that have assigned Zerto specific roles to their vCenter users have the following options to preserve this functionality on new ZVM installations:
  • Deploy Zerto 8.0 on new ZVM installations until Zerto delivers a new installation option on a future version of Zerto
  • Use the Zerto ZCM for role-based access control of Zerto operations and resources
  • Contact Zerto Support before deploying a new ZVM on Zerto 8.5 to enable checking of vCenter role-based privileges

Actions to take

Zerto recommends checking if vCenter role-based privileges are required for selected Zerto operations before deploying a new ZVM on Zerto 8.5.  If vCenter role-based privileges are required for Zerto operations, then continue using Zerto 8.0 for new ZVM deployments.