Fortinet black logo

AWS Deployment Guide

Home FortiADC Public Cloud AWS Deployment Guide

Deploying Autoscaling on AWS

Copy Link
Copy Doc ID d70417e9-ee00-11ed-8e6d-fa163e15d75b:348036
Download PDF

Deploying Autoscaling on AWS

You can deploy FortiADC virtual machines (VMs) to support Autoscaling on AWS. This requires a manual deployment incorporating AWS CloudFormation Templates (CFTs).

Multiple FortiADC-VM instances form an Autoscaling group (ASG) to provide highly efficient clustering at times of high workloads. FortiADC-VM instances can be scaled out automatically according to predefined workload levels. When a spike in traffic occurs, the Lambda script is invoked to automatically add FortiADC-VM instances to the ASG. Autoscaling is achieved by using FortiADC Cloud Autoscaling features such as system autoscale that synchronize operating system (OS) configurations across multiple FortiADC-VM instances at the time of scale-out events.

FortiADC Autoscale for AWS is available with FortiADC 7.2.0 and supports On-demand (PAYG) instances.

In this use case, you only need to configure on the primary FortiADC-VM, and the secondary FortiADC-VMs will automatically synchronize configurations.

FortiADC-VM Autoscale for AWS uses AWS CloudFormation Templates (CFTs) to deploy the following components:

  • A highly available architecture that spans two Availability Zones (AZs).

  • An Amazon Virtual Private Cloud (VPC) configured with public subnets according to AWS best practices, to provide you with your own virtual network on AWS.

  • An Internet gateway to allow access to the Internet.

  • In the public subnets, a FortiADC-VM host in an ASG complements AWS security groups to provide web filtering and threat detection to protect your services from cyber attacks.

  • An externally facing network load balancer is created as part of the deployment process.

  • An elastic IP to access the primary FortiADC-VM. When the primary role is transferred from one instance to another, the EIP will be associated with the new instance at the same time.

  • An Amazon API Gateway, which acts as a front door by providing a Callback URL for the FortiADC-VM ASG. FortiADC-VMs use the API Gateway to send API calls and to process FortiADC Autoscaling tasks to synchronize configurations across multiple FortiADC-VM instances at the time of the Autoscaling scale-out event. This is currently only for internal use. There is no public access available.

  • An AWS Lambda, which allows you to run certain scripts and code without provisioning servers. Fortinet provides Lambda scripts for running Autoscaling. Lambda functions are used to handle Autoscaling (launch/terminate instance based on the scale-out/scale-in policy), failover management (heartbeat check and primary election), CFT deployment, and configuration for other related components.

  • An Amazon DynamoDB database that uses Fortinet-provided scripts to store information about Autoscaling condition states, including the primary node and health check state of each FortiADC-VM in the ASG group.

Previous
Next

Deploying Autoscaling on AWS

You can deploy FortiADC virtual machines (VMs) to support Autoscaling on AWS. This requires a manual deployment incorporating AWS CloudFormation Templates (CFTs).

Multiple FortiADC-VM instances form an Autoscaling group (ASG) to provide highly efficient clustering at times of high workloads. FortiADC-VM instances can be scaled out automatically according to predefined workload levels. When a spike in traffic occurs, the Lambda script is invoked to automatically add FortiADC-VM instances to the ASG. Autoscaling is achieved by using FortiADC Cloud Autoscaling features such as system autoscale that synchronize operating system (OS) configurations across multiple FortiADC-VM instances at the time of scale-out events.

FortiADC Autoscale for AWS is available with FortiADC 7.2.0 and supports On-demand (PAYG) instances.

In this use case, you only need to configure on the primary FortiADC-VM, and the secondary FortiADC-VMs will automatically synchronize configurations.

FortiADC-VM Autoscale for AWS uses AWS CloudFormation Templates (CFTs) to deploy the following components:

  • A highly available architecture that spans two Availability Zones (AZs).

  • An Amazon Virtual Private Cloud (VPC) configured with public subnets according to AWS best practices, to provide you with your own virtual network on AWS.

  • An Internet gateway to allow access to the Internet.

  • In the public subnets, a FortiADC-VM host in an ASG complements AWS security groups to provide web filtering and threat detection to protect your services from cyber attacks.

  • An externally facing network load balancer is created as part of the deployment process.

  • An elastic IP to access the primary FortiADC-VM. When the primary role is transferred from one instance to another, the EIP will be associated with the new instance at the same time.

  • An Amazon API Gateway, which acts as a front door by providing a Callback URL for the FortiADC-VM ASG. FortiADC-VMs use the API Gateway to send API calls and to process FortiADC Autoscaling tasks to synchronize configurations across multiple FortiADC-VM instances at the time of the Autoscaling scale-out event. This is currently only for internal use. There is no public access available.

  • An AWS Lambda, which allows you to run certain scripts and code without provisioning servers. Fortinet provides Lambda scripts for running Autoscaling. Lambda functions are used to handle Autoscaling (launch/terminate instance based on the scale-out/scale-in policy), failover management (heartbeat check and primary election), CFT deployment, and configuration for other related components.

  • An Amazon DynamoDB database that uses Fortinet-provided scripts to store information about Autoscaling condition states, including the primary node and health check state of each FortiADC-VM in the ASG group.

Previous
Next