Installing FortiClient EMS to specify SQL Server Enterprise or Standard instance
If you use SQL Server Enterprise or Standard with FortiClient EMS, you must install FortiClient EMS using the CLI to specify the correct SQL Server instance. Ensure you have already installed and configured SQL Server Enterprise or Standard.
For FortiClient EMS installation CLI option descriptions, see Installing FortiClient EMS using the CLI.
The following SQL permissions are required when using a local or remote database:
- CONTROL SERVER permission on the server. See BACKUP SERVICE MASTER KEY (Transact-SQL).
- Membership in the sysadmin fixed server role or the db_owner fixed database role. See DBCC SHRINKFILE (Transact-SQL).
- BACKUP DATABASE and BACKUP LOG permissions, which default to members of the sysadmin fixed server role and the db_owner and db_backupoperator fixed database roles. See BACKUP (Transact-SQL).
Local existing database
This section lists the CLI commands for when FortiClient EMS and SQL Server Enterprise or Standard are installed on the same machine.
Database type |
Command |
---|---|
Local default instance using SQL authentication |
FortiClientEndpointManagement_7.0.10.XXXX_x64.exe SQLUser=<username> SQLUserPassword=<password> InstallSQL=0 ScriptDB=1 SQLServerInstance= SQLService=<instance_name> SQLCmdlineOptions="/INSTANCENAME=" DBInitialSize=31MB DBInitialLogSize=4MB DBGrowth=11MB DBLogGrowth=11% DBLoginTimeout=31 DBQueryTimeout=61 |
Local default instance using local Windows authentication |
FortiClientEndpointManagement_7.0.10.XXXX_x64.exe SQLServerInstance= SQLService=<instance_name> SQLCmdlineOptions="/INSTANCENAME=" InstallSQL=0 ScriptDB=1 |
Local named instance using SQL authentication |
FortiClientEndpointManagement_7.0.10.XXXX_x64.exe SQLUser=<username> SQLUserPassword=<password> InstallSQL=0 ScriptDB=1 SQLServerInstance=<instance_name> SQLService=mssql$<instance_name> SQLCmdlineOptions="/INSTANCENAME=<instance_name>" |
Local named instance using local Windows authentication |
FortiClientEndpointManagement_7.0.10.XXXX_x64.exe SQLServerInstance=<instance_name> SQLService=mssql$<instance_name> SQLCmdlineOptions="/INSTANCENAME=<instance_name>" InstallSQL=0 ScriptDB=1 |
For example, consider installing FortiClient EMS and pointing to a local instance with the following attributes:
- Named "database000"
- Using SQL authentication
- SQL username "janedoe"
- SQL password "password123"
- Database initial size of 31 MB
- Database initial log size of 4 MB
- Database growth rate of 11 MB
- Database log growth rate of 11%
- Database login timeout of 31 seconds
- Database SQL query timeout of 61 seconds
The installation command for this example is as follows:
FortiClientEndpointManagement_7.0.10.XXXX_x64.exe SQLUser=janedoe SQLUserPassword=password123 InstallSQL=0 ScriptDB=1 SQLServerInstance=database000 SQLService=mssql$database000 SQLCmdlineOptions="/INSTANCENAME=database000" DBInitialSize=31MB DBInitialLogSize=4MB DBGrowth=11MB DBLogGrowth=11% DBLoginTimeout=31 DBQueryTimeout=61
Remote existing database
If you are using a separately set up remote SQL server, you must set the recovery mode to simple instead of full.
To create a backup directory:
Prior to installing FortiClient EMS, create a backup directory on the EMS server. The SQL Server service that is running on the EMS server and the Apache service that is running on the databaser server must both be able to access the backup directory. You must configure the backup directory as a subdirectory of a shared directory. The backup directory should be on the EMS server, not the SQL server.
- On the EMS server, create a shared directory.
- Create a backup directory inside the shared directory that you created.
- Right-click the shared directory and select Properties.
- On the Security tab, ensure all users have full control of the directory.
- On the Sharing tab, go to Advanced Sharing > Permissions.
- Ensure the following permissions are configured:
- Services on the SQL server host have Change permissions.
- Windows user that the services are running under has Change permissions.
Installation commands for remote existing databases
For remote instances using Windows authentication (domain user), do the following:
- Join the EMS and database servers to the same domain.
- Create a database user that maps to the domain user.
- In Command Prompt on the EMS server, run
gpedit
to open the Local Group Policy Editor. - In Local Group Policy Editor, go to Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment.
- Double-click the Log on as a service. In the dialog, add the desired username from the Active Directory domain.
Database type |
Command |
---|---|
Remote default or named instance using SQL authentication |
FortiClientEndpointManagementServer_7.0.10.XXXX_x64.exe SQLServer=<SQL_Server_name> SQLUser=<username> SQLUserPassword=<SQL password> InstallSQL=0 ScriptDB=1 BackupDir=\\WIN-0888\Backup DB InitialSize=31MB DBInitialLogSize=4MB DBGrowth=11MB DBLogGrowth=11% DBLoginTimeout=31 DBQueryTimeout=61 |
Remote default or named instance using Windows authentication (domain user) |
FortiClientEndpointManagement_7.0.10.XXXX_x64.exe SQLServer=<SQL_Server_name> WindowsUser=<domain name>\<username> WindowsUserPassword=<password> InstallSQL=0 ScriptDB=1 BackupDir=<backupdirectorypath> DBInitialSize=31MB DBInitialLogSize=4MB DBGrowth=11MB DBLogGrowth=11% DBLoginTimeout=31 DBQueryTimeout=61 |
During an installation using a remote database with Windows authentication, you must ensure that the Windows user running the installer can access the SQL database server, as the installer uses the current logged in Windows user to set up the database and instructs services to use the user provided in the WindowsUser
field to run. After installation completes, only EMS services use the user provided in the WindowsUser
field.
For example, consider installing FortiClient EMS and pointing to a remote named instance with the following attributes:
- On a computer with DNS name WIN-088
- Using Windows authentication
- Domain name "forticlient.ca"
- Database initial size of 31 MB
- Database initial log size of 4 MB
- Database growth rate of 11 MB
- Database log growth rate of 11%
- Database login timeout of 31 seconds
- Database SQL query timeout of 61 seconds
- Backup directory of \\WIN-0888\Backup
The installation command for this example is as follows. This example also includes the optional SQLEncryptConnection
option:
FortiClientEndpointManagement_7.0.10.XXXX_x64.exe SQLServer=WIN-0888 WindowsUser=forticlient.ca\janedoe WindowsUserPassword=password123 InstallSQL=0 ScriptDB=1 BackupDir=\\WIN-0888\Backup SQLEncryptConnection=no DBInitialSize=31MB DBInitialLogSize=4MB DBGrowth=11MB DBLogGrowth=11% DBLoginTimeout=31 DBQueryTimeout=61