Fortinet black logo

HA with Multiple Databases Deployment Guide

Home FortiClient 7.0.0 HA with Multiple Databases Deployment Guide
7.0.0
7.2.0
7.0.0

SQL Server Failover Cluster Instances

SQL Server Failover Cluster Instances

This document provides information about deploying FortiClient EMS using high availability (HA). It aims to provide a step-by-step guide on EMS HA with some basic coverage of database clustering. There may be inaccuracies as regards to database clustering. This guide does not represent proper architecture design from a database clustering standpoint. Do not use this guide for database architecture design.

This deployment does not support SQL Server Express for SQL clustering.

The example deployment that this document describes uses the following components:

  • FortiClient EMS
  • FortiClient
  • Windows Server 2019 Standard Edition
  • Microsoft SQL Server 2017 Enterprise
  • Microsoft SQL Server Management Studio 18

Note the following:

  • For EMS 7.0.7 and earlier versions, you must enable FILESTREAM on the SQL Server Database Engine instance for file synchronization between HA nodes. See Enable and configure FILESTREAM.
  • For EMS 7.0.8 and later versions, sharing files between EMS nodes relies on network shares that different EMS nodes can access.
  • There are multiple ways to implement DNS and load balancing to handle EMS failover:

    Method

    Description

    DNS round robin or failover

    EMS running in HA mode must always configure a fully qualified domain name (FQDN), and FortiClient endpoints must point to a DNS server that has enabled DNS round robin or supports DNS failover, so that endpoints can always connect to the correct primary EMS server. Endpoint users must ensure that endpoints do not cache the DNS result for more than 30 seconds so that FortiClient can resolve the FQDN to the new primary EMS server with a new IP address in case EMS failover happens quickly.

    Load balancer

    DNS round robin configuration may cause Fortinet Security Fabric connector to send data to the failover node, which by design has all but the monitor FCEMS services off. This results in Fabric connection failure. To overcome this limitation, set up the Fabric connection using traffic manager or FortiGates as a load balancer.

  • If logged in to an EMS server as a domain user, add the domain user to the local logon as a service. Otherwise, EMS services may not start up properly.
Previous
Next

SQL Server Failover Cluster Instances

This document provides information about deploying FortiClient EMS using high availability (HA). It aims to provide a step-by-step guide on EMS HA with some basic coverage of database clustering. There may be inaccuracies as regards to database clustering. This guide does not represent proper architecture design from a database clustering standpoint. Do not use this guide for database architecture design.

This deployment does not support SQL Server Express for SQL clustering.

The example deployment that this document describes uses the following components:

  • FortiClient EMS
  • FortiClient
  • Windows Server 2019 Standard Edition
  • Microsoft SQL Server 2017 Enterprise
  • Microsoft SQL Server Management Studio 18

Note the following:

  • For EMS 7.0.7 and earlier versions, you must enable FILESTREAM on the SQL Server Database Engine instance for file synchronization between HA nodes. See Enable and configure FILESTREAM.
  • For EMS 7.0.8 and later versions, sharing files between EMS nodes relies on network shares that different EMS nodes can access.
  • There are multiple ways to implement DNS and load balancing to handle EMS failover:

    Method

    Description

    DNS round robin or failover

    EMS running in HA mode must always configure a fully qualified domain name (FQDN), and FortiClient endpoints must point to a DNS server that has enabled DNS round robin or supports DNS failover, so that endpoints can always connect to the correct primary EMS server. Endpoint users must ensure that endpoints do not cache the DNS result for more than 30 seconds so that FortiClient can resolve the FQDN to the new primary EMS server with a new IP address in case EMS failover happens quickly.

    Load balancer

    DNS round robin configuration may cause Fortinet Security Fabric connector to send data to the failover node, which by design has all but the monitor FCEMS services off. This results in Fabric connection failure. To overcome this limitation, set up the Fabric connection using traffic manager or FortiGates as a load balancer.

  • If logged in to an EMS server as a domain user, add the domain user to the local logon as a service. Otherwise, EMS services may not start up properly.
Previous
Next