Zerto 10 marks the third iteration of a Linux based ZVM, and v10 is already in its 5th major update. While 9.5 and 9.7 were aimed at greenfield environments, Zerto 10 is the path forward for all customers and with the introduction of update 5, has introduced many new APIs.
Summary of Core APIs
When I say core APIs I mean the APIs that perform what most customers consider “Zerto operations”; things like protect, failover, move, etc.
All core APIs that were available in the Windows ZVM are still available in the Linux-based ZVM appliance in 10.0.
If you have existing scripts that do various things with the core API they will still work just fine as long as you updated the authentication section. This change is described in the next section.
Depreciated Core APIs
The only depreciated API from the Core API set is the “session” api for authentication. I explained this change in my other post over here, check it out if you haven’t already: https://www.jpaul.me/2024/08/converting-rest-api-scripts-for-zvm-appliance-v2/
What’s new in Zerto 10.0
Let’s start with what’s new in the core API set.
Core API updates
Encryption Detection
With the introduction of Encryption Detection in Zerto 10.0 we also introduced an API set to manage that new feature.
With this new API set you can get information on any anomalies that are detected by Zerto. Data is available at the VM, Volume, and VPG, levels. You can also dismiss any alerts that are triggered from the APi as well.
I’ll just not that as of u5 you can also enable/disable the feature from this API set too, but we will be moving the enable/disable to the new Site Settings API set which I will talk about later in the post.
Recovery Scripts
The recovery scripts API set enables you to upload VPG Pre/Post scripts to the ZVM appliance. In the Windows ZVM days, you were able to easily move your pre/post recovery scripts to the ZVM be using windows based tools like file manager; now that things are Linux based (and inside of a container) we wanted to simplify the process for customers by exposing an API to upload scripts. Later this will also be available in the web gui too.
The APIs expose full file management functionality for both file and folder operations.
Statistics API
The last change the the core API set is actually not a 10.0 addition. It was added in the Linux 9.7 appliance, but since most folks migrated from 9.7 Windows right to 10.0 Linux, this is basically a new API for you too.
This API exposes data about each VM that is being protected. Here is an example of that data:
Brand new Management APIs!
OK so now let’s talk about the brand new stuff!
When Zerto shipped ZVM as a Windows application, along came a diagnostics utility. That utility was not dependent on the “ZVM service” to be running in order to operate. This was crucial because if ZVM was busted and you wanted logs it wouldn’t be good to rely on the busted service to give you those logs 🙂 – chicken <> egg ….
The same thing applies on the ZVM appliance: we needed a way to gather logs, apply tweaks, change configuration and settings – all while the ZVM service may be offline.
Enter the new management APIs.
But first … the GUI the APIs power…
As you can see below the management GUI is on the same IP/FQDN as your ZVM UI, just with /management/ after it.
This gui allows you to do all of the things the windows-based Diagnostic utility did but from a web interface. This is all brand new, and runs as seperate containers/services on the ZVM appliance… all powered by the new APIs.
Note: Authentication for all the the new APIs follow the same Keycloak based authentication as the GUI and Core APIs.
Configuration Settings API
URL: https://ip-or-fqdn/management/api/configuration
The configuration settings API (and GUI) allow you to pair the ZVM with a vCenter server. If you are a vCloud director user, you can also configure that pairing. ZVM still requires a database, and you can also select internal or external here as well.
This API also handles the security and RBAC GUI options as well, see the “Permissions” section for details. You can also apply a Zerto license to the system here, and even upload two types of certificates: a replacement for the ZVM’s self signed SSL certificate, and ADFS integration certificates.
Note: Uploading certificates in the GUI will be delivered soon, right now they are API only.
Log Collection
URL: https://ip-or-fqdn/management/api/logcollector
Where would we be without logs? Probably lost. So there is both a GUI and API to help collect them from all the compoenents of ZVM and VMware and then get them to you in a bundle
Here is the GUI:
And the API that powers it
The process to get logs is broken into a couple parts. Step one is to tell it to generate the bundle with everything you want in it. Then the second part is to use the download apis to download that bundle to your machine.
Tweak Management
URL: https://ip-or-fqdn/management/api/tweaks
When working with Zerto support they may ask you to apply a tweak to change some default behavior of Zerto. I would be lying if I told you I knew everything that can be tweaked in the Zerto system… but if you ever call support and they need to apply one… this is where the magic happens. Both a GUI and API are available.
And the API:
Note that you should still contact Zerto support before applying any tweaks.
Appliance Upgrade
URL: https://ip-or-fqdn/management/api/upgrade
Well, if windows is gone… and we used to have you download and apply an MSI to upgrade Zerto… how the heck are we going to do that now?
Simple – either a GUI or an API – right from your workstation. Here is the GUI, with some super imposed dialog boxes of the process. Both online (from the internet) and offline (from a bundle) upgrades are supported since 10.0u2p1.
And the API:
You can not only start the upgrade from the API, but also upload offline bundles if you need to.
Settings
URL: https://ip-or-fqdn/management/api/settings
This API set is the newest of them. It allows you to configure ZVM site settings from an API. These settings are also in the main ZVM GUI, but until now could only be configured using the GUI. There are currently 45 configurable settings using this API.
Here is the full list of settings you can change with this PUT API:
[
{
"section": "SiteInformation",
"name": "SiteName",
"value": "Unconfigured site name",
"description": "The name used to identify the site.",
"defaultValue": "Unconfigured site name"
},
{
"section": "SiteInformation",
"name": "SiteLocation",
"value": "Unconfigured location",
"description": "The address of the site or a significant name with which to identify the site location.",
"defaultValue": "Unconfigured location"
},
{
"section": "SiteInformation",
"name": "ContactName",
"value": "Unconfigured contact info",
"description": "The name of the person to contact if a need arises.",
"defaultValue": "Unconfigured contact info"
},
{
"section": "SiteInformation",
"name": "ContactEmail",
"value": "Unconfigured contact email",
"description": "An email address to use if a need arises.",
"defaultValue": "Unconfigured contact email"
},
{
"section": "SiteInformation",
"name": "ContactPhone",
"value": "Unconfigured contact phone",
"description": "A phone number to use for required communication, in international format that includes a plus sign (+) and the country code and no special characters or spaces.",
"defaultValue": "Unconfigured contact phone"
},
{
"section": "WorkloadAutomation",
"name": "AutoPopulateVraPostExitMaintenanceMode",
"value": "false",
"description": "Enable VRA auto population after exiting host maintenance mode.",
"defaultValue": "false"
},
{
"section": "WorkloadAutomation",
"name": "EnableVraAutoEvacuation",
"value": "false",
"description": "Enable VRA auto evacuation when entering maintenance mode.",
"defaultValue": "false"
},
{
"section": "WorkloadAutomation",
"name": "EnableVraAutoInstallation",
"value": "false",
"description": "Enable VRA auto installation when a host is added to a cluster.",
"defaultValue": "false"
},
{
"section": "WorkloadAutomation",
"name": "AutoPopulateVraPostInstallation",
"value": "false",
"description": "Enable VRA auto population after installation.",
"defaultValue": "false"
},
{
"section": "WorkloadAutomation",
"name": "EnableVraRemoval",
"value": "false",
"description": "Enable VRA removal when a host is removed from inventory.",
"defaultValue": "false"
},
{
"section": "WorkloadAutomation",
"name": "EnableVMsAutoProtection",
"value": "false",
"description": "Enable VMs auto protection using VMware vSphere tags.",
"defaultValue": "false"
},
{
"section": "Policies",
"name": "FailoverMoveCommitPolicy",
"value": "Commit",
"description": "The commit policy to use during a failover or move operation. Parameters: None - Manually commit or roll back the failover or move operation. Commit - Commit the failover or move operation after the time specified in the default commit timeout. Rollback - Roll back the failover or move operation after the time specified in default rollback timeout.",
"defaultValue": "Commit"
},
{
"section": "Policies",
"name": "DefaultCommitTimeoutInMinutes",
"value": "60",
"description": "The timeout period in minutes after which the failover or move operation is committed. Range: 0 - 1440 minutes.",
"defaultValue": "60"
},
{
"section": "Policies",
"name": "DefaultRollbackTimeoutInMinutes",
"value": "10",
"description": "The timeout period after which the failover or move operation is rolled back. Range: 10 - 1440 minutes.",
"defaultValue": "10"
},
{
"section": "Policies",
"name": "DefaultScriptExecutionTimeoutInSeconds",
"value": "300",
"description": "The length of time after which a script times out. Range: 300 - 6000 seconds. 0 is no timeout.",
"defaultValue": "300"
},
{
"section": "Policies",
"name": "ReplicationPauseTimeInMinutes",
"value": "0",
"description": "The default time to pause when synchronizing a VPG if continuing the synchronization will cause all the checkpoints in the journal to be removed. Range: 0 - 1440 minutes.",
"defaultValue": "0"
},
{
"section": "Policies",
"name": "ReplicationOfToSelfEnabled",
"value": "true",
"description": "Enable the same site to be used as both the protected and recovery site.",
"defaultValue": "true"
},
{
"section": "Policies",
"name": "KeepVmUuid",
"value": "false",
"description": "Preserve the BIOS UUID of the protected VM after recovery operations.",
"defaultValue": "false"
},
{
"section": "Policies",
"name": "KeepInstanceUuid",
"value": "false",
"description": "Preserve the Instance UUID of the protected VM after recovery operations.",
"defaultValue": "false"
},
{
"section": "Policies",
"name": "CopyVmTagsToRecoverVm",
"value": "false",
"description": "Preserve the vSphere VM tags of the protected VM after recovery operations.",
"defaultValue": "false"
},
{
"section": "Policies",
"name": "AllowSdrsForVras",
"value": "false",
"description": "Allow SDRS for Recovery VRAs to automate load balancing for Recovery Storage, including Journal and Recovery volumes.",
"defaultValue": "false"
},
{
"section": "Policies",
"name": "Vra2VraEncryptionEnabled",
"value": "true",
"description": "Secure and encrypt the communication channel between the VRA and its peer VRAs.",
"defaultValue": "false"
},
{
"section": "EncryptionDetection",
"name": "EncryptionAnalyzer",
"value": "true",
"description": "Allow Zerto Encryption Analyzer to use real-time inspection of protected VMs' writes to identify anomalous encryption activity.",
"defaultValue": "true"
},
{
"section": "Throttling",
"name": "MaxBandwidthEnabled",
"value": "false",
"description": "Enable bandwidth throttling from this site to all peer recovery sites.",
"defaultValue": "false"
},
{
"section": "Throttling",
"name": "MaxBandwidthInMBps",
"value": "5",
"description": "The bandwidth, between 5 and 10500 MB/sec, that Zerto uses from this site to all peer recovery sites.",
"defaultValue": "5"
},
{
"section": "Throttling",
"name": "TimeBasedBandwidthEnabled",
"value": "false",
"description": "Enable different bandwidth throttling during a specific period (time-based).",
"defaultValue": "false"
},
{
"section": "Throttling",
"name": "TimeBasedMaxBandwidthEnabled",
"value": "false",
"description": "Limit time-based throttling to the maximum bandwidth during the specific times.",
"defaultValue": "false"
},
{
"section": "Throttling",
"name": "TimeBasedMaxBandwidthInMBps",
"value": "5",
"description": "The maximum allocated replication bandwidth during the specific times from this site to all peer recovery sites, between 5 and 10500 MB/sec.",
"defaultValue": "5"
},
{
"section": "Throttling",
"name": "TimeBasedBandwidthStartTime",
"value": "00:00",
"description": "The time to start the time-based throttling, in UTC 24-hour hh:mm format.",
"defaultValue": "00:00"
},
{
"section": "Throttling",
"name": "TimeBasedBandwidthEndTime",
"value": "01:00",
"description": "The time to end the time-based throttling, in UTC 24-hour hh:mm format.",
"defaultValue": "01:00"
},
{
"section": "Throttling",
"name": "BandwidthRegulationEnabled",
"value": "true",
"description": "Use only when directed by Zerto Support. Enable bandwith regulation when bandwidth problems occur.",
"defaultValue": "true"
},
{
"section": "Throttling",
"name": "IoThrottlingEnabled",
"value": "true",
"description": "Use only when directed by Zerto Support. Enable IO throttling if the host is handling too many IOs.",
"defaultValue": "true"
},
{
"section": "Throttling",
"name": "BadIoLatencyVMInMs",
"value": "40",
"description": "Use only when directed by Zerto Support. The threshold at which latency is deemed high and therefore undesirable. Range: 0 - 2147483647 ms.",
"defaultValue": "40"
},
{
"section": "Throttling",
"name": "DurationInMs",
"value": "5000",
"description": "Use only when directed by Zerto Support. The time interval to use to calculate the average latency. Range: 0 - 2147483647 ms.",
"defaultValue": "5000"
},
{
"section": "Email",
"name": "SMTPServerAddress",
"value": "",
"description": "The SMTP server address of the vCenter Server.",
"defaultValue": ""
},
{
"section": "Email",
"name": "SMTPServerPort",
"value": "25",
"description": "The SMTP server port.",
"defaultValue": "25"
},
{
"section": "Email",
"name": "SenderAccount",
"value": "",
"description": "A valid email address for the email sender.",
"defaultValue": ""
},
{
"section": "Email",
"name": "ToAccounts",
"value": "",
"description": "A comma-separated or colon-separated list of valid email addresses to receive the email.",
"defaultValue": ""
},
{
"section": "Email",
"name": "EnableSendingAlerts",
"value": "false",
"description": "Enable email notification when alerts are issued, and after the issue has been successfully handled.",
"defaultValue": "false"
},
{
"section": "Reports",
"name": "ReportsSamplingRate",
"value": "Daily",
"description": "Frequency for taking resource samples to identify resource usage which can be 'Daily' or 'Hourly'.",
"defaultValue": "Daily"
},
{
"section": "Reports",
"name": "ReportsSamplingTimeDaily",
"value": "01:00",
"description": "The time at which to take Daily resource samples in UTC 24-hour hh:mm format.",
"defaultValue": "01:00"
},
{
"section": "Reports",
"name": "ReportsSamplingTimeHourly",
"value": "0",
"description": "The rate at which to take Hourly resource samples in mm format.",
"defaultValue": "0"
},
{
"section": "Compatibility",
"name": "HostVersions",
"value": "{\"SupportedEsxUpdatesStrings\":[{\"EsxVersion\":\"6.7\",\"EsxUpdate\":\"4\",\"HypervisorType\":0},{\"EsxVersion\":\"7.0\",\"EsxUpdate\":\"3\",\"HypervisorType\":0},{\"EsxVersion\":\"8.0\",\"EsxUpdate\":\"2\",\"HypervisorType\":0}]}",
"description": "The supported updates for the host version.",
"defaultValue": ""
},
{
"section": "LoginBanner",
"name": "EnableLoginBanner",
"value": "false",
"description": "Enable the login banner on the login page.",
"defaultValue": "false"
},
{
"section": "LoginBanner",
"name": "LoginBannerMessage",
"value": "Unconfigured login banner message",
"description": "The message to be displayed on the login page each time the user logs in.",
"defaultValue": "Unconfigured login banner message"
}
]
Summary
I’m happy to report that the Zerto platform is closer than ever to being 100% API complete.
If you find a use case that you are unable to complete using the API, please, let me know.