Configure a Zerto VAIO-based solution in VMware Engine private clouds

This document explains how to set up a Zerto VAIO-based solution in a VMware Engine private cloud that's running on vSphere 8.x. This solution is required if you need to use Zerto for disaster recovery and migration with vSphere 8.x. SecureBoot is enabled by default on ESXi nodes in vSphere 8.x, which prevents the Zerto Non-VAIO solution from functioning. Therefore, setting up the Zerto VAIO-based solution is necessary.

Prerequisites and requirements

Before you can use VMware Engine to update your private cloud, you must update your Zerto vCenter Plugin to version 10.0_U7 or higher and convert to a VAIO-based solution. This conversion helps to ensure continuity and successful upgrades of your private cloud.

Host credential workaround

Zerto requires host-based credentials for VAIO deployments on ESXi servers with Secure Boot enabled. Zerto requires a common root password for all hosts in a cluster.

Using a common root password is against Google security best practices. Therefore, in this solution, you use a PowerCLI script that creates a local administrative user with common administrator rights and a shared password on all hosts in the private cloud. You can get this script by contacting Cloud Customer Care.

Note the following:

  • The PowerCLI script is a separate attachment.
  • The administrator user created by the script is removed from hosts after 48 hours.
  • You might need to rerun the script for VRA redeployments or upgrades.
  • If your organization's policies prohibit using a common password across multiple hosts, contact Zerto for alternative solutions.

Set up Zerto

This procedure assumes a new Zerto deployment on a new VMware Engine private cloud.

  1. Install Zerto ZVM on your VMware Engine private cloud. Use the service VLAN for network connectivity to improve performance and reduce load on NSX.
  2. Sign in to the Zerto management console as an administrator.
  3. Add the first tweak:
    • Tweak Name: t_VraInstallHostUserName
    • Type: ZVM Tweak
    • Tweak Value: Enter the custom Zerto username you plan to create using the PowerCLI script, for example zertouser.
  4. Add the second tweak:
    • Tweak Name: t_vaioVraVmIsolatedNetworkOff
    • Type: ZVM Tweak
    • Tweak Value: Set the value to True.
  5. Add vCenter to Zerto, and ensure VAIO Support is enabled.
  6. Contact Cloud Customer Care to add the necessary SSH exception on all hosts for the ZVM.
  7. Download the PowerCLI script (provided separately by Google) to a system that has PowerCLI installed and network access to the VMware Engine vCenter.
  8. Edit the script to replace the placeholder values for:
    • vCenter IP/FQDN ($vCenterServer)
    • vCenter username ($vCenterUser)
    • New ESXi local username ($NewESXiUser)—Ensure this matches the Tweak Value from step 3.
    • New ESXi local user password ($NewESXiPassword)
  9. Run the script. If you encounter issues, validate network connectivity, DNS resolution, firewall rules, and credentials. If issues persist, contact Cloud Customer Care.
  10. Sign in to ZVM as an administrator.
  11. Go to the setup page in VRA.
  12. Click Edit Cluster Default Settings.
  13. Select the Use Credentials to connect to host option.
  14. Enter the Zerto user's password (the one used in the PowerCLI script) as the Host root Password.
  15. Verify the network details, and then click Save.
  16. Select the cluster, and then click Install VRAs.
  17. Complete the Zerto setup to protect your VMs.

What's next