HA using one SQL server
The following describes redundancy or high availability (HA) options for EMS where endpoint information is synced between multiple EMS nodes running in active-passive HA mode. Consider a scenario where two EMS nodes, EMS A and EMS B, run in HA mode with EMS A as the primary node and EMS B as the secondary node. Both EMS nodes are connected to the same remote database server. Endpoints are connected to EMS A. If EMS A fails, EMS B is promoted to become the primary node and endpoints automatically register to EMS B.
EMS HA mode supports configuring multiple EMS servers with one SQL Server. SQL Server should run on a remote, separate Windows server. To add database HA support, you can configure a SQL Server failover cluster. For EMS HA with SQL Server failover setup, see the HA with Multiple Databases Deployment Guide. For EMS HA with always on SQL setup, see Always on HA in multisubnet environment.
In this configuration, the data sync is at every level, with the exception of logs, which are on each EMS node.
EMS only has HA for active-passive (A-P) implementation. EMS does not support active-active HA.
The A-P mode defined for the EMS implementation has been tested and scoped as a failover mechanism and not as a disaster recovery (DR) mechanism. Failover comprises of a group of multiple EMS nodes configured in a datacenter or datacenter-adjacent, which implies that bandwidth and latency are not factors. For DR, the direct implication points to a topology that is likely geographically distant and not adjacent.
Failover is detected based in the keepalive (KA) interval value. When the primary node's last seen time is more than double the KA interval from the current time, an election takes place. During election, all the nodes "vote" with their KA values and EMS picks an "alive" server that has been "voted" as the new primary server. You can configure the KA interval in System Settings > EMS Settings > High Availability Keep Alive Interval. The default value is ten seconds.
This guide focuses on configuring HA for EMS services. It assumes that you have completed SQL Server failover cluster setup.
The example setup has two EMS nodes and one database server.
Note the following:
- Sharing files between EMS nodes relies on network shares that different EMS nodes can access.
- There are multiple ways to implement DNS and load balancing to handle EMS failover:
Method
Description
DNS failover
EMS running in HA mode must always configure a fully qualified domain name (FQDN), and FortiClient endpoints must point to a DNS server that has supports DNS failover, so that endpoints can always connect to the correct primary EMS server. Endpoint users must ensure that endpoints do not cache the DNS result for more than 30 seconds so that FortiClient can resolve the FQDN to the new primary EMS server with a new IP address in case EMS failover happens quickly.
Load balancer
Set up the Fabric connection using traffic manager or FortiGates as a load balancer. See Fabric connection setup using traffic manager and Fabric connection setup using FortiGate as a load balancer.
- If logged in to an EMS server as a domain user, add the domain user to the local logon as a service. Otherwise, EMS services may not start up properly.
- Recommended bandwidth for this configuration is 1 GB between the EMS nodes and the database.
- For required services and ports, see Required services and ports.
To set up the Fabric connection using traffic manager or FortiGates as a load balancer:
See Fabric connection setup using traffic manager and Fabric connection setup using FortiGate as a load balancer.
To configure SQL Server options on the remote database server:
The example uses SQL Server security login to connect to the remote database server to create the EMS database during EMS installation. You must enable certain SQL Server options before installing EMS.
If the SQL Server has multiple databases configured, ensure that each database is listening on a different port.
- Open Microsoft SQL Server Management Studio as an administrator.
- CoIn the Object Explorer pane, select Connect > Database Engine.
- In the Connect to Server dialog, enter your credentials and connect to the database server.
- In the Object Explorer pane, right-click the server, then select Properties.
- In the Server Properties dialog, go to Security.
- Under Server authentication, select SQL Server and Windows Authentication mode.
- Create a SQL login user:
- Right-click Security, then select New > Login.
- In the Login name field, enter the desired username. In this example, the username is "cbreaux".
- Select SQL Server authentication.
- In the Password and Confirm password fields, enter the desired password. In this example, the password is "MyPassword".
- Disable Enforce password policy.
- Go to Server Roles.
- Select sysadmin, then click OK.
- On the EMS node, open SQL Server Management Studio and attempt to connect to the remote database with the SQL user that you created to ensure that the node can connect to the database server using the credentials.
To install EMS:
Joining EMS nodes to a domain is unnecessary, as you use a SQL user account to connect to the database instance on the remote SQL Server database server.
You must issue and run the following commands in a single line with no newline character.
EMS 7.2 does not rely on FILESTREAM for file synchronization between EMS nodes. Instead, it uses network share. Install EMS:
- Create and share a folder on the network. This file share is used to share files between EMS nodes. All EMS nodes should be able to access the file share. During EMS installation, the installer mounts the file share as the W:\ drive. Ensure that the W:\ drive is free on all EMS nodes.
- On EMS-1, open Command Prompt as an administrator.
- Run the following command:
FortiClientEndpointManagementServer_7.2.0.0686_x64.exe SQLServer=WIN-NDE5616TNC6 SQLUser=cbreaux SQLUserPassword=MyPassword InstallSQL=0 ScriptDB=1 FileStorageNic=\\Server\fileshare FileStorageNicUser=LAB\administrator FileStorageNicPass=Admin123! BackupDir=\\EMS-1\backup DBInitialSize=31MB DBInitialLogSize=4MB DBGrowth=11MB DBLogGrowth=11% DBLoginTimeout=31 DBQueryTimeout=61
Parameter
Description
ScriptDB=1
Specifies that this is the primary active server.
BackupDir
Configured to
\\EMS-1\backup
, which is a locally shared folder on EMS-1. EMS and the SQL service user must have read/write/modify permissions to this folder.FileStorageNic
Fileshare path.
FileStorageNicUser
Username for account with read/write/modify permissions to the shared folder.
FileStorageNicPass
Password for account with read/write/modify permissions to the shared folder.
The following is an example of the command when using a named SQL instance. In this example, the SQL instance is EMSNAMED:
FortiClientEndpointManagementServer_7.2.0.0686_x64.exe SQLServer=WIN-NDE5616TNC6\EMSNAMED SQLUser=cbreaux SQLUserPassword=MyPassword InstallSQL=0 ScriptDB=1 FileStorageNic=\\Server\fileshare FileStorageNicUser=LAB\administrator FileStorageNicPass=Admin123! BackupDir=\\EMS-1\backup DBInitialSize=31MB DBInitialLogSize=4MB DBGrowth=11MB DBLogGrowth=11% DBLoginTimeout=31 DBQueryTimeout=61
- On EMS-2, open Command Prompt as an administrator. Run the following command:
FortiClientEndpointManagementServer_7.2.0.0686_x64.exe SQLServer=WIN-NDE5616TNC6\EMSNAMED SQLUser=cbreaux SQLUserPassword=MyPassword InstallSQL=0 ScriptDB=0 FileStorageNic=\\Server\fileshare FileStorageNicUser=LAB\administrator FileStorageNicPass=Admin123! BackupDir=\\EMS-2\backup DBInitialSize=31MB DBInitialLogSize=4MB DBGrowth=11MB DBLogGrowth=11% DBLoginTimeout=31 DBQueryTimeout=61
Parameter
Description
ScriptDB=0
Indicates the upgrade does not execute scripts to upgrade the database because you upgraded the database in step 3.
BackupDir
Configured to
\\EMS-2\backup
, which is a locally shared folder on EMS-2. EMS and the SQL service user must have read/write/modify permissions to this folder.FileStorageNic
Fileshare path.
FileStorageNicUser
Username for account with read/write/modify permissions to the shared folder.
FileStorageNicPass
Password for account with read/write/modify permissions to the shared folder.
The following is an example of the command when using a named SQL instance. In this example, the SQL instance is EMSNAMED:
FortiClientEndpointManagementServer_7.2.0.0686_x64.exe SQLServer=WIN-NDE5616TNC6\EMSNAMED SQLUser=cbreaux SQLUserPassword=MyPassword InstallSQL=0 ScriptDB=0 FileStorageNic=\\Server\fileshare FileStorageNicUser=LAB\administrator FileStorageNicPass=Admin123! BackupDir=\\EMS-2\backup DBInitialSize=31MB DBInitialLogSize=4MB DBGrowth=11MB DBLogGrowth=11% DBLoginTimeout=31 DBQueryTimeout=61
To configure EMS:
- On the primary node, log in to EMS.
- Go to System Settings > Server.
- Enable Use FQDN.
- In the FQDN field, enter the desired FQDN.
- Go to System Settings > EMS Settings. Configure the High Availability Keep Alive Internal field with a value between 5 and 30 seconds.
- Go to Dashboard > Status. Confirm that the System Information widget displays that EMS is running in HA mode. If running in HA mode, the widget also lists the HA primary and secondary nodes and their statuses.
- Update the EMS licensing:
- Go to License Information widget > Configure License.
- For License Source, select FortiCare.
- In the FortiCloud Account field, enter your FortiCloud account ID or email address.
- In the Password field, enter your FortiCloud account password.
- Click Login & Update License. Once your account information is authenticated, EMS updates the Configure License page with the serial number and license information that it retrieved from FortiCloud.
EMS HA requires a single license for the primary node and the secondary node(s). You only need to add the license to the primary node.
To validate the HA configuration:
- Go to Manage Installers > Deployment Packages. Create a deployment package to deploy FortiClient to endpoints. See Adding a FortiClient deployment package.
- On an endpoint, download the deployment package from the download link.
- Install FortiClient on the endpoint.
- Ensure that FortiClient can register to the EMS server successfully using the FQDN.
- Simulate HA by stopping FortiClient Endpoint Management Server Monitor Service on the primary node. Ensure that the secondary node is now the EMS primary server.
- Ensure that FortiClient can still register to the EMS server successfully using the FQDN.
To upgrade EMS in HA mode:
- Stop all services in all secondary EMS servers to avoid failover while the primary EMS server is upgrading.
- Upgrade the primary server while it is running.
- After successfully upgrading the primary server, upgrade the secondary EMS servers. If you have multiple secondary EMS servers, you can upgrade them one by one, or simultaneously.