Fortinet black logo

HA with Multiple Databases Deployment Guide

Home FortiClient 7.0.0 HA with Multiple Databases Deployment Guide
7.0.0
7.2.0
7.0.0

Configuring EMS HA

Configuring EMS HA

To configure EMS HA:
  1. Install SQL Server Management Studio (SSMS) on EMS-1 and EMS-2. This is necessary to create a SQL user later in the configuration process. It is also useful to test database connectivity prior to the installation.
  2. From any server that can connect to the newly created database, log in to the database using SSMS. Use the credentials that you configured in Configuring Microsoft SQL database clustering. The example also uses EMS-1 to test connectivity.
  3. Create a SQL user:
    1. In Object Explorer, right-click Logins, then select New Login.
    2. Select SQL Server authentication.
    3. Enter the desired password.
    4. Deselect Enforce password policy.
    5. On the Server Roles page, select sysadmin. Click OK.
  4. In Object Server, right-click the SQL server, then select Properties.
  5. On the Security page, under Server authentication, select SQL Server and Windows Authentication mode. Click OK.
  6. Do one of the following:
    1. In 7.0.8 and later versions, EMS does not rely on FILESTREAM for file synchronization between EMS nodes. Instead, it uses network share. If using 7.0.8 or a later version, install EMS by doing the following:
      1. Create and share a folder on the network on a third server that is not one of the EMS servers. This file share is used to share files between EMS nodes. All EMS nodes should be able to access the file share. The folder is created on a third server to ensure that if an EMS node becomes unreachable, access to shared resources is not lost. During EMS installation, the installer automatically mounts the file share as the W:\ drive. Ensure that the W:\ drive is free on all EMS nodes. You should not use an existing drive.
      2. On EMS-1, open Command Prompt as an administrator.
      3. Run the following command:

        FortiClientEndpointManagementServer_7.0.11.0584_x64.exe SQLServer=DBVIP SQLUser=emsha SQLUserPassword=123456789 InstallSQL=0 ScriptDB=1 FileStorageNic=\\Server\fileshare FileStorageNicUser=LAB\administrator FileStorageNicPass=Admin123! BackupDir=\\EMS-1\backup DBInitialSize=31MB DBInitialLogSize=4MB DBGrowth=11MB DBLogGrowth=11% DBLoginTimeout=31 DBQueryTimeout=61

        Parameter

        Description

        ScriptDB=1

        Specifies that this is the primary active server.

        BackupDir

        Configured to \\EMS-1\backup, which is a locally shared folder on EMS-1. EMS and the SQL service user must have read/write/modify permissions to this folder.

        FileStorageNic

        Fileshare path.

        FileStorageNicUser

        Username for account with read/write/modify permissions to the shared folder.

        FileStorageNicPass

        Password for account with read/write/modify permissions to the shared folder.

        The following is an example of the command when using a named SQL instance. In this example, the SQL instance is EMSNAMED: FortiClientEndpointManagementServer_7.0.11.0584_x64.exe SQLServer=DBVIP\EMSNAMED SQLUser=emsha SQLUserPassword=123456789 InstallSQL=0 ScriptDB=1 FileStorageNic=\\Server\fileshare FileStorageNicUser=LAB\administrator FileStorageNicPass=Admin123! BackupDir=\\EMS-1\backup DBInitialSize=31MB DBInitialLogSize=4MB DBGrowth=11MB DBLogGrowth=11% DBLoginTimeout=31 DBQueryTimeout=61

      4. On EMS-2, open Command Prompt as an administrator. Run the following command:
        Note

        You must use a unique backup directory for each EMS node. The following shows BackupDir values for an example HA configuration with one primary (EMS 1) and two secondary EMS nodes (EMS 2 and 3):

        • Primary (EMS 1): BackupDir=\\EMS-1\backup
        • Secondary (EMS 2): BackupDir=\\EMS-2\backup
        • Secondary (EMS 3): BackupDir=\\EMS-3\backup

        All EMS nodes share the same FileStorageNic.

        FortiClientEndpointManagementServer_7.0.11.0584_x64.exe SQLServer=DBVIP SQLUser=emsha SQLUserPassword=123456789 InstallSQL=0 ScriptDB=0 FileStorageNic=\\Server\fileshare FileStorageNicUser=LAB\administrator FileStorageNicPass=Admin123! BackupDir=\\EMS-2\backup DBInitialSize=31MB DBInitialLogSize=4MB DBGrowth=11MB DBLogGrowth=11% DBLoginTimeout=31 DBQueryTimeout=61

        Parameter

        Description

        ScriptDB=0

        Indicates the upgrade does not execute scripts to upgrade the database because you upgraded the database in step c.

        BackupDir

        Configured to \\EMS-2\backup, which is a locally shared folder on EMS-2. EMS and the SQL service user must have read/write/modify permissions to this folder.

        FileStorageNic

        Fileshare path.

        FileStorageNicUser

        Username for account with read/write/modify permissions to the shared folder.

        FileStorageNicPass

        Password for account with read/write/modify permissions to the shared folder.

        The following is an example of the command when using a named SQL instance. In this example, the SQL instance is EMSNAMED: FortiClientEndpointManagementServer_7.0.11.0584_x64.exe SQLServer=DBVIP\EMSNAMED SQLUser=emsha SQLUserPassword=123456789 InstallSQL=0 ScriptDB=0 FileStorageNic=\\Server\fileshare FileStorageNicUser=LAB\administrator FileStorageNicPass=Admin123! BackupDir=\\EMS-2\backup DBInitialSize=31MB DBInitialLogSize=4MB DBGrowth=11MB DBLogGrowth=11% DBLoginTimeout=31 DBQueryTimeout=61

    2. If using EMS 7.0.7 or an earlier version, install EMS on the EMS-1 and EMS-2 servers by doing the following:
      1. On EMS-1, open Command Prompt as an administrator. Run the following command. ScriptDB=1 indicates that this is the primary, active server. BackupDir is configured to \\EMS-1\backup, which is a locally shared folder on EMS-1. EMS and the SQL service user must have read/write/modify permissions to this folder:

        FortiClientEndpointManagementServer_7.0.7.0398_x64.exe SQLServer=DBVIP SQLUser=emsha SQLUserPassword=123456789 InstallSQL=0 ScriptDB=1 BackupDir=\\EMS-1\backup DBInitialSize=31MB DBInitialLogSize=4MB DBGrowth=11MB DBLogGrowth=11% DBLoginTimeout=31 DBQueryTimeout=61

        The following shows an example of the command when using a named SQL instance:

        FortiClientEndpointManagementServer_7.0.7.0398_x64.exe SQLServer=DBVIP\EMSNAMED SQLUser=emsha SQLUserPassword=admin InstallSQL=0 ScriptDB=1 BackupDir=\\EMS-1\backup DBInitialSize=31MB DBInitialLogSize=4MB DBGrowth=11MB DBLogGrowth=11% DBLoginTimeout=31 DBQueryTimeout=61

      2. On EMS-2, open Command Prompt as an administrator. Run the following command. ScriptDB=0 indicates the upgrade will not execute scripts to upgrade the database, because the database was upgraded in step a. BackupDir is configured to \\EMS-2\backup, which is a locally shared folder on EMS-2. EMS and the SQL service user must have read/write/modify permissions to this folder:
        Note

        You must use a unique backup directory for each EMS node. The following shows BackupDir values for an example HA configuration with one primary (EMS 1) and two secondary EMS nodes (EMS 2 and 3):

        • Primary (EMS 1): BackupDir=\\EMS-1\backup
        • Secondary (EMS 2): BackupDir=\\EMS-2\backup
        • Secondary (EMS 3): BackupDir=\\EMS-3\backup

        All EMS nodes share the same FileStorageNic.

        FortiClientEndpointManagementServer_7.0.7.0398_x64.exe SQLServer=DBVIP SQLUser=emsha SQLUserPassword=123456789 InstallSQL=0 ScriptDB=0 BackupDir=\\EMS-2\backup DBInitialSize=31MB DBInitialLogSize=4MB DBGrowth=11MB DBLogGrowth=11% DBLoginTimeout=31 DBQueryTimeout=611

        The following shows an example of the command when using a named SQL instance:

        FortiClientEndpointManagementServer_7.0.7.0398_x64.exe SQLServer=DBVIP\EMSNAMED SQLUser=emsha SQLUserPassword=admin InstallSQL=0 ScriptDB=0 BackupDir=\\EMS-2\backup DBInitialSize=31MB DBInitialLogSize=4MB DBGrowth=11MB DBLogGrowth=11% DBLoginTimeout=31 DBQueryTimeout=61

  7. Configure EMS:
    1. Log in to EMS on the primary server, EMS-1.
    2. Go to Dashboard > Status > License Information widget > Configure License.
    3. For License Source, select File Upload.
    4. Click Browse and locate the license key file.
    5. Click Upload. The license is automatically synchronized to EMS-2. You do not need to upload two licenses.

    6. Go to System Settings > EMS Settings. Enable Remote HTTPS access.
    7. In the FQDN field, enter the FQDN based on the A record that you created in Configuring AD and DNS settings. These settings will be synchronized to EMS-2.
  8. If desired, generate installers from EMS-1 to autopopulate the EMS server address. If you have a separate installer, enter the EMS FQDN when registering FortiClient to EMS.

  9. Stop EMS services on EMS-1 to test the failover.
Previous
Next

Configuring EMS HA

To configure EMS HA:
  1. Install SQL Server Management Studio (SSMS) on EMS-1 and EMS-2. This is necessary to create a SQL user later in the configuration process. It is also useful to test database connectivity prior to the installation.
  2. From any server that can connect to the newly created database, log in to the database using SSMS. Use the credentials that you configured in Configuring Microsoft SQL database clustering. The example also uses EMS-1 to test connectivity.
  3. Create a SQL user:
    1. In Object Explorer, right-click Logins, then select New Login.
    2. Select SQL Server authentication.
    3. Enter the desired password.
    4. Deselect Enforce password policy.
    5. On the Server Roles page, select sysadmin. Click OK.
  4. In Object Server, right-click the SQL server, then select Properties.
  5. On the Security page, under Server authentication, select SQL Server and Windows Authentication mode. Click OK.
  6. Do one of the following:
    1. In 7.0.8 and later versions, EMS does not rely on FILESTREAM for file synchronization between EMS nodes. Instead, it uses network share. If using 7.0.8 or a later version, install EMS by doing the following:
      1. Create and share a folder on the network on a third server that is not one of the EMS servers. This file share is used to share files between EMS nodes. All EMS nodes should be able to access the file share. The folder is created on a third server to ensure that if an EMS node becomes unreachable, access to shared resources is not lost. During EMS installation, the installer automatically mounts the file share as the W:\ drive. Ensure that the W:\ drive is free on all EMS nodes. You should not use an existing drive.
      2. On EMS-1, open Command Prompt as an administrator.
      3. Run the following command:

        FortiClientEndpointManagementServer_7.0.11.0584_x64.exe SQLServer=DBVIP SQLUser=emsha SQLUserPassword=123456789 InstallSQL=0 ScriptDB=1 FileStorageNic=\\Server\fileshare FileStorageNicUser=LAB\administrator FileStorageNicPass=Admin123! BackupDir=\\EMS-1\backup DBInitialSize=31MB DBInitialLogSize=4MB DBGrowth=11MB DBLogGrowth=11% DBLoginTimeout=31 DBQueryTimeout=61

        Parameter

        Description

        ScriptDB=1

        Specifies that this is the primary active server.

        BackupDir

        Configured to \\EMS-1\backup, which is a locally shared folder on EMS-1. EMS and the SQL service user must have read/write/modify permissions to this folder.

        FileStorageNic

        Fileshare path.

        FileStorageNicUser

        Username for account with read/write/modify permissions to the shared folder.

        FileStorageNicPass

        Password for account with read/write/modify permissions to the shared folder.

        The following is an example of the command when using a named SQL instance. In this example, the SQL instance is EMSNAMED: FortiClientEndpointManagementServer_7.0.11.0584_x64.exe SQLServer=DBVIP\EMSNAMED SQLUser=emsha SQLUserPassword=123456789 InstallSQL=0 ScriptDB=1 FileStorageNic=\\Server\fileshare FileStorageNicUser=LAB\administrator FileStorageNicPass=Admin123! BackupDir=\\EMS-1\backup DBInitialSize=31MB DBInitialLogSize=4MB DBGrowth=11MB DBLogGrowth=11% DBLoginTimeout=31 DBQueryTimeout=61

      4. On EMS-2, open Command Prompt as an administrator. Run the following command:
        Note

        You must use a unique backup directory for each EMS node. The following shows BackupDir values for an example HA configuration with one primary (EMS 1) and two secondary EMS nodes (EMS 2 and 3):

        • Primary (EMS 1): BackupDir=\\EMS-1\backup
        • Secondary (EMS 2): BackupDir=\\EMS-2\backup
        • Secondary (EMS 3): BackupDir=\\EMS-3\backup

        All EMS nodes share the same FileStorageNic.

        FortiClientEndpointManagementServer_7.0.11.0584_x64.exe SQLServer=DBVIP SQLUser=emsha SQLUserPassword=123456789 InstallSQL=0 ScriptDB=0 FileStorageNic=\\Server\fileshare FileStorageNicUser=LAB\administrator FileStorageNicPass=Admin123! BackupDir=\\EMS-2\backup DBInitialSize=31MB DBInitialLogSize=4MB DBGrowth=11MB DBLogGrowth=11% DBLoginTimeout=31 DBQueryTimeout=61

        Parameter

        Description

        ScriptDB=0

        Indicates the upgrade does not execute scripts to upgrade the database because you upgraded the database in step c.

        BackupDir

        Configured to \\EMS-2\backup, which is a locally shared folder on EMS-2. EMS and the SQL service user must have read/write/modify permissions to this folder.

        FileStorageNic

        Fileshare path.

        FileStorageNicUser

        Username for account with read/write/modify permissions to the shared folder.

        FileStorageNicPass

        Password for account with read/write/modify permissions to the shared folder.

        The following is an example of the command when using a named SQL instance. In this example, the SQL instance is EMSNAMED: FortiClientEndpointManagementServer_7.0.11.0584_x64.exe SQLServer=DBVIP\EMSNAMED SQLUser=emsha SQLUserPassword=123456789 InstallSQL=0 ScriptDB=0 FileStorageNic=\\Server\fileshare FileStorageNicUser=LAB\administrator FileStorageNicPass=Admin123! BackupDir=\\EMS-2\backup DBInitialSize=31MB DBInitialLogSize=4MB DBGrowth=11MB DBLogGrowth=11% DBLoginTimeout=31 DBQueryTimeout=61

    2. If using EMS 7.0.7 or an earlier version, install EMS on the EMS-1 and EMS-2 servers by doing the following:
      1. On EMS-1, open Command Prompt as an administrator. Run the following command. ScriptDB=1 indicates that this is the primary, active server. BackupDir is configured to \\EMS-1\backup, which is a locally shared folder on EMS-1. EMS and the SQL service user must have read/write/modify permissions to this folder:

        FortiClientEndpointManagementServer_7.0.7.0398_x64.exe SQLServer=DBVIP SQLUser=emsha SQLUserPassword=123456789 InstallSQL=0 ScriptDB=1 BackupDir=\\EMS-1\backup DBInitialSize=31MB DBInitialLogSize=4MB DBGrowth=11MB DBLogGrowth=11% DBLoginTimeout=31 DBQueryTimeout=61

        The following shows an example of the command when using a named SQL instance:

        FortiClientEndpointManagementServer_7.0.7.0398_x64.exe SQLServer=DBVIP\EMSNAMED SQLUser=emsha SQLUserPassword=admin InstallSQL=0 ScriptDB=1 BackupDir=\\EMS-1\backup DBInitialSize=31MB DBInitialLogSize=4MB DBGrowth=11MB DBLogGrowth=11% DBLoginTimeout=31 DBQueryTimeout=61

      2. On EMS-2, open Command Prompt as an administrator. Run the following command. ScriptDB=0 indicates the upgrade will not execute scripts to upgrade the database, because the database was upgraded in step a. BackupDir is configured to \\EMS-2\backup, which is a locally shared folder on EMS-2. EMS and the SQL service user must have read/write/modify permissions to this folder:
        Note

        You must use a unique backup directory for each EMS node. The following shows BackupDir values for an example HA configuration with one primary (EMS 1) and two secondary EMS nodes (EMS 2 and 3):

        • Primary (EMS 1): BackupDir=\\EMS-1\backup
        • Secondary (EMS 2): BackupDir=\\EMS-2\backup
        • Secondary (EMS 3): BackupDir=\\EMS-3\backup

        All EMS nodes share the same FileStorageNic.

        FortiClientEndpointManagementServer_7.0.7.0398_x64.exe SQLServer=DBVIP SQLUser=emsha SQLUserPassword=123456789 InstallSQL=0 ScriptDB=0 BackupDir=\\EMS-2\backup DBInitialSize=31MB DBInitialLogSize=4MB DBGrowth=11MB DBLogGrowth=11% DBLoginTimeout=31 DBQueryTimeout=611

        The following shows an example of the command when using a named SQL instance:

        FortiClientEndpointManagementServer_7.0.7.0398_x64.exe SQLServer=DBVIP\EMSNAMED SQLUser=emsha SQLUserPassword=admin InstallSQL=0 ScriptDB=0 BackupDir=\\EMS-2\backup DBInitialSize=31MB DBInitialLogSize=4MB DBGrowth=11MB DBLogGrowth=11% DBLoginTimeout=31 DBQueryTimeout=61

  7. Configure EMS:
    1. Log in to EMS on the primary server, EMS-1.
    2. Go to Dashboard > Status > License Information widget > Configure License.
    3. For License Source, select File Upload.
    4. Click Browse and locate the license key file.
    5. Click Upload. The license is automatically synchronized to EMS-2. You do not need to upload two licenses.

    6. Go to System Settings > EMS Settings. Enable Remote HTTPS access.
    7. In the FQDN field, enter the FQDN based on the A record that you created in Configuring AD and DNS settings. These settings will be synchronized to EMS-2.
  8. If desired, generate installers from EMS-1 to autopopulate the EMS server address. If you have a separate installer, enter the EMS FQDN when registering FortiClient to EMS.

  9. Stop EMS services on EMS-1 to test the failover.
Previous
Next