EnsureDR Prerequisites
To make EnsureDR works correctly, there are some prerequisites to set up in advance.
Servers |
The EDRM/EDR management server with 16 GB RAM, 4 CPUs, disk size 250 GB, and a single NIC The EDRC controller server with 8 GB RAM, 4 CPUs, disk size 50 GB disk, and a single NIC Both servers (EDRM/EDR and EDRC) should be located on the DR location of a testing environment The latest VMware VM tools must be installed on both servers and assigned a static IP Servers must have a single NIC only The correct time zone should be set for both servers Both servers should be joined to a domain |
Credentials |
Domain account which is the local administrator on both EDRM/EDR and EDRC servers |
VMware Credentials |
Our best practice is to use a single AD account that has administrator rights inside the VMware environment. In case your company policy doesn’t allow you to use the same AD account inside the VMware environment with administrator privilege, you can create a dedicated VMware account from VMware vCenter Web UI |
Networking |
Bubble network configured on target ESXi host isolated from production environment, if target is cluster and has multiple hosts, physical or VLAN should close connection between them in bubble like VMware DVSWITCH or close VLAN on physical switch with no gateway so VMs can communicate with each other between hosts in a cramped disaster recovery environment |
Firewall |
For each EDR-Runner to be able to communicate with the EDRM, the outbound side of port 5876 needs to be opened (so EDRM could communicate with it). Each EDR-Runner has the standalone EDR client installed, so it should also be able to communicate (outgoing from the EDR-Runner machine to the relevant machine) with the Replication vendors, the VMWare Virtual Center and the machines to be tested in the EDR needed ports (80,135,443,445,1433, LDAP port, and ICMP port). For each EDR-Runner, you need also to be able to outbound communicate with the EDRM DB on port 5432. The EDRM machine itself should have inbound rules for 5432, 5876, and 443 for accessing the web application. It is recommended to also open outbound port of 9200 from EDRM to support Cloud Logs gathering – for remote support purposes (this is not mandatory) SMTP port should be open for the reporting from the EDRM server to the local mail server. Usually, the SMTP port number is 25 but can be different. Please ask your mail administrator for the correct port number |
Anti-Virus |
If you have Anti-Virus running inside the EnsureDR management server, add an exclusion for:
|
Reporting mail |
SMTP mail service available for the EnsureDR server to send the report via mail such as local exchange or Office365/Gmail |
Supported data movers |
• Azure ASR - on-prem to Azure (Rollup 50) • Carbonite Replication, Double-Take (version 7 – 8.4) • Cohesity (version 6.5) • EMC RecoverPoint for VM (version 5 and above) • NetApp with NFS/ISCSI/Fiber Channel (ONTAP version 9 and above) • Rubrik (version 5.2 and above) • Veeam Replication/Backup (version 11.0) • Veeam SQL only (version 10.0) • VMware SRM. Storage Replication or vSphere Replication (version 5 - 8.3) • Zerto (version 5 - 8) • Zerto Azure to Azure and on-prem to Azure (version 8) |
Supported Browser |
Google Chrome |
UAC |
Users Access Control should be disabled on both servers. If you have GPO which sets it back, please remove this EDRM/EDR and EDRC servers from that domain group policy. |
EnsureDR Controller Firewall Setup
EnsureDR will use the EnsureDR Controller (EDRC) to conduct an extended test in a bubble/isolated network environment. It is best practice not to use a firewall inside a bubble/isolated network to avoid errors during the testing. However, if your company has a strict rule that all network segments must be configured with a firewall, the following ports must be enabled for the extended test to succeed.
Source |
Destination |
Port |
Type |
Notes |
EDRC |
DNS |
53 |
TCP/UDP |
DNS port number |
EDRC |
Linux VMs |
22 |
TCP/UDP |
SSH port |
EDRC |
Microsoft SQL server |
1433 |
TCP |
In case you are testing the SQL server, enable access from EDRC to the SQL server, the default port number for Microsoft SQL is 1433, if you use a different port number, please enter the port you configured inside your SQL server |
EDRC |
VMs |
|
ICMP |
ping for testing networking |
EDRC |
Windows DCs |
389 |
TCP |
LDAP port of recovered domain controller |
EDRC |
Windows VMs |
135 |
TCP/UDP |
RPC port of recovered VM |
VMs |
DNS |
53 |
TCP/UDP |
DNS port number |
VMs |
Windows DCs |
389 |
TCP |
Accessing LDAP from recovered VMs |