Security design
Requirements
The following are requirements for the security aspect for the Zerto for disaster recovery for VMware workloads pattern:
- Provide encryption or privacy for the replication between the IBM Cloud regions.
Considerations
| Security areas | Description |
|---|---|
| Network security | Isolation: Ensure proper network isolation for the Zerto infrastructure components from unauthorized access. Firewall rules: Implement strict firewall rules to control traffic between Zerto components and other systems within the IBM Cloud environment. |
| Access control | Role-based access control (RBAC): Implement RBAC to restrict access to Zerto components based on job responsibilities, ensuring that only authorized personnel can configure and manage. For more information, see Permissions by Zerto Cloud Manager. Authentication: Enforce strong authentication mechanisms, such as multi-factor authentication (MFA), for accessing the Zerto management console and associated interfaces. |
| Data encryption | In-transit encryption: Enable encryption for data in transit between Zerto components and VMware infrastructure to prevent interception and tampering. Use secure communication protocols like TLS. For more information, see Network Encryption. and VRA to VRA Encryption. At-rest encryption: Zerto does not support VM encryption. For more information, see vSphere Features. File encryption on a VM with applications such as BitLocker for non-boot disks is supported by Zerto. |
| Vulnerability management | Regular updates: Keep Zerto software and underlying systems up to date with the latest security patches and updates to address potential vulnerabilities. Scanning and testing: Regularly perform vulnerability assessments and penetration testing on the Zerto infrastructure to identify and remediate security weaknesses. |
| Compliance | Regulatory compliance: Ensure that the Zerto deployment within the IBM Cloud adheres to relevant industry regulations and compliance standards, such as GDPR, HIPAA, or any other applicable requirements. |
| Data residency and privacy | Data residency policies: Understand and comply with data residency requirements by configuring Zerto to align with IBM Cloud data residency policies. Privacy considerations: Address privacy concerns by implementing anonymization or pseudonymization of sensitive data within backups. |