2. EnsureDR Prerequisites

EnsureDR Prerequisites


To make EnsureDR work correctly, there are some prerequisites to set up in advance.



Supported versions of Windows OS are 2016, 2019, and 2022.

The EDRM/EDR management server with 16 GB RAM, 4 CPUs, disk size 250 GB, and a single NIC

The EDRC controller server with 8 GB RAM, 4 CPUs, disk size 50 GB disk, and a single NIC

Both servers (EDRM/EDR and EDRC) should be located on the DR location of a testing environment

The latest VMware VM tools must be installed on both servers and assigned a static IP

Servers must have a single NIC only

The correct time zone should be set for both servers

Both servers should be joined to a domain


Domain account which is the local administrator on both EDRM/EDR and EDRC servers

VMware Credentials

Our best practice is to use a single AD account that has administrator rights inside the VMware environment. In case your company policy doesn’t allow you to use the same AD account inside the VMware environment with administrator privilege, you can create a dedicated VMware account from VMware vCenter Web UI


Bubble network configured on target ESXi host isolated from production environment, if target is cluster and has multiple hosts, physical or VLAN should close connection between them in bubble like VMware DVSWITCH or close VLAN on physical switch with no gateway so VMs can communicate with each other between hosts in a cramped disaster recovery environment


For each EDR-Runner to be able to communicate with the EDRM, the outbound side of port 5876 needs to be opened (so EDRM could communicate with it). Each EDR-Runner has the standalone EDR client installed, so it should also be able to communicate (outgoing from the EDR-Runner machine to the relevant machine) with the Replication vendors, the VMWare Virtual Center and the machines to be tested in the EDR needed ports (80,135,443,445,1433, LDAP port, and ICMP port).

For each EDR-Runner, you need also to be able to outbound communicate with the EDRM DB on port 5432.

The EDRM machine itself should have inbound rules for 5432, 5876, and 443 for accessing the web application.

It is recommended to also open outbound port of 9200 from EDRM to support Cloud Logs gathering – for remote support purposes (this is not mandatory)

SMTP port should be open for the reporting from the EDRM server to the local mail server. Usually, the SMTP port number is 25 but can be different. Please ask your mail administrator for the correct port number


If you have Anti-Virus running inside the EnsureDR management server, add an exclusion for:

  • API.exe

  • edr_service.exe

  • EDRC_E2.exe

  • EDRMS.exe

  • EDRRunner.exe

  • EnsureDR.exe

Reporting mail

SMTP mail service available for the EnsureDR server to send the report via mail such as local exchange or Office365/Gmail

Supported data movers

• Azure ASR - on-prem to Azure (Rollup 50)

• Carbonite Replication, Double-Take (version 7 – 8.4)

• Cohesity (version 6.5)

• EMC RecoverPoint for VM (version 5 and above)

• NetApp with NFS/ISCSI/Fiber Channel (ONTAP version 9 and above)

• Rubrik (version 5.2 and above)

• Veeam Replication/Backup (version 11.0)

• Veeam SQL only (version 10.0)

• VMware SRM. Storage Replication or vSphere Replication (version 5 - 8.3)

• Zerto (version 5 - 8)

• Zerto Azure to Azure and on-prem to Azure (version 8)

Supported Browser

Google Chrome


User Access Control should be disabled on both servers. If there is a Group Policy Object (GPO) that re-enables it, please remove these EDRM/EDR and EDRC servers from that domain group policy.



EnsureDR Controller Firewall Setup


EnsureDR will use the EnsureDR Controller (EDRC) to conduct an extended test in a bubble/isolated network environment. It is best practice not to use a firewall inside a bubble/isolated network to avoid errors during the testing. However, if your company has a strict rule that all network segments must be configured with a firewall, the following ports must be enabled for the extended test to succeed.










DNS port number



SSH port
EDRCMicrosoft SQL server



In case you are testing the SQL server, enable access from EDRC to the SQL server, the default port number for Microsoft SQL is 1433, if you use a different port number, please enter the port you configured inside your SQL server



ping for testing networking
EDRCWindows DCs



LDAP port of recovered domain controller
EDRCWindows VMs



RPC port of recovered VM
SC command line tool for remote access



DNS port number
VMsWindows DCs



Accessing LDAP from recovered VMs