DATTO PREREQUISITE

-NETWORK BANDWIGHT REQUIREMENTS

-THE DATTO WINDOWS AGENT INSTALLATION

NETWORK BANDWIGHT REQUIREMENTS

Network link speed requirements

A 100 Mbps network cannot efficiently transfer large datasets between the protected machines and a
Datto appliance. You must have a gigabit network connection between all protected machines and the
Datto appliance over your LAN.

Datto strongly recommends placing the Datto appliance and all protected machines on the same LAN. If
you must set up backups over a WAN, you will need a 50 Mbps dedicated uplink for every terabyte of
protected data. Otherwise, backups will not be reliable. Even if you meet this requirement, the latency
between endpoints will significantly decrease backup throughput. The higher the latency, the lower the
performance.

Any device function performed through a site to site VPN/MPLS will be subject to degraded
performance.

Network architecture considerations

Datto expects that you will deploy BDR appliances in a secure LAN environment. Inbound access from
untrusted WAN hosts should be blocked at the edge of the network (via the router/firewall) to limit the
accessibility of appliance network daemons and services. For more information, see Secure Deployment
Best Practices For Datto Appliances.

WAN uplink considerations

To reliably synchronize with the Datto Cloud, ensure that your connection is at least 1 Mbps (125 KBps)
uplink per terabyte of protected data stored locally on the Datto device. To check how much data your
Datto appliance is currently protecting

For every 1 Mbps of upload capacity that you dedicate to off-site traffic, you will be able to upload
approximately 10 GB of change per day.
Examples

2 Mbps of upload capacity would net approximately 20 GB of change uploaded per day.

10 Mbps of upload capacity would net approximately 100 GB of change uploaded per day.

100 Mbps of upload capacity would net approximately 1 TB of change uploaded per day.

Offsiting 1 TB of change over a 1 Mbps uplink will take approximately 100 days. For images this large,
Datto recommends using the RoundTrip service to send the original base image offsite.

Network MTU considerations

The Datto appliance will most reliably communicate with our monitoring servers when you set the
router's MTU size to 1500 bytes. Since the Datto appliance is also using a 1500 byte MTU size, this will
prevent packet fragmentation, which can cause issues with communication to our monitoring servers.

Port access and IP whitelist requirements

Port access requirements will vary, depending on the type of agent deployed.

Ports 25566 and 25568 (listed as 6001-47000 when WinNAT is enabled) must be open.

Datto Windows Agent:

Allow ports 3262 and port 3260 (TCP) inbound to the Datto appliance from the Windows Agent.

Allow port 25568 (TCP) inbound to the Windows agent from the Datto appliance.

Bypass any local proxy to 8.34.176.9 (webserver.dattobackup.com), on port 443 for correct certificate
installation during DWA install.

ShadowSnap Agent:

For unencrypted backups, allow port 139 (TCP/UDP) inbound to the Datto appliance from the
ShadowSnap agent.
For encrypted backups, allow port 3260 (TCP) inbound to the Datto appliance from the ShadowSnap
agent.

For ShadowSnap agent licensing and activation, allow port 80 TCP outbound from the protected
machine to activate.storagecraft.com (198.135.233.13).

Allow port 25566 (TCP) inbound to the ShadowSnap agent from the Datto appliance. Depending on your
network setup, you may also need to open port 25566 (UDP) inbound to the agent and port 445 (TCP)
inbound to the Datto appliance (for Samba communication to devices that don't use NetBIOS).

Datto Linux Agent

Allow port 3260 (TCP) inbound to the Datto appliance from the Datto Linux Agent.

Allow port 25567 (TCP) inbound to the Datto Linux Agent from the Datto appliance.

Datto Mac Agent

Allow port 3260 (TCP) inbound to the Datto appliance from the Datto Mac Agent.

Allow port 25569 (TCP) inbound to the Datto Mac Agent from the Datto appliance.

Note: Depending on your network security configuration, you may need to whitelist
python.map.fastly.net for optimal device communication.

Internet access requirements for protected machines

Note: Datto strongly recommends enabling IPMI on Datto appliances that include this feature and
configuring the IPMI port with a static IPv4 address. Enabling IPMI will allow you to access the device for
remote troubleshooting if you cannot access the GUI.

 The Datto appliance must have access to the Datto Cloud for backup replication and remote
device management. Also, all ICMP packets must be allowed through the firewall.
 Datto recommends disabling any application-layer filtering of traffic destined for or originating
from your Datto appliance.

For device management, to synchronize time, and to download operating system updates, all backup
appliances must be able to resolve the following Datto sites in the local DNS:

 dattobackup.com
 datto.com
 device-packages.dattobackup.com
 device-images.datto.com
 ntp.dattobackup.com
For operating system maintenance, the Datto appliance must also be able to resolve the following
community sites in the local DNS:

 ntp.ubuntu.com - Ubuntu managed Network Time Portal server, used to synchronize time
 us.archive.ubuntu.com - Ubuntu managed application repository
 security.ubuntu.com - Ubuntu managed application repository
 ppa.launchpad.net - Ubuntu managed application repository

All Datto appliances must have outbound access the following IP ranges for Cloud infrastructure, DNS
failback, and device management:

IP Range Ports UDP/TCP Purpose

8.8.8.8 53 Both DNS

206.201.138.10
206.201.138.11
123 UDP NTP
206.201.138.15
206.201.138.20

8.34.176.0/23 443 TCP Datto portal

162.244.87.51 443 TCP Cloud restores

Image / Package
162.244.85.60 443 TCP
Server

162.244.87.0/24 443 and 80 TCP Remote web

198.49.95.0/24 21 TCP Bandwidth testing

206.201.136.0/23 80, 2200, and 443 Remote Web and

TCP
Cloud storage

The Datto appliance must have outbound access to port 22 (TCP) for data synchronization and port 1194
(TCP) for hybrid virtualizations, as well as VPN tunneling and off-site storage. Depending on your
country, the Datto appliance will require outbound access to the following IP address ranges:
 Getting started with the Datto Windows Agent

System requirements
Datto Windows Agent 1.0 and 2.0
Windows XP Service Pack 3
Windows Server 2003 Service Pack 2
Windows Vista
Datto Windows Agent 2.1 and above
Windows Server 2008 Service Pack 2
Windows Server 2008 R2 Service Pack 1 and later
OS Includes Windows Small Business Server 2011
Windows 7 Service Pack 1
Windows 8
Windows 8.1
Windows 10
Windows Server 2012
Windows Server 2016
Windows Server 2019
Hardware and software-based RAID implementations are
supported.
Any size disk drive can be backed up, including disks larger than
2TB.
MBR boot sectors and GPT partition tables.
Supported disk types
Virtual & physical disks.
Basic volumes and disks.
Windows dynamic disks.
Protected volumes must be Read/Write. You cannot back up
Read-Only volumes.
The Datto Windows Agent needs each volume selected for backup
to have 10% of the volume's total size available for the DattoCtrl or
Datto.ctl file except in the following scenarios:
For versions 2.0 and below of the Datto Windows Agent, if the
Disk space requirements volume is large enough that 10 GB is less than 10% of the total disk
space, the agent will use the percentage of the volume's size that is
closest to and is at least 10 GB. For example, for a 560 GB volume,
the COW file size will be 2% of the volume and be about 11.2 GB in
size.
 For versions 2.1 and above of the Datto Windows Agent, if the
10% number is larger than 10 GB, the file's size will be 10 GB,
regardless of the total size of the protected volume.
In all sizing scenarios, the agent requires an additional 2 GB of
free space for operational overhead.
At least 1 GB of RAM must remain free during normal operations of
Memory requirements
the production machine for install and backups to run.
Gigabit connections from the Datto appliance to all appropriate
network infrastructure. For best results, the Datto appliance should
be connected to a gigabit switch whenever possible.
The protected machine must have Internet access and be able to
reach https://device.dattobackup.com/certApi.php for the initial installation of
the Datto Windows Agent.
Outbound connectivity on the protected machine:
Port 443 (for Datto Cloud communication)
Port 3260 (for iSCSI)
Network
Port 3262 (for MercuryFTP)
Inbound connectivity on the protected machine:
TCP port 25568 (for Datto Windows Agent service)
Outbound from the Datto appliance to the Internet:
Ports 22, 80, 123, 443
The Datto Windows Agent uses MercuryFTP as its primary transport method;
however, if this method fails, backups are intended to fall back to iSCSI.
For an in-depth overview of Datto's networking requirements, see the SIRIS,
ALTO, and DNAS Networking & Bandwidth Requirements article.
Set service-level exceptions for the Datto Backup
Agent and Datto Provider services.
Set an application-level exception for the Datto Windows agent
Anti-virus exceptions
(DattoBackupAgent.exe).
Whitelist the following installation
path: %PROGRAMFILES%\Datto\
The production machine must use a ReFS or NTFS filesystem.
Acronis True Image and Acronis Disk Director are incompatible
with the Datto Windows Agent. Ensure that neither product is
present on the protected system before attempting to install the
Compatibility Datto Windows Agent.
FAT32 filesystems are currently unsupported.
French versions of Windows older than Windows Server 2008 are
unsupported by the Datto Windows Agent.
 The compatibility of this backup solution with any hypervisor
environment or operating system not listed in this article is untested
and may yield unreliable results.

Versioning

You can download the latest version of the Datto Windows Agent from the Datto Downloads page.

Version numbers for all Datto Windows Agent endpoints protected by your Datto device appear on the
appliance's Device Overview page, in the Local Agent Information field, under the Agent Version heading
for each listed production machine.

For Windows XP & Windows Server 2003

The current version of the Datto Windows Agent is 2.0.9, with driver version 1.10.0.0. For release notes,
refer to the Datto Windows Agent (DWA) 1.0 and 2.0: Release notes.

You can download this version of the agent software from the following link: Datto Windows Agent:
Legacy Installer.

For Windows Vista, Windows Server 2008, and above

Version information for this platform of the Datto Windows Agent is available in the Datto Windows
Agent (DWA) Version 2.1 and above: Release notes.

Note: Datto Windows Agent Version 2.2 is a significant upgrade. This release includes new drivers,
which means that existing agent installations will not automatically update. To update your agent
software, follow the steps in our Updating to Datto Windows Agent Version 2.2 and above article.
Update notes for all versions

The agent software also automatically updates itself when a new version becomes available, except
when the release includes a driver update. Because a driver update requires an update and reboot of
the host system, you will need to download and install these versions manually.

If your protected machine does not have regular internet access, you will need to check for and install
updates manually.

Overview

Figure 1 illustrates a generalized data flow for the Datto Windows Agent solution.
For a technical overview of the Datto Windows Agent, see One Take: A Look at the Datto Windows
Agent.

Warnings

Due to their mobile nature, Datto does not endorse or support backing up laptops. Laptops must be
inside the LAN, and not on a wireless network, to perform backups promptly. Attempts to back up
laptops are at your discretion. Due to the range of touchpad drivers, custom drivers, and hardware
configurations available for both laptops and all-in-one workstations, restoration support for these
platforms is 'best-effort' only.

The Datto Windows Agent can only back up volumes that are recognized by the Windows operating
system as logical, stable volumes. It cannot back up mapped network drives, iSCSI targets not attached
as a logical volume, or removable drives.

The Datto solution is capable of backing up multiple types of disk sector schemes. The process writes an
image-based backup to a file that is 512 bytes per physical sector. While rare, some software that relies
on advanced formats, such as 4K, may have issues with the sector size change. Datto recommends
performing regular DR tests to ensure that all required applications function as expected in our
virtualized environment.

The backup of deduplicated volumes is untested and may produce inconsistent results.

File restore of deduplicated volumes is not possible. The Datto Windows Agent, ShadowSnap Agent, and
agentless backup solutions are capable of restoring deduplicated volumes through:

Virtualization

Direct Restore

Bare Metal Restore

Installation

Datto recommends running the following checks on the system you are protecting before installing the
Datto Windows Agent:
chkdsk

Run chkdsk to be sure that all RAIDs and individual disks report back as healthy. Perform necessary disk
repairs before deploying any backup agent. Failure to do so may result in backing up corrupted systems
and restoration failures.

Disk defragmentation

While Datto can perform backups that are running disk defragmentation, be aware that this rearranges
data at a block level, and larger backups will consequently result.

Run disk defragmentation before deployment of the agent.

VSS-aware disk defragmentation programs may allow for smaller backups but are optional.

Windows updates

Download Windows updates, service packs, and any other Microsoft provided updates. After installing
these updates, reboot the server. When scheduling your deployment, remember that the 2nd Tuesday
of every month is Microsoft's 'Patch Tuesday.'

Virus scan

Run a virus scan before you deploy the Datto backup solution to your production machine.

Event Viewer

Check the target's system and application logs to see if there are any VSS or hardware errors.

Resolve any errors before attempting to install the agent.

Do not install the Datto Windows Agent on any system currently protected by the ShadowSnap Agent,
even if the ShadowSnap Agent is not present. Installing the Datto Windows Agent will start a new
backup chain for the protected system and will not continue your existing ShadowSnap chain

Before installing the Datto Windows Agent, disable or remove all other backup software from the
production machine. When uninstalling, use a high-level program that eliminates all traces of the
incompatible software, including registry keys, DLLs, and stray folders. These components can cause
conflicts.