EnsureDR Prerequisites

Compatible for EnsureDR Version 4.0.7 


Before you begin: This document covers the prerequisites for installing basic design of EnsureDR that covers Health and Advanced tests. Basic design includes support upto 1000 devices and upto two datacenters, source/target or production/DR. For any other designs please contact support. 


Infrastructure Support

Supported DR Data Movers

  • Zerto (version 5 - 9.5)
  • Zerto Azure to Azure and on-prem to Azure (version 8 - 9.5)
  • VMware SRM. Storage Replication or vSphere Replication (version 5 - 8.15)
  • Carbonite Replication, Double-Take (version 7 – 8.4)
  • Netapp with NFS/ISCSI/Fiber Channel (ontap version 9 and above)
  • EMC RecoverPoint for VM (version 5 and above)
  • Veeam Replication/Backup (version 11.0)
  • Veeam SQL only (version 11.0)
  • Cohesity (version 6.5)
  • Cohesity with Runbooks (version 6.6)
  • Azure ASR - on-prem to Azure (Rollup 50)
  • Rubrik (version 5.2 and above)

DR test support

  • Domain Controller (DC)
  • Virtual and Physical servers (Windows/Linux)
  • Applications
  • Physical equipment such Firewall / Switch/ Storage / other
  • Branch office
  • Internet connection

OS tested support

  • Windows XP/2003 and above
  • Linux RH 5/Suse 10/CentOS 5/Debian 10 and above

Target DR environment support

  • VMware environment
  • Azure environment
  • Physical server

Prerequisite Requirements

Servers and console

Two* VM server with Windows 2016/2019 clean install for standard sizing of up to 1000 tested devices:

  1. One** (for the management server EDRM/EDR) with 16GB mem, 4CPU, 250gb disk, Single NIC
  2. One (for the controller server EDRC) with 8GB mem, 4CPU, 50gb disk, Single NIC

VM location in the tested environment. In the case of VMware - the latest VMware VM tools must be installed on Windows and Static IP assigned. Single NIC only. EDRC - static IP assigned, single NIC only. The correct time zone should be set for the machines.

NOTE*: For larger sizing (thousands of tested devices/multiple data centers) - a sizing evaluation is required to determine the appropriate amount of engine servers (EDR/EDRC).

NOTE**: EDRM (EnsureDR Management) can be installed on a deferent VM and control multiple EDR (EnsureDR) and EDRC (EnsureDR Controller) servers.



  • Domain Admin User (user must be an admin in the EnsureDR`s servers)
  • VMware host user
  • VC admin user
  • Both EnsureDR`s servers must be joined to the domain.
  • Data Mover user (if applicable)

Note: In the workgroup, use the same user and password for all servers.

In mix Domain or Workgroup, use a different job for each environment. Do not join the EnsureDR controller server to any domain. You can configure a different user and password for each tested server.



Bubble network on target Host / Cluster isolated from environment.

Bubble network configured on target ESXi host isolated from the production environment. If the target is a cluster and has multiple hosts, a physical or VLAN that can close the connection between them in the bubble such as VMware DVSWITCH or close the VLAN on a physical switch with no Gateway so VMs can communicate with each other between hosts in a close the DR environment.

NSXt – open a rule that all communication between the EDR and EDRC are allowed on port 443/902



For each EDR-Runner (EDR server) to be able to communicate with the EDRM, the outbound side of port 5876 needs to be opened (so EDRM can communicate with it). Each EDR-Runner has the standalone EDR client installed, so it should also be able to communicate (outgoing from the EDR-Runner machine to the relevant machine) with the Replication vendors, the VMWare Virtual Center, and the machines to be tested in the EDR needed ports (80, 135, 443, 445, 1433, LDAP port, and ICMP port).

For each EDR-Runner, you need to also be able to communicate outbound with the EDRM DB on port 5432.

The EDRM machine itself should have inbound rules for 5432, 5876, and 443 for accessing the web application.

It is recommended to also open the outbound portion of 9200 from EDRM to support Cloud Logs gathering – for remote support purposes (this is not mandatory).

SMTP port should be open for the reporting from the EDRM server to the local mail server. Usually, the SMTP port number is 25, but it can be different. Please ask your mail administrator for the correct port number.


Domain Controller

Scenario 1:  DC in replication job and boot first so any internal test done by EnsureDR won't be blocked due to missing login server.

Scenario 2: DC is replicated via MS DC replication to live DC at DR. Use the DC clone in workflow in EnsureDR console. See user guide for more information.



If you have Anti-Virus software running inside the EnsureDR management server, add an exclusion for:

  • API.exe
  • edr_service.exe
  • EDRC_E2.exe
  • EDRMS.exe
  • EDRRunner.exe
  • EnsureDR.exe


UAC (User Account Control)

Users Access Control should be disabled on both servers. If you have GPO which sets it back, please remove this EDRM/EDR and EDRC servers from that domain group policy.

Supported Browser

Google Chrome


Reporting mail

SMTP mail service available to EnsureDR servers to send the report via mail such as local exchange or Office365/Gmail.


Other (different for each solution)

VMware SRM recovery plan should be failing over to a specific private network and not "Auto". Make sure there are no "manual stops" in the recovery plan scenario. The servers should power on in the process.

Zerto VPG should set failover test to a bubble network

Netapp NFS SVM should have a new Export Policy by the name EDR with Access to target Network volumes, EDR server and target ESXi.

Netapp ISCSI SVM should have imitator setup to all target ESXi. EDR console server should have network connectivity to the Volumes Vlan.


Note: EnsureDR DOES NOT influence your production or DR site. It only collects data from the DR solution such as (VMware SRM/Zerto/Double-Take), run tests on specific scenario and cleans up the test when done. EnsureDR may uncover issues that were hidden in the DR plan solution.