Fortinet white logo
Fortinet white logo

EMS Administration Guide

Redundancy

Redundancy

The following describes redundancy or high availability (HA) options for EMS where endpoint information is synced between multiple EMS nodes running in active-passive HA mode. Consider a scenario where two EMS nodes, EMS A and EMS B, run in HA mode with EMS A as the primary node and EMS B as the secondary node. Both EMS nodes are connected to the same remote database server. Endpoints are connected to EMS A. If EMS A fails, EMS B is promoted to become the primary node, and endpoints automatically register to EMS B.

EMS HA mode supports configuring multiple EMS servers with one SQL Server. SQL Server should be running on a remote, separate Windows server. If you want to add database HA support, you can configure a SQL Server failover cluster. For EMS HA with SQL Server failover setup, see HA with Multiple Databases Deployment Guide. For EMS HA with always on SQL setup, see Always on HA in multisubnet environment..

This guide focuses on configuring HA for EMS services. It assumes that you have completed SQL Server failover cluster setup.

The example setup has two EMS nodes and one database server.

Note the following:

  • Sharing files between EMS nodes relies on network shares that different EMS nodes can access.
  • There are multiple ways to implement DNS and load balancing to handle EMS failover:

    Method

    Description

    DNS round robin or failover

    EMS running in HA mode must always configure a fully qualified domain name (FQDN), and FortiClient endpoints must point to a DNS server that has enabled DNS round robin or supports DNS failover, so that endpoints can always connect to the correct primary EMS server. Endpoint users must ensure that endpoints do not cache the DNS result for more than 30 seconds so that FortiClient can resolve the FQDN to the new primary EMS server with a new IP address in case EMS failover happens quickly.

    Load balancer (LB)

    DNS round robin configuration may cause Fortinet Security Fabric connector to send data to the failover node, which by design has all but the monitor FCEMS services off. This results in Fabric connection failure. To overcome this limitation, set up the Fabric connection using traffic manager or FortiGates as an LB. See Fabric connection setup using traffic manager and Fabric connection setup using FortiGate as an LB.

  • If logged in to an EMS server as a domain user, add the domain user to the local logon as a service. Otherwise, EMS services may not start up properly.
Caution

This configuration uses DNS round robin, which may cause Fabric connector connections to send data to the failover node, which by design has all but the monitor FCEMS services off. This causes the Fabric connection to drop.

To configure DNS round robin on the DNS server:

By configuring DNS round robin, you can configure load balancing by pointing the same hostname to multiple servers with different IP addresses in DNS.

  1. Open DNS Manager.
  2. Right-click the server name, then select Properties.
  3. On the Advanced tab, under Server options, click Enable round robin.
  4. Click Apply.

To configure SQL Server options on the remote database server:

The example uses SQL Server security login to connect to the remote database server to create the EMS database during EMS installation. You must enable certain SQL Server options before installing EMS.

If the SQL Server has multiple databases configured, ensure that each database listens on a different port.

  1. Open Microsoft SQL Server Management Studio (SSMS) as an administrator.
  2. CoIn the Object Explorer pane, select Connect > Database Engine.
  3. In the Connect to Server dialog, enter your credentials and connect to the database server.
  4. In the Object Explorer pane, right-click the server, then select Properties.
  5. In the Server Properties dialog, go to Security.
  6. Under Server authentication, select SQL Server and Windows Authentication mode.

  7. Create a SQL login user:
    1. Right-click Security, then select New > Login.
    2. In the Login name field, enter the desired username. In this example, the username is "cbreaux".
    3. Select SQL Server authentication.
    4. In the Password and Confirm password fields, enter the desired password. In this example, the password is "MyPassword".
    5. Disable Enforce password policy.
    6. Go to Server Roles.
    7. Select sysadmin, then click OK.
  8. On the EMS node, open SSMS and attempt to connect to the remote database with the SQL user that you created to ensure that the node can connect to the database server using the credentials.
To install EMS:

Joining EMS nodes to a domain is unnecessary, as you use a SQL user account to connect to the database instance on the remote SQL Server database server.

EMS 7.0.8 and later versions do not rely on FILESTREAM for file synchronization between EMS nodes. Instead, it uses network share. Install EMS:

  1. Create and share a folder on the network. This file share is used to share files between EMS nodes. All EMS nodes should be able to access the file share. During EMS installation, the installer mounts the file share as the W:\ drive. Ensure that the W:\ drive is free on all EMS nodes.
  2. On EMS-1, open Command Prompt as an administrator.
  3. Run the following command: FortiClientEndpointManagementServer_7.0.9.XXXX_x64.exe SQLServer= WIN-NDE5616TNC6 SQLUser= cbreaux SQLUserPassword=MyPassword InstallSQL=0 ScriptDB=1 FileStorageNic=\\Server\fileshare FileStorageNicUser=LAB\administrator FileStorageNicPass=Admin123! BackupDir=\\EMS-1\backup DBInitialSize=31MB DBInitialLogSize=4MB DBGrowth=11MB DBLogGrowth=11% DBLoginTimeout=31 DBQueryTimeout=61

    Parameter

    Description

    ScriptDB=1

    Specifies that this is the primary active server.

    BackupDir

    Configured to \\EMS-1\backup, which is a locally shared folder on EMS-1. EMS and the SQL service user must have read/write/modify permissions to this folder.

    FileStorageNic

    Fileshare path.

    FileStorageNicUser

    Username for account with read/write/modify permissions to the shared folder.

    FileStorageNicPass

    Password for account with read/write/modify permissions to the shared folder.

    The following is an example of the command when using a named SQL instance. In this example, the SQL instance is EMSNAMED: FortiClientEndpointManagementServer_7.0.9.XXXX_x64.exe SQLServer= WIN-NDE5616TNC6 \EMSNAMED SQLUser=cbreaux SQLUserPassword=MyPassword InstallSQL=0 ScriptDB=1 FileStorageNic=\\Server\fileshare FileStorageNicUser=LAB\administrator FileStorageNicPass=Admin123! BackupDir=\\EMS-1\backup DBInitialSize=31MB DBInitialLogSize=4MB DBGrowth=11MB DBLogGrowth=11% DBLoginTimeout=31 DBQueryTimeout=61

  4. On EMS-2, open Command Prompt as an administrator. Run the following command: FortiClientEndpointManagementServer_7.0.9.XXXX_x64.exe SQLServer= WIN-NDE5616TNC6 \EMSNAMED SQLUser=cbreaux SQLUserPassword=MyPassword InstallSQL=0 ScriptDB=0 FileStorageNic=\\Server\fileshare FileStorageNicUser=LAB\administrator FileStorageNicPass=Admin123! BackupDir=\\EMS-1\backup DBInitialSize=31MB DBInitialLogSize=4MB DBGrowth=11MB DBLogGrowth=11% DBLoginTimeout=31 DBQueryTimeout=61

    Parameter

    Description

    ScriptDB=0

    Indicates the upgrade does not execute scripts to upgrade the database because you upgraded the database in step 3.

    BackupDir

    Configured to \\EMS-2\backup, which is a locally shared folder on EMS-2. EMS and the SQL service user must have read/write/modify permissions to this folder.

    FileStorageNic

    Fileshare path.

    FileStorageNicUser

    Username for account with read/write/modify permissions to the shared folder.

    FileStorageNicPass

    Password for account with read/write/modify permissions to the shared folder.

    The following is an example of the command when using a named SQL instance. In this example, the SQL instance is EMSNAMED: FortiClientEndpointManagementServer_7.0.9.XXXX_x64.exe SQLServer=WIN-NDE5616TNC6\EMSNAMED SQLUser=cbreaux SQLUserPassword=MyPassword InstallSQL=0 ScriptDB=0 FileStorageNic=\\Server\fileshare FileStorageNicUser=LAB\administrator FileStorageNicPass=Admin123! BackupDir=\\EMS-2\backup DBInitialSize=31MB DBInitialLogSize=4MB DBGrowth=11MB DBLogGrowth=11% DBLoginTimeout=31 DBQueryTimeout=61

To configure EMS:
  1. On the primary node, log in to EMS.
  2. Go to System Settings > Server.
  3. Enable Use FQDN.
  4. In the FQDN field, enter the desired FQDN.

  5. Go to System Settings > EMS Settings. Configure the High Availability Keep Alive Internal field with a value between 5 and 30 seconds.
  6. Go to Dashboard > Status. Confirm that the System Information widget displays that EMS is running in HA mode. If running in HA mode, the widget also lists the HA primary and secondary nodes and their statuses.
  7. Update the EMS licensing:
    1. Go to License Information widget > Configure License.
    2. For License Source, select FortiCare.
    3. In the FortiCloud Account field, enter your FortiCloud account ID or email address.
    4. In the Password field, enter your FortiCloud account password.
    5. Click Login & Update License. Once your account information is authenticated, EMS updates the Configure License page with the serial number and license information that it retrieved from FortiCloud.

      EMS HA requires a single license for the primary node and the secondary node(s). You only need to add the license to the primary node.

    Note

    As this HA deployment uses DNS round robin, when you attempt to log in to EMS, you may be directed to the passive EMS. If this occurs, the browser displays ERR_CONNECTION_CLOSED. The login succeeds if DNS resolves the FQDN to the active EMS.

    To avoid this, you can log in to EMS using the EMS IP address instead of the FQDN if you can confirm which EMS is currently the primary node and no failover has occurred.

To validate the HA configuration:
  1. Go to Manage Installers > Deployment Packages. Create a deployment package to deploy FortiClient to endpoints. See Adding a FortiClient deployment package.
  2. On an endpoint, download the deployment package from the download link.
  3. Install FortiClient on the endpoint.
  4. Ensure that FortiClient can register to the EMS server successfully using the FQDN.
  5. Simulate HA by stopping FortiClient Endpoint Management Server Monitor Service on the primary node. Ensure that the secondary node is now the EMS primary server.
  6. Ensure that FortiClient can still register to the EMS server successfully using the FQDN.

To upgrade EMS in HA mode:
  1. Stop all services in all secondary EMS servers to avoid failover while the primary EMS server is upgrading.
  2. Upgrade the primary server while it is running.
  3. After successfully upgrading the primary server, upgrade the secondary EMS servers. If you have multiple secondary EMS servers, you can upgrade them one by one, or simultaneously.

Redundancy

Redundancy

The following describes redundancy or high availability (HA) options for EMS where endpoint information is synced between multiple EMS nodes running in active-passive HA mode. Consider a scenario where two EMS nodes, EMS A and EMS B, run in HA mode with EMS A as the primary node and EMS B as the secondary node. Both EMS nodes are connected to the same remote database server. Endpoints are connected to EMS A. If EMS A fails, EMS B is promoted to become the primary node, and endpoints automatically register to EMS B.

EMS HA mode supports configuring multiple EMS servers with one SQL Server. SQL Server should be running on a remote, separate Windows server. If you want to add database HA support, you can configure a SQL Server failover cluster. For EMS HA with SQL Server failover setup, see HA with Multiple Databases Deployment Guide. For EMS HA with always on SQL setup, see Always on HA in multisubnet environment..

This guide focuses on configuring HA for EMS services. It assumes that you have completed SQL Server failover cluster setup.

The example setup has two EMS nodes and one database server.

Note the following:

  • Sharing files between EMS nodes relies on network shares that different EMS nodes can access.
  • There are multiple ways to implement DNS and load balancing to handle EMS failover:

    Method

    Description

    DNS round robin or failover

    EMS running in HA mode must always configure a fully qualified domain name (FQDN), and FortiClient endpoints must point to a DNS server that has enabled DNS round robin or supports DNS failover, so that endpoints can always connect to the correct primary EMS server. Endpoint users must ensure that endpoints do not cache the DNS result for more than 30 seconds so that FortiClient can resolve the FQDN to the new primary EMS server with a new IP address in case EMS failover happens quickly.

    Load balancer (LB)

    DNS round robin configuration may cause Fortinet Security Fabric connector to send data to the failover node, which by design has all but the monitor FCEMS services off. This results in Fabric connection failure. To overcome this limitation, set up the Fabric connection using traffic manager or FortiGates as an LB. See Fabric connection setup using traffic manager and Fabric connection setup using FortiGate as an LB.

  • If logged in to an EMS server as a domain user, add the domain user to the local logon as a service. Otherwise, EMS services may not start up properly.
Caution

This configuration uses DNS round robin, which may cause Fabric connector connections to send data to the failover node, which by design has all but the monitor FCEMS services off. This causes the Fabric connection to drop.

To configure DNS round robin on the DNS server:

By configuring DNS round robin, you can configure load balancing by pointing the same hostname to multiple servers with different IP addresses in DNS.

  1. Open DNS Manager.
  2. Right-click the server name, then select Properties.
  3. On the Advanced tab, under Server options, click Enable round robin.
  4. Click Apply.

To configure SQL Server options on the remote database server:

The example uses SQL Server security login to connect to the remote database server to create the EMS database during EMS installation. You must enable certain SQL Server options before installing EMS.

If the SQL Server has multiple databases configured, ensure that each database listens on a different port.

  1. Open Microsoft SQL Server Management Studio (SSMS) as an administrator.
  2. CoIn the Object Explorer pane, select Connect > Database Engine.
  3. In the Connect to Server dialog, enter your credentials and connect to the database server.
  4. In the Object Explorer pane, right-click the server, then select Properties.
  5. In the Server Properties dialog, go to Security.
  6. Under Server authentication, select SQL Server and Windows Authentication mode.

  7. Create a SQL login user:
    1. Right-click Security, then select New > Login.
    2. In the Login name field, enter the desired username. In this example, the username is "cbreaux".
    3. Select SQL Server authentication.
    4. In the Password and Confirm password fields, enter the desired password. In this example, the password is "MyPassword".
    5. Disable Enforce password policy.
    6. Go to Server Roles.
    7. Select sysadmin, then click OK.
  8. On the EMS node, open SSMS and attempt to connect to the remote database with the SQL user that you created to ensure that the node can connect to the database server using the credentials.
To install EMS:

Joining EMS nodes to a domain is unnecessary, as you use a SQL user account to connect to the database instance on the remote SQL Server database server.

EMS 7.0.8 and later versions do not rely on FILESTREAM for file synchronization between EMS nodes. Instead, it uses network share. Install EMS:

  1. Create and share a folder on the network. This file share is used to share files between EMS nodes. All EMS nodes should be able to access the file share. During EMS installation, the installer mounts the file share as the W:\ drive. Ensure that the W:\ drive is free on all EMS nodes.
  2. On EMS-1, open Command Prompt as an administrator.
  3. Run the following command: FortiClientEndpointManagementServer_7.0.9.XXXX_x64.exe SQLServer= WIN-NDE5616TNC6 SQLUser= cbreaux SQLUserPassword=MyPassword InstallSQL=0 ScriptDB=1 FileStorageNic=\\Server\fileshare FileStorageNicUser=LAB\administrator FileStorageNicPass=Admin123! BackupDir=\\EMS-1\backup DBInitialSize=31MB DBInitialLogSize=4MB DBGrowth=11MB DBLogGrowth=11% DBLoginTimeout=31 DBQueryTimeout=61

    Parameter

    Description

    ScriptDB=1

    Specifies that this is the primary active server.

    BackupDir

    Configured to \\EMS-1\backup, which is a locally shared folder on EMS-1. EMS and the SQL service user must have read/write/modify permissions to this folder.

    FileStorageNic

    Fileshare path.

    FileStorageNicUser

    Username for account with read/write/modify permissions to the shared folder.

    FileStorageNicPass

    Password for account with read/write/modify permissions to the shared folder.

    The following is an example of the command when using a named SQL instance. In this example, the SQL instance is EMSNAMED: FortiClientEndpointManagementServer_7.0.9.XXXX_x64.exe SQLServer= WIN-NDE5616TNC6 \EMSNAMED SQLUser=cbreaux SQLUserPassword=MyPassword InstallSQL=0 ScriptDB=1 FileStorageNic=\\Server\fileshare FileStorageNicUser=LAB\administrator FileStorageNicPass=Admin123! BackupDir=\\EMS-1\backup DBInitialSize=31MB DBInitialLogSize=4MB DBGrowth=11MB DBLogGrowth=11% DBLoginTimeout=31 DBQueryTimeout=61

  4. On EMS-2, open Command Prompt as an administrator. Run the following command: FortiClientEndpointManagementServer_7.0.9.XXXX_x64.exe SQLServer= WIN-NDE5616TNC6 \EMSNAMED SQLUser=cbreaux SQLUserPassword=MyPassword InstallSQL=0 ScriptDB=0 FileStorageNic=\\Server\fileshare FileStorageNicUser=LAB\administrator FileStorageNicPass=Admin123! BackupDir=\\EMS-1\backup DBInitialSize=31MB DBInitialLogSize=4MB DBGrowth=11MB DBLogGrowth=11% DBLoginTimeout=31 DBQueryTimeout=61

    Parameter

    Description

    ScriptDB=0

    Indicates the upgrade does not execute scripts to upgrade the database because you upgraded the database in step 3.

    BackupDir

    Configured to \\EMS-2\backup, which is a locally shared folder on EMS-2. EMS and the SQL service user must have read/write/modify permissions to this folder.

    FileStorageNic

    Fileshare path.

    FileStorageNicUser

    Username for account with read/write/modify permissions to the shared folder.

    FileStorageNicPass

    Password for account with read/write/modify permissions to the shared folder.

    The following is an example of the command when using a named SQL instance. In this example, the SQL instance is EMSNAMED: FortiClientEndpointManagementServer_7.0.9.XXXX_x64.exe SQLServer=WIN-NDE5616TNC6\EMSNAMED SQLUser=cbreaux SQLUserPassword=MyPassword InstallSQL=0 ScriptDB=0 FileStorageNic=\\Server\fileshare FileStorageNicUser=LAB\administrator FileStorageNicPass=Admin123! BackupDir=\\EMS-2\backup DBInitialSize=31MB DBInitialLogSize=4MB DBGrowth=11MB DBLogGrowth=11% DBLoginTimeout=31 DBQueryTimeout=61

To configure EMS:
  1. On the primary node, log in to EMS.
  2. Go to System Settings > Server.
  3. Enable Use FQDN.
  4. In the FQDN field, enter the desired FQDN.

  5. Go to System Settings > EMS Settings. Configure the High Availability Keep Alive Internal field with a value between 5 and 30 seconds.
  6. Go to Dashboard > Status. Confirm that the System Information widget displays that EMS is running in HA mode. If running in HA mode, the widget also lists the HA primary and secondary nodes and their statuses.
  7. Update the EMS licensing:
    1. Go to License Information widget > Configure License.
    2. For License Source, select FortiCare.
    3. In the FortiCloud Account field, enter your FortiCloud account ID or email address.
    4. In the Password field, enter your FortiCloud account password.
    5. Click Login & Update License. Once your account information is authenticated, EMS updates the Configure License page with the serial number and license information that it retrieved from FortiCloud.

      EMS HA requires a single license for the primary node and the secondary node(s). You only need to add the license to the primary node.

    Note

    As this HA deployment uses DNS round robin, when you attempt to log in to EMS, you may be directed to the passive EMS. If this occurs, the browser displays ERR_CONNECTION_CLOSED. The login succeeds if DNS resolves the FQDN to the active EMS.

    To avoid this, you can log in to EMS using the EMS IP address instead of the FQDN if you can confirm which EMS is currently the primary node and no failover has occurred.

To validate the HA configuration:
  1. Go to Manage Installers > Deployment Packages. Create a deployment package to deploy FortiClient to endpoints. See Adding a FortiClient deployment package.
  2. On an endpoint, download the deployment package from the download link.
  3. Install FortiClient on the endpoint.
  4. Ensure that FortiClient can register to the EMS server successfully using the FQDN.
  5. Simulate HA by stopping FortiClient Endpoint Management Server Monitor Service on the primary node. Ensure that the secondary node is now the EMS primary server.
  6. Ensure that FortiClient can still register to the EMS server successfully using the FQDN.

To upgrade EMS in HA mode:
  1. Stop all services in all secondary EMS servers to avoid failover while the primary EMS server is upgrading.
  2. Upgrade the primary server while it is running.
  3. After successfully upgrading the primary server, upgrade the secondary EMS servers. If you have multiple secondary EMS servers, you can upgrade them one by one, or simultaneously.