Fortinet black logo

FortiSIEM Reference Architecture Using ClickHouse

Home FortiSIEM 6.7.0 FortiSIEM Reference Architecture Using ClickHouse
6.7.0
7.1.5
7.1.4
7.1.3
7.1.2
7.1.1
7.1.0
7.0.3
7.0.2
7.0.1
7.0.0
6.7.9
6.7.8
6.7.7
6.7.6
6.7.5
6.7.4
6.7.3
6.7.2
6.7.1
6.7.0

Small, Non-Resilient Deployments

Small, Non-Resilient Deployments

In a small, non-resilient, single server deployment, all FortiSIEM and ClickHouse processes run on the Supervisor, which contains a single shard with no replicas. Collectors are often deployed to improve scalability and flexibility, and to support FortiSIEM agents, but are not mandatory for basic operation. The basic topology typically looks like this:

If smaller deployments require data resilience, they should deploy additional worker nodes to host replicas as described in the following Medium and Large Deployments with Replicas section.

Previous
Next

Small, Non-Resilient Deployments

In a small, non-resilient, single server deployment, all FortiSIEM and ClickHouse processes run on the Supervisor, which contains a single shard with no replicas. Collectors are often deployed to improve scalability and flexibility, and to support FortiSIEM agents, but are not mandatory for basic operation. The basic topology typically looks like this:

If smaller deployments require data resilience, they should deploy additional worker nodes to host replicas as described in the following Medium and Large Deployments with Replicas section.

Previous
Next