Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

EMS Administration Guide

Management capacity

FortiClient EMS is intended for enterprise use and has the capacity to manage a large number of endpoints.

Having at least 200 GB of disk space available is recommended.

You can use FortiClient EMS with SQL Server Express, Enterprise, or Standard. When managing more than 5000 endpoints, install SQL Server Enterprise or Standard instead of SQL Server Express, which the EMS installation installs by default. Otherwise, you may experience database deadlocks. See Installing FortiClient EMS to specify SQL Server Enterprise or Standard instance. The following table summarizes which SQL Server edition to use for different numbers of managed endpoints.

Number of managed endpoints

Required SQL Server edition

Other configuration notes

Up to 5000

Express. Optionally, you can use SQL Server Enterprise or Standard.

EMS and SQL Server can be installed on the same Windows Server machine, or two different Windows Server machines.

5000 to 10000

Enterprise or Standard

EMS and SQL Server can be installed on the same Windows Server machine, or two different Windows Server machines.

10000 to 20000

Enterprise or Standard

EMS and SQL Server can be installed on the same Windows Server machine, or two different Windows Server machines.

20000 to 30000

Enterprise or Standard

EMS and SQL Server can be installed on the same Windows Server machine, or two different Windows Server machines.

30000 to 40000

Enterprise or Standard

EMS and SQL Server can be installed on the same Windows Server machine, or two different Windows Server machines.

40000 to 50000

Enterprise or Standard

EMS and SQL Server can be installed on the same Windows Server machine, or two different Windows Server machines.

50000 to 75000

Enterprise or Standard

EMS and SQL Server must be installed on two different Windows Server machines.

The following are suggested host system hardware configurations for FortiClient EMS. The suggested configurations depend on the number of endpoints FortiClient EMS is managing.

The following table shows the configurations when EMS and SQL Server are running on the same Windows Server machine and EMS is not connected to a FortiGate:

Number of managed endpoints Number of virtual CPUs Memory (RAM) (in GB) Suggested keep alive interval
Up to 5000 6 8 Default (60 seconds)
5000 to 10000 8 10 Default (60 seconds)
10000 to 20000 14 12 120 seconds
20000 to 30000 16 14 120 seconds
30000 to 40000 18 16 120 seconds
40000 to 50000 20 18 120 seconds

The following table shows the configurations when EMS and SQL Server are running on different Windows Server machines and EMS is not connected to a FortiGate:

Number of managed endpoints

 

EMS server machine SQL server machine Suggested keep alive interval
Number of virtual CPUs Memory (RAM) (in GB) Number of virtual CPUs Memory (RAM) (in GB)
10000 to 20000 8 4 4 8 120 seconds
20000 to 30000 10 4 4 8 120 seconds
30000 to 40000 12 4 4 8 120 seconds
40000 to 50000 14 6 6 10 120 seconds
50000 to 75000 16 8 8 14 120 seconds

The following table shows the configurations when EMS and SQL Server are running on the same Windows Server machine and EMS is connected to up to 100 FortiGates and up to 20 Zero Trust tags are configured:

Number of managed endpoints Number of virtual CPUs Memory (RAM) (in GB) Suggested keep alive interval
Up to 5000 6 8 Default (60 seconds)
5000 to 10000 10 10 Default (60 seconds)
10000 to 20000 14 16 120 seconds
20000 to 30000 18 20 120 seconds
30000 to 40000 22 24 120 seconds
40000 to 50000 24 28 120 seconds

The following table shows the configurations when EMS and SQL Server are running on different Windows Server machines and EMS is connected to up to 100 FortiGates and up to 20 Zero Trust tags are configured:

Number of managed endpoints

 

EMS server machine SQL server machine Suggested keep alive interval
Number of virtual CPUs Memory (RAM) (in GB) Number of virtual CPUs Memory (RAM) (in GB)
10000 to 20000 4 4 10 10 120 seconds
20000 to 30000 4 4 14 16 120 seconds
30000 to 40000 6 6 22 20 120 seconds
40000 to 50000 8 6 26 26 120 seconds
50000 to 75000 8 6 28 30 120 seconds

75000 to 150000

12

10

56

60

180 seconds

The requirements listed for managing 50000 to 75000 endpoints are considered best practice, even when managing a smaller number of endpoints.

Management capacity

FortiClient EMS is intended for enterprise use and has the capacity to manage a large number of endpoints.

Having at least 200 GB of disk space available is recommended.

You can use FortiClient EMS with SQL Server Express, Enterprise, or Standard. When managing more than 5000 endpoints, install SQL Server Enterprise or Standard instead of SQL Server Express, which the EMS installation installs by default. Otherwise, you may experience database deadlocks. See Installing FortiClient EMS to specify SQL Server Enterprise or Standard instance. The following table summarizes which SQL Server edition to use for different numbers of managed endpoints.

Number of managed endpoints

Required SQL Server edition

Other configuration notes

Up to 5000

Express. Optionally, you can use SQL Server Enterprise or Standard.

EMS and SQL Server can be installed on the same Windows Server machine, or two different Windows Server machines.

5000 to 10000

Enterprise or Standard

EMS and SQL Server can be installed on the same Windows Server machine, or two different Windows Server machines.

10000 to 20000

Enterprise or Standard

EMS and SQL Server can be installed on the same Windows Server machine, or two different Windows Server machines.

20000 to 30000

Enterprise or Standard

EMS and SQL Server can be installed on the same Windows Server machine, or two different Windows Server machines.

30000 to 40000

Enterprise or Standard

EMS and SQL Server can be installed on the same Windows Server machine, or two different Windows Server machines.

40000 to 50000

Enterprise or Standard

EMS and SQL Server can be installed on the same Windows Server machine, or two different Windows Server machines.

50000 to 75000

Enterprise or Standard

EMS and SQL Server must be installed on two different Windows Server machines.

The following are suggested host system hardware configurations for FortiClient EMS. The suggested configurations depend on the number of endpoints FortiClient EMS is managing.

The following table shows the configurations when EMS and SQL Server are running on the same Windows Server machine and EMS is not connected to a FortiGate:

Number of managed endpoints Number of virtual CPUs Memory (RAM) (in GB) Suggested keep alive interval
Up to 5000 6 8 Default (60 seconds)
5000 to 10000 8 10 Default (60 seconds)
10000 to 20000 14 12 120 seconds
20000 to 30000 16 14 120 seconds
30000 to 40000 18 16 120 seconds
40000 to 50000 20 18 120 seconds

The following table shows the configurations when EMS and SQL Server are running on different Windows Server machines and EMS is not connected to a FortiGate:

Number of managed endpoints

 

EMS server machine SQL server machine Suggested keep alive interval
Number of virtual CPUs Memory (RAM) (in GB) Number of virtual CPUs Memory (RAM) (in GB)
10000 to 20000 8 4 4 8 120 seconds
20000 to 30000 10 4 4 8 120 seconds
30000 to 40000 12 4 4 8 120 seconds
40000 to 50000 14 6 6 10 120 seconds
50000 to 75000 16 8 8 14 120 seconds

The following table shows the configurations when EMS and SQL Server are running on the same Windows Server machine and EMS is connected to up to 100 FortiGates and up to 20 Zero Trust tags are configured:

Number of managed endpoints Number of virtual CPUs Memory (RAM) (in GB) Suggested keep alive interval
Up to 5000 6 8 Default (60 seconds)
5000 to 10000 10 10 Default (60 seconds)
10000 to 20000 14 16 120 seconds
20000 to 30000 18 20 120 seconds
30000 to 40000 22 24 120 seconds
40000 to 50000 24 28 120 seconds

The following table shows the configurations when EMS and SQL Server are running on different Windows Server machines and EMS is connected to up to 100 FortiGates and up to 20 Zero Trust tags are configured:

Number of managed endpoints

 

EMS server machine SQL server machine Suggested keep alive interval
Number of virtual CPUs Memory (RAM) (in GB) Number of virtual CPUs Memory (RAM) (in GB)
10000 to 20000 4 4 10 10 120 seconds
20000 to 30000 4 4 14 16 120 seconds
30000 to 40000 6 6 22 20 120 seconds
40000 to 50000 8 6 26 26 120 seconds
50000 to 75000 8 6 28 30 120 seconds

75000 to 150000

12

10

56

60

180 seconds

The requirements listed for managing 50000 to 75000 endpoints are considered best practice, even when managing a smaller number of endpoints.