Fortinet black logo

Control Manager

Home FortiNAC 8.5.0 Control Manager

High availability

8.5.0
8.8.0
8.7.0
8.6.0
8.5.0
8.3.0
Copy Link
Copy Doc ID c0e495af-7299-11e9-81a4-00505692583a:484435
Download PDF

High availability

The FortiNAC High Availability solution consists of a common management process, supporting scripts, and configuration and monitoring options in the Admin user interface. High Availability can be used to ensure redundancy for FortiNAC Servers, FortiNAC Control Server and Application Server pairs, and FortiNAC Control Manager appliances.

The High Availability management process provides messaging between the primary and secondary appliances. The process mirrors critical information, controls services, and performs system maintenance functions on all appliances. The management process also manages and determines which server is in control. It starts the secondary appliances in the event of a failover.

Supporting scripts determine whether the database replication is working. These scripts are also used to restore the database and/or files from the secondary to the primary and restart the primary server.

Database synchronization is handled by MySql replication to provide complete data integrity. For additional information on the MySql replication see http://dev.mysql.com/doc/refman/4.1/en/replication.html.

The High Availability diagrams shown below define two possible High Availability configurations using FortiNAC Control Server and Application Server pairs. The first diagram illustrates the use of a shared IP address or host name that is moved between appliances during a failover and recovery. This provides the administrator with a single point of management access regardless of which appliance is in control. To use a shared IP address all of the appliances must be in the same subnet on the network. See HA configuration using a shared IP address (layer 2).

The second diagram displays a High Availability setup in which the appliance are on different subnets. To leverage High Availability with appliances on separate subnets do not include a shared IP as part of the High Availability configuration. If you are using a Control Server and Application Server pair and you are not using a shared IP address, during failover both appliances will failover to their corresponding secondary appliances regardless of which one actually failed. If you are using a shared IP address only the appliance that failed will failover to the secondary. See HA configuration with servers on different subnets (layer 3).

In a High Availability configuration eth1 on the server is disabled until that server is in control. For example, eth1 on the secondary server is disabled until the primary server fails over and the secondary takes control.

It is recommended that you use a Shared IP address in your High Availability configuration whenever possible. This prevents the Administrator from having to use separate IP Addresses to manage the servers that are in control and alleviates communication issues with the Persistent Agent.

If your Primary and Secondary servers are on different subnets, make sure that communication between the subnets is configured in advance.

FortiNAC control server and application server communication

Shared IP - same subnet

In a FortiNAC Control Server and FortiNAC Application Server configuration that uses a shared IP, the FortiNAC Application Server appliances are separate standbys from the FortiNAC Control Server appliances.

For example:

  • If the primary FortiNAC Control Server fails, the secondary FortiNAC Control Server communicates with whichever FortiNAC Application Server is in control (either the primary or the secondary).
  • If the primary FortiNAC Application Server fails, the primary FortiNAC Control Server communicates whichever FortiNAC Application Server is in control.

No shared IP - different subnets

In a FortiNAC Control Server and FortiNAC Application Server configuration that does not use a shared IP, the FortiNAC Application Server and FortiNAC Control Server appliances failover in pairs.

For example:

  • If the primary FortiNAC Control Server fails the primary FortiNAC Application server is also brought down and the Secondary pair of appliances take control.
  • If the primary FortiNAC Application Server fails, the primary FortiNAC Control Server is also brought down and the Secondary pair of appliances take control.

High availability diagrams

High availability terminology

Term

Definition

Primary

The active server or servers of the high availability pair that is in control by default. Sometimes referred to as the Master.

Secondary

The "backup" server or servers that takes control when the primary fails. Sometimes referred to as the Slave.

Management process

The process which manages and determines which server is in control.

Idle

High Availability state in which the management process is functional, but the secondary server will not take control even if connectivity is lost with the primary server.
Previous
Next

High availability

The FortiNAC High Availability solution consists of a common management process, supporting scripts, and configuration and monitoring options in the Admin user interface. High Availability can be used to ensure redundancy for FortiNAC Servers, FortiNAC Control Server and Application Server pairs, and FortiNAC Control Manager appliances.

The High Availability management process provides messaging between the primary and secondary appliances. The process mirrors critical information, controls services, and performs system maintenance functions on all appliances. The management process also manages and determines which server is in control. It starts the secondary appliances in the event of a failover.

Supporting scripts determine whether the database replication is working. These scripts are also used to restore the database and/or files from the secondary to the primary and restart the primary server.

Database synchronization is handled by MySql replication to provide complete data integrity. For additional information on the MySql replication see http://dev.mysql.com/doc/refman/4.1/en/replication.html.

The High Availability diagrams shown below define two possible High Availability configurations using FortiNAC Control Server and Application Server pairs. The first diagram illustrates the use of a shared IP address or host name that is moved between appliances during a failover and recovery. This provides the administrator with a single point of management access regardless of which appliance is in control. To use a shared IP address all of the appliances must be in the same subnet on the network. See HA configuration using a shared IP address (layer 2).

The second diagram displays a High Availability setup in which the appliance are on different subnets. To leverage High Availability with appliances on separate subnets do not include a shared IP as part of the High Availability configuration. If you are using a Control Server and Application Server pair and you are not using a shared IP address, during failover both appliances will failover to their corresponding secondary appliances regardless of which one actually failed. If you are using a shared IP address only the appliance that failed will failover to the secondary. See HA configuration with servers on different subnets (layer 3).

In a High Availability configuration eth1 on the server is disabled until that server is in control. For example, eth1 on the secondary server is disabled until the primary server fails over and the secondary takes control.

It is recommended that you use a Shared IP address in your High Availability configuration whenever possible. This prevents the Administrator from having to use separate IP Addresses to manage the servers that are in control and alleviates communication issues with the Persistent Agent.

If your Primary and Secondary servers are on different subnets, make sure that communication between the subnets is configured in advance.

FortiNAC control server and application server communication

Shared IP - same subnet

In a FortiNAC Control Server and FortiNAC Application Server configuration that uses a shared IP, the FortiNAC Application Server appliances are separate standbys from the FortiNAC Control Server appliances.

For example:

  • If the primary FortiNAC Control Server fails, the secondary FortiNAC Control Server communicates with whichever FortiNAC Application Server is in control (either the primary or the secondary).
  • If the primary FortiNAC Application Server fails, the primary FortiNAC Control Server communicates whichever FortiNAC Application Server is in control.

No shared IP - different subnets

In a FortiNAC Control Server and FortiNAC Application Server configuration that does not use a shared IP, the FortiNAC Application Server and FortiNAC Control Server appliances failover in pairs.

For example:

  • If the primary FortiNAC Control Server fails the primary FortiNAC Application server is also brought down and the Secondary pair of appliances take control.
  • If the primary FortiNAC Application Server fails, the primary FortiNAC Control Server is also brought down and the Secondary pair of appliances take control.

High availability diagrams

High availability terminology

Term

Definition

Primary

The active server or servers of the high availability pair that is in control by default. Sometimes referred to as the Master.

Secondary

The "backup" server or servers that takes control when the primary fails. Sometimes referred to as the Slave.

Management process

The process which manages and determines which server is in control.

Idle

High Availability state in which the management process is functional, but the secondary server will not take control even if connectivity is lost with the primary server.
Previous
Next