Zerto 10 U7 – Ransomware Defense and Disaster Recovery on VMware vSphere and other virtualization platforms

If you are regular reader of our blog, you’ve probably heard about Zerto, the go-to solution for disaster recovery and ransomware protection. The latest release, Zerto 10 U7, dropped recently, and it’s packed with features that make it a must-have for IT admins looking to bulletproof their IT environments.

In this post, I’ll break down what’s new in Zerto 10 U7, how it works its magic on VMware vSphere, and whether you can deploy it on other virtualization platforms like Hyper-V, XCP-ng, or Proxmox. Let’s dive in!

Latest features in Zerto 10 U7

Zerto 10 U7 builds on its rock-solid Continuous Data Protection (CDP) foundation, adding features that make it even more effective against ransomware and streamline disaster recovery.

Here’s the rundown of what’s fresh in this release:

VMware NSX 4.2 Support: Zerto now fully supports VMware NSX 4.2, ensuring compatibility with the latest VMware networking stack. This is huge for those running modern, software-defined data centers.

Enhanced Real-Time Encryption Detection: The Elastic Journal in Zerto 10 U7 has been beefed up to spot encryption attempts faster than ever. It’s like having a security guard watching every write operation to your VMs, catching ransomware in its tracks.

Immutable Backup Management: Managing tamper-proof backups in cloud storage (think Azure Blob, Amazon S3, or S3-compatible) is now smoother. Plus, integration with HPE’s Cyber Resilience Vault offers air-gapped protection for ultimate security.

Automation Overdrive: Zerto 10 U7 leans hard into automation, using VMware vSphere tags to auto-assign VMs to Virtual Protection Groups (VPGs). The Linux-based Zerto Virtual Manager Appliance (ZVMA) also gets a boost with multi-factor authentication (MFA) and auto-updates for better scalability and security.

Cloud and SaaS: Support for Microsoft 365, Salesforce, and Google Workspace backups (via Keepit integration) has been optimized, alongside better performance for cloud storage like Azure Blob and Google Cloud.

These updates make Zerto 10 U7 a powerhouse for hybrid cloud setups, whether you’re protecting on-premises VMs or cloud-based workloads.

How Zerto Works Its Magic on VMware vSphere

If you’re running VMware vSphere, Zerto is like a Swiss Army knife for disaster recovery and ransomware protection. Here’s a step-by-step look at how it integrates with vSphere to keep your environment safe:

Continuous Data Protection (CDP) at the Core: Zerto installs a lightweight component called the Zerto Virtual Replication Appliance (VRA) on each ESXi host in your vSphere cluster. The VRA intercepts all write operations to protected VMs at the hypervisor level, without needing snapshots or agents inside the guest OS. This means near-zero performance overhead and no disruption to your workloads.

Journal-Based Replication: Zerto uses its Elastic Journal to capture every change to your VMs in real-time, storing them in a journal file on a target site (local, remote, or cloud). This journal allows you to recover to any point in time, down to seconds before a ransomware attack or system failure. For vSphere users, this integrates seamlessly with VMFS or vSAN datastores, ensuring compatibility with your storage setup.

Real-Time Encryption Detection: Zerto’s Encryption Analyzer monitors the data stream for signs of unauthorized encryption, a hallmark of ransomware. If it detects suspicious activity, it alerts admins instantly, letting you isolate the affected VM and roll back to a clean checkpoint using the journal. This works natively with vSphere, leveraging ESXi’s I/O pipeline for real-time analysis.

Failover and Failback Simplicity: Zerto organizes VMs into Virtual Protection Groups (VPGs), which define replication and recovery policies. In a disaster, you can trigger a one-click failover to a secondary vSphere site or cloud environment (like VMware Cloud on AWS). Testing failovers is non-disruptive, as Zerto spins up a sandbox environment without impacting production. Failback to the primary site is just as smooth, with automated reverse replication.
Integration with vSphere Ecosystem: Zerto plugs into vCenter for centralized management, letting you monitor and manage replication from the familiar vSphere interface. It also supports vSphere tags for automation, so new VMs can be automatically protected without manual setup. With NSX 4.2 support in U7, Zerto ensures your network policies follow your VMs during failover, keeping security and connectivity intact.

The result? Recovery Point Objectives (RPOs) of 5–15 seconds and Recovery Time Objectives (RTOs) in minutes, all while keeping your vSphere environment humming along. For example, one of the clients, TenCate slash recovery times from weeks to minutes using Zerto on vSphere, which is a game-changer when ransomware or outages strike.

80%

Awesome

• Design