Feedback
The EnsureDR team values feedback from our customers because this is important not only for customers but to us as well. It is our mission to listen and incorporate customer inputs into the build of our products and design them on their needs and suggestions.
Support
In case you have any technical issues or questions, please access the EnsureDR support portal to open a case or send mail to support@ensuredr.com.
Online Documents
For online support, please visit our web pages where you can find more information regarding our platform.
Web site: https://www.ensuredr.com/
Documents: https://www.ensuredr.com/documents/
Support portal and knowledgebase: https://support.ensuredr.com/
About User Guide
This document provides information about the main features, installation, and use of EnsureDR. This document applies to version 4 and all subsequent versions.
The System Architecture
EDRM was built with scale in mind. As a solution for DR sites of any size, the EDRM system could be installed as a cluster of App servers that can serve dozens of EnsureDR nodes (called EnsureDR Runners). Each of these Runners can then connect to a controller, with access to the network bubble created within the DR, to test the DR devices.
Depending on the complexity and size of the DR site, the appropriate amount of App servers/EDR-Runners will be installed, will need to be determined so that they will be able to perform the task of invoking and testing the entire Disaster Recovery process with fault tolerance and high availability.
Here are two design solutions for EnsureDR depending on the number of servers you plan to test.
EnsureDR Prerequisites
To make EnsureDR works correctly, there are some prerequisites to set up in advance.
|
Servers |
The EDRM/EDR management server with 16 GB RAM, 4 CPUs, disk size 250 GB, and a single NIC. The EDRC controller server with 8 GB RAM, 4 CPUs, disk size 50 GB disk, and a single NIC. Both servers (EDRM/EDR and EDRC) should be located on the DR location of a testing environment. The latest VMware VM tools must be installed on both servers and assigned a static IP. Servers must have a single NIC only. The correct time zone should be set for both servers. Both servers should be joined to a domain. |
|
Credentials |
Domain account which is the local administrator on both EDRM/EDR and EDRC servers. |
|
VMware Credentials |
Our best practice is to use a single AD account that has administrator rights inside the VMware environment. In case your company policy doesn’t allow you to use the same AD account inside the VMware environment with administrator privileges, you can create a dedicated VMware account from VMware vCenter Web UI. |
|
Networking |
Bubble network configured on target ESXi host isolated from the production environment. If the target is a cluster and has multiple hosts, a physical or VLAN that can close the connection between them in the bubble such as VMware DVSWITCH or close the VLAN on a physical switch with no Gateway so VMs can communicate with each other between hosts in a close the DR environment. |
|
Firewall |
For each EDR-Runner to be able to communicate with the EDRM, the outbound side of port 5876 needs to be opened (so EDRM could communicate with it). Each EDR-Runner has the standalone EDR client installed, so it should also be able to communicate (outgoing from the EDR-Runner machine to the relevant machine) with the Replication vendors, the VMWare Virtual Center, and the machines to be tested in the EDR needed ports (80, 135, 443, 445, 1433, LDAP port, and ICMP port). For each EDR-Runner you will also need outbound communication with the EDRM DB on port 5432. The EDRM machine itself should have inbound rules for 5432, 5876, and 443 for accessing the web application. It is recommended to also open the outbound portion of 9200 from EDRM to support Cloud Logs gathering – for remote support purposes (this is not mandatory). SMTP port should be open for the reporting from the EDRM server to the local mail server. Usually, the SMTP port number is 25, but can be different. Please ask your mail administrator for the correct port number. |
|
Anti-Virus |
If you have Anti-Virus software running inside the EnsureDR management server, add an exclusion for:
|
|
Reporting mail |
SMTP mail service available for the EnsureDR server to send the report via mail such as local exchange or Office365/Gmail. |
|
Supported Data Movers |
• Zerto (version 5 - 8) • Zerto Azure to Azure and on-prem to Azure (version 8) • VMware SRM. Storage Replication or vSphere Replication (version 5 - 8.13) • Carbonite Replication, Double-Take (version 7 – 8.4) • Netapp with NFS/ISCSI/Fiber Channel (ontap version 9 and above) • EMC RecoverPoint for VM (version 5 and above) • Veeam Replication/Backup (version 11.0) • Veeam SQL only (version 10.0) • Cohesity (version 6.5) • Azure ASR - on-prem to Azure (Rollup 50) • Rubrik (version 5.2 and above) |
|
Supported Browser |
Google Chrome |
|
UAC |
Users Access Control should be disabled on EDRM and EDRC servers. If you have GPO which sets it back, please remove this EDRM/EDR and EDRC servers from that domain group policy. |
Replication/backup solution Prerequisites
To avoid any duplicate IPs in your environment, please validate that your data mover jobs are properly configured with test networking settings to be able to run inside an isolated/bubble network on the DR site before starting the job from the EDRM.
VMware Site Recovery Manager
- Port 443 needs to be open from the main EnsureDR management server (EDRM) to the source and target VMware vCenter servers.
- Port 443 needs to be open from the main EnsureDR management server (EDRM) to the source and target VMware SRM servers.
- Port 443 needs to be open from the client workstation to the EDRM server.
- SMTP port should be open for the reporting, from the EDRM server to the local mail server.
Usually, the SMTP port number is 25 but can be different. Please ask your mail administrators for the correct port number.
Zerto for VMware vSphere
The Zerto PowerShell module must be installed on the EDRM server.
- Port 9669 needs to be open from the main EnsureDR management server (EDRM) to the source and target Zerto data movers.
- Port 443 needs to be open from the main EnsureDR management server (EDRM) to the source and target VMware vCenter servers.
- Port 443 needs to be open from the client workstation to the EDRM server.
- SMTP port should be open for the reporting, from the EDRM server to the local mail server.
Usually, the SMTP port number is 25 but can be different. Please ask your mail administrators for the correct port number.
Veeam Backup and Replication
Veeam Backup Enterprise Manager must be installed on the Veeam server. Veeam servers must be registered in Veeam Enterprise manager before creating a job in EDRM.
Veeam Backup and Replication console must be installed on the EDRM server.
- Ports 9392 and 9398 needs to be open from the main EnsureDR management server (EDRM) to the source and target Veeam data mover servers.
- Port 443 needs to be open from the main EnsureDR management server (EDRM) to the source and target VMware vCenter servers.
- Port 443 needs to be open from the client workstation to the EDRM server.
- SMTP port should be open for the reporting, from the EDRM server to the local mail server.
Usually, the SMTP port number is 25 but can be different. Please ask your mail administrators for the correct port number.
Cohesity
- Port 443 needs to be open from the main EnsureDR management server (EDRM) to the source and target Cohesity servers.
- Port 443 needs to be open from the main EnsureDR management server (EDRM) to the source and target VMware vCenter servers.
- Port 443 needs to be open from the client workstation to the EDRM server.
- SMTP port should be open for the reporting, from the EDRM server to the local mail server.
Usually, the SMTP port number is 25 but can be different. Please ask your mail administrators for the correct port number.
The Network Prerequisites
For successful testing, we need to meet some network prerequisites to avoid duplicate IPs in your environment. As explained in the previous chapter, all data movers must be configured to recover servers inside the isolated network. To be able to do that, you need to create an isolated network inside the VMware vSphere environment. This isolated network will allow you to test all your servers inside that isolated network without interfacing with your production network.
Depending on your data mover settings we can recognize two cases:
- servers are recovered on a single ESXi host
- servers are recovered on multiple ESXi hosts (cluster solution)
In case you are recovering all servers into a single isolated network on a single host, no other action needs to be performed. If you are recovering servers on multiple ESXi, hosts you need to establish connectivity between those ESXi hosts in the isolated network by configuring your external switch.
Depending on how many subnets you have inside your VMware vSphere environment, we can recognize two cases:
- servers are recovered into an isolated network without the need for routing capability
- servers are recovered into an isolated network with a need for routing capability
In the case where all of your servers are inside the same subnet, no additional steps need to be performed. If your servers are configured in multiple subnets, you will need to enable routing capabilities between those subnets. Routing could be done with a physical router configured in your environment or by using some predefined VM appliance/server available on market. Ask your network support team to help you establish routing capabilities between different subnets regardless of which servers have recovered on a single ESXi host or on multiple (cluster) ESXi hosts.
Active directory Prerequisites
The EDRM solutions have capabilities to do advanced tests inside your isolated network after you have recovered servers to the DR site for testing and validation purpose. For successful testing, you will need a Domain Controller available inside an isolated network environment. This Domain Controller will be used by the EDRC server to resolve DNS names and validate credentials.
You can use your data mover to migrate and run the Domain Controller inside the isolated network. Another solution is to use the EnsureDR job to clone the preferred Domain Controller inside the bubble network. If you choose to clone the Domain Controller, it must be located at the DR site, and during the cloning process, the Domain Controller will be shut down to avoid any issues within your production network. Because of that, we suggest having a dedicated Domain Controller on the DR site that EnsureDR will be used inside the EnsureDR job. If this is the case and you choose to use cloned Domain Controller, this server should be set as primary DNS on the EDRC server.
The Installation
EDRM server is already installed and configured inside your environment with a trial license so we can move to the next step and install the EDRC server.
Note: If you have not installed the EDRM before, please refer to the “Quick Startup Guide” that will help you get started and set up the basic EDRM or the full user guide that will guide how to install with the full license and can be found in our knowledgebase.
EDRC installation
To download EDRC setup click on the question mark in the right upper corner of the EDRM management web UI, and select download EDRC.
Before continuing the installation, verify that the EDRC server is configured within the DR site. Log onto the EDRC server with the dedicated account you created as described in the prerequisites. Now, download EnsureDRController.exe and run it as an administrator inside the EDRC server.
A welcome screen will appear, click the Next button.
On the next screen, enter credentials that have administrator rights on the EDRC server. In case your EDRC server name is different from VMware vCenter, please update the VM name as registered inside VMware vSphere. Now click the Next button.
Now enter the EDRM server name or IP address you set up in the previous task, then click the Next button.
Please review the License Agreement, then click the Next button
Now click the Install button and wait until the installation is finished.
The installation begins and depending on the environment and specific components, it may take up to a few minutes to finish the installation.
Now press the Verify installation and exist button to finish the setup process. There is no need to restart the server after the installation is finished.
EnsureDR Manager
Access the EDRM Web UI
Now that the EDRC server is installed and configured, we can open the browser on the Windows desktop and navigate to the EDRM server. Open Google Chrome and navigate to https://your_EDRM_server_name.
The job page is displayed, you will see the job you created during the evaluation of the EDRM trial-mode solution. The trial license is limited to the number of servers inside the job and only a health test can be performed.
Now click on the Create Job button and select Zerto VMware data mover.
On the first page of edit mode, we need to supply a new license by clicking on the plus sign in front of the License Key. In the right panel, enter the custom license name and paste the license key you received by mail. Click the Add button to validate the license key.
If the license key is valid, you can click the Next button to continue.
In the next step, we need to configure the management and isolated network on the DR site where you installed the EDRC server. Add the EnsureDR Controller (EDRC) VM and hostname, if the validation is successful, you can move on to configuring the Domain Controller. You can choose between two possible options:
- Put the Domain Controller inside your Zerto VPG.
- Clone the Domain Controller
In case you configured in your Zerto VPG to replicate the Domain Controller to the DR site, leave the default option and click the Next button.
In case you are not replicating the Domain Controller inside your Zerto VPG, choose the option to clone Domain Controller inside the DR site by clicking on server name from the drop-down list. In the right panel fill in the requested data and then click the Next button.
In the next step, wait until EDRM fetches data from your Zerto data mover, then select desired VPG you want to test, and click on the blue arrow to move selected VPG’s to the selection panel.
In the Device panel, you will see the list of VPG’s and servers with preselected tests (Device Tests panel). Each server by default will be tested on four grounds:
- health test
- network test
- application test
- script test
For a detailed explanation of possible tests and customization, please review the user’s guide. In this document, we will focus on out of a box preselected tests without going deep into details.
Before continuing to the last step, please check that your VPG’s contains at least one Domain Controller. The VPG that contains the Domain Controller must be the first one that Zerto will recover inside the DR site. Click on the red marked option to open the “Set Plains Failover Order” window. If the VPG that contains the Domain Controller is not first on the list, please click and hold the mouse button on desired VPG, then drag it on the top of the panel. Now your VPG that contains the Domain Controller is first in plans order. Click the Save button.
Now we have properly configured the job, click on the Next button.
Warning: EnsureDR will failover/recover a real copy of your server in the target infrastructure. To avoid duplicate names or split brains please make sure your data mover job (VPG) is set to test failover to a bubble isolated VLAN on the target site.
In case a warning message pops up, it will probably be because you selected the VPG that doesn’t include the Domain Controller. Because the Domain Controller is mandatory for the test to succeed, please review your VPG’s and include at least one Domain Controller. In case you are testing a Linux server that doesn't rely on Domain Controller, click the Yes button to continue.
On the last page, you can enter an email address that the EDRM will use to send an offline HTML report after the job is finished. EnsureDR will use our external SMTP server. If this server is not connected to the internet or port 25 is blocked, you can set your internal STMP with the setting button to the right. You can set the scheduler to run the recurrent job on a weekly basis. Click the Save & Run button to execute the job you created.
Note: Only one EnsureDR job can run on the same EDR server. You can either use multiple EDR servers or set different schedules for each job.
Executing the job
In the previous step, you created a job and executed it. The process of running the job consists of four steps:
- Collection
- Failover
- Test
- Cleanup
Collection
During the collection step, we will collect data from your environment to be sure that from the moment you define a job until it’s started, there were no changes inside your environment. This is a mandatory step, if the validation is not successful the job will not continue to the next step.
Failover
If the collection step is finished successfully, the EDRM will start the next step during which we will instruct Zerto data mover to start the failover inside the predefined isolated network. As mentioned earlier, VPG must contain the test network. The failover in the test isolated network will be performed only on VPG you selected in the EDRM job definition.
Test
During the test process, the EDRM will do a test as defined inside the job. All tests can be customized on the server level. You can customize the test by choosing which server inside one VPG will be tested. You can even choose fewer servers for testing inside one VPG, all servers from that particular VPG will be recovered in the DR site in the isolated network and this is all controlled by your Zerto data mover.
Cleanup
During the cleanup stage, we will instruct Zerto data mover to stop the failover process inside the test isolated network. After the cleanup process is finished you will get a report with the results.
Report
When a job is finished you will see the report with all of the details necessary to give you an overview of your DR environment status. In the report, you will find all of the details regarding the time frame during all four of the steps and all details regarding the testing process.
Here is an example of a sample report where you can see how it looks when all for steps are finished and the report is generated. In addition to the test process, inside the report, you can see an animated view of the server booting process.
In the report, you can investigate if tests failed and get more info in the logs by pressing the Full Log button.