mirror of
https://github.com/recklessop/zroc.git
synced 2026-07-02 21:13:15 -04:00
fd9a5926c0
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
66 lines
3.0 KiB
Markdown
66 lines
3.0 KiB
Markdown
# zROC UI
|
|
|
|
**Zerto Resiliency Observation Console** — a purpose-built observability frontend for Zerto that replaces Zerto Analytics with a self-hosted, always-on dashboard.
|
|
|
|
## What it does
|
|
|
|
- **NOC Dashboard** — VPG health heat grid, site cards, RPO status at a glance
|
|
- **VPG Monitor** — per-VPG RPO history, throughput/IOPS charts, journal health, VM breakdown
|
|
- **VM Protection** — per-VM drill-down with RPO trends, journal gauges, encryption trends
|
|
- **VRA Infrastructure** — CPU/memory usage, workload counts, volume capacity
|
|
- **Encryption Detection** — near real-time ransomware anomaly detection
|
|
- **Storage** — datastore capacity with Zerto-attributed journal/scratch/recovery breakdown
|
|
- **User Management** — full CRUD with 2FA QR code setup, group management, enterprise IdP integration
|
|
|
|
## Authentication
|
|
|
|
This image includes a Node.js Express backend that handles:
|
|
- OIDC login via **Authentik** (bundled in the full stack)
|
|
- 2FA enforcement (TOTP with QR codes)
|
|
- Enterprise IdP integration (Azure AD, Okta, SAML, LDAP)
|
|
- Rate-limited login, `httpOnly` session cookies, zero Prometheus exposure to browser
|
|
|
|
## Quick start — full stack
|
|
|
|
```bash
|
|
git clone https://github.com/recklessop/zroc.git
|
|
cd zroc
|
|
cp .env.example .env
|
|
# Edit .env with your ZVM credentials and secrets
|
|
docker compose up -d
|
|
```
|
|
|
|
Then visit `https://<your-host>` — on first access run through the setup wizard.
|
|
|
|
## Environment variables
|
|
|
|
|Variable |Required|Description |
|
|
|-------------------------|--------|-------------------------------------------------------|
|
|
|`PROMETHEUS_URL` |No |Prometheus endpoint (default: `http://prometheus:9090`)|
|
|
|`AUTHENTIK_URL` |Yes |Authentik server URL |
|
|
|`AUTHENTIK_CLIENT_ID` |Yes |OIDC client ID registered in Authentik |
|
|
|`AUTHENTIK_CLIENT_SECRET`|Yes |OIDC client secret |
|
|
|`AUTHENTIK_ADMIN_TOKEN` |Yes |Authentik API token for user management |
|
|
|`PUBLIC_URL` |Yes |Public HTTPS URL of the appliance |
|
|
|`SESSION_SECRET` |Yes |Random secret for session signing (min 32 chars) |
|
|
|`AUTHENTIK_ADMIN_GROUP` |No |Group name for admin role (default: `zroc-admins`) |
|
|
|`AUTHENTIK_VIEWER_GROUP` |No |Group name for viewer role (default: `zroc-viewers`) |
|
|
|
|
## Image tags
|
|
|
|
|Tag |Description |
|
|
|--------|-----------------------------------------|
|
|
|`stable`|Latest stable release — use in production|
|
|
|`latest`|Alias for stable |
|
|
|`1.x.x` |Pinned semantic version |
|
|
|
|
## Source
|
|
|
|
- UI & backend: [github.com/recklessop/zroc](https://github.com/recklessop/zroc)
|
|
- Zerto Exporter: [github.com/recklessop/Zerto_Exporter](https://github.com/recklessop/Zerto_Exporter)
|
|
- OVA Appliance: [github.com/recklessop/zroc-ova](https://github.com/recklessop/zroc-ova)
|
|
|
|
## License
|
|
|
|
Apache 2.0 — open source, not officially supported by Zerto/HPE.
|