The following describes redundancy or high availability (HA) options for EMS where endpoint information is synced between multiple EMS nodes running in active-passive HA mode. Consider a scenario where two EMS nodes, EMS A and EMS B, run in HA mode with EMS A as the primary node and EMS B as the secondary node. Both EMS nodes are connected to the same remote database server. Endpoints are connected to EMS A. If EMS A fails, EMS B is promoted to become the primary node, and endpoints automatically register to EMS B.
EMS HA mode supports configuring multiple EMS servers with one SQL Server. SQL Server should be running on a remote, separate Windows server. If you want to add database HA support, you can configure a SQL Server failover cluster. For SQL Server failover cluster setup, see Create a New Always On Failover Cluster Instance (Setup).
This guide focuses on configuring HA for EMS services. It assumes that you have completed SQL Server failover cluster setup as Create a New Always On Failover Cluster Instance (Setup) describes.
The example setup has two EMS nodes and one database server.
Note the following:
- For file synchronization between HA nodes, you must enable FILESTREAM on the SQL Server Database Engine instance. See Enable and configure FILESTREAM.
EMS running in HA mode must always configure a fully qualified domain name (FQDN), and FortiClient endpoints must point to a DNS server that has enabled DNS round robin or supports DNS failover, so that endpoints can always connect to the correct primary EMS server. Endpoint users must ensure that endpoints do not cache the DNS result for more than 30 seconds so that FortiClient can resolve the FQDN to the new primary EMS server with a new IP address in case EMS failover happens quickly.
- If logged in to an EMS server as a domain user, add the domain user to the local logon as a service. Otherwise, EMS services may not start up properly.
This configuration uses DNS round robin, which may cause endpoints and/or Fabric Connector connections to send data to the failover node, which by design has all but the monitor FCEMS services off. This causes FortiClient data to not reach the EMS database.
By configuring DNS round robin, you can configure load balancing by pointing the same hostname to multiple servers with different IP addresses in DNS.
- Open DNS Manager.
- Right-click the server name, then select Properties.
- On the Advanced tab, under Server options, click Enable round robin.
- Click Apply.
The example uses SQL Server security login to connect to the remote database server to create the EMS database during EMS installation. You must enable certain SQL Server options before installing EMS.
If the SQL Server has multiple databases configured, ensure that each database is listening on a different port.
- Open Microsoft SQL Server Management Studio as an administrator.
- CoIn the Object Explorer pane, select Connect > Database Engine.
- In the Connect to Server dialog, enter your credentials and connect to the database server.
- In the Object Explorer pane, right-click the server, then select Properties.
- In the Server Properties dialog, go to Security.
- Under Server authentication, select SQL Server and Windows Authentication mode.
- Create a SQL login user:
- Right-click Security, then select New > Login.
- In the Login name field, enter the desired username. In this example, the username is "cbreaux".
- Select SQL Server authentication.
- In the Password and Confirm password fields, enter the desired password. In this example, the password is "MyPassword".
- Disable Enforce password policy.
- Go to Server Roles.
- Select sysadmin, then click OK.
- On the EMS node, open SQL Server Management Studio and attempt to connect to the remote database with the SQL user that you created to ensure that the node can connect to the database server using the credentials.
Joining EMS nodes to a domain is unnecessary, as you will use a SQL user account to connect to the database instance on the remote SQL Server database server.
- Install EMS on the primary node by running the following command:
FortiClientEndpointManagementServer_7.0.3.0173_x64.exe SQLServer=WIN-NDE5616TNC6 SQLUser=cbreaux SQLUserPassword=MyPassword SQLPort=1445 InstallSQL=0 ScriptDB=1 BackupDir=\\EMSServer38\backup\ DBInitialSize=31MB DBInitialLogSize=4MB DBGrowth=11MB DBLogGrowth=11% DBLoginTimeout=31 DBQueryTimeout=61
In this command, the remote database server name is entered in the
SQLServerfield. This field also supports entering FQDNs.
ScriptDB=1indicates that this is the primary node.
BackUpDir=UNC_PATH\\backupindicates the shared backup directory on the local EMS server or any other accessible servers. The following lists requirements for the backup directory:
- The backup directory must not be on the remote database server.
- The backup directory must not be local to the SQL server, as SQL Server applies access control lists to the encryption key file and prevents Apache running on the other server to delete the key file.
- The SQL server should require at least write permissions to the backup directory. The EMS servers should have read/write permissions for the backup directory.
- The backup directory must be share accessible and writable by the SQL Server process user.
Ensure that you specify
SQLPortto match the database that you want to use for your EMS server.
After installation completes, all EMS services should be running. In HA, the FortiClient Endpoint Management Server Monitory Service can be considered as the heartbeat.
- Install EMS on the secondary node by running the following command:
FortiClientEndpointManagementServer_7.0.3.0173_x64.exe SQLServer=WIN-NDE5616TNC6 SQLUser=cbreaux SQLUserPassword=MyPassword SQLPort=1445 InstallSQL=0 ScriptDB=0 BackupDir=\\EMSServer38\backup\ DBInitialSize=31MB DBInitialLogSize=4MB DBGrowth=11MB DBLogGrowth=11% DBLoginTimeout=31 DBQueryTimeout=61
ScriptDB=0indicates that this is the secondary node.
After installation completes, only the FortiClient Endpoint Management Server Monitor Service and FortiClient Endpoint Management Server Apache Service should be running on the secondary node.
- On the primary node, log in to EMS.
- Go to System Settings > Server.
- Enable Use FQDN.
- In the FQDN field, enter the desired FQDN.
- Go to System Settings > EMS Settings. Configure the High Availability Keep Alive Internal field with a value between 5 and 30 seconds.
- Go to Dashboard > Status. Confirm that the System Information widget displays that EMS is running in HA mode. If running in HA mode, the widget also lists the HA primary and secondary nodes and their statuses.
- Update the EMS licensing:
- Go to License Information widget > Configure License.
- For License Source, select FortiCare.
- In the FortiCloud Account field, enter your FortiCloud account ID or email address.
- In the Password field, enter your FortiCloud account password.
- Click Login & Update License. Once your account information is authenticated, EMS updates the Configure License page with the serial number and license information that it retrieved from FortiCloud.
EMS HA requires a single license for the primary node and the secondary node(s). You only need to add the license to the primary node.
As this HA deployment uses DNS round robin, when you attempt to log in to EMS, you may be directed to the passive EMS. If this occurs, the browser displays ERR_CONNECTION_CLOSED. The login succeeds if DNS resolves the FQDN to the active EMS.
To avoid this, you can log in to EMS using the EMS IP address instead of the FQDN if you can confirm which EMS is currently the primary node and no failover has occurred.
- Go to Manage Installers > Deployment Packages. Create a deployment package to deploy FortiClient to endpoints. See Adding a FortiClient deployment package.
- On an endpoint, download the deployment package from the download link.
- Install FortiClient on the endpoint.
- Ensure that FortiClient can register to the EMS server successfully using the FQDN.
- Simulate HA by stopping FortiClient Endpoint Management Server Monitor Service on the primary node. Ensure that the secondary node is now the EMS primary server.
- Ensure that FortiClient can still register to the EMS server successfully using the FQDN.
- Stop all services in all secondary EMS servers to avoid failover while the primary EMS server is upgrading.
- Upgrade the primary server while it is running.
- After successfully upgrading the primary server, upgrade the secondary EMS servers. If you have multiple secondary EMS servers, you can upgrade them one by one, or simultaneously.