Fortinet black logo

FortiSIEM Reference Architecture Using ClickHouse

Home FortiSIEM 7.0.3 FortiSIEM Reference Architecture Using ClickHouse
7.0.3
7.1.6
7.1.5
7.1.4
7.1.3
7.1.2
7.1.1
7.1.0
7.0.3
7.0.2
7.0.1
7.0.0
6.7.9
6.7.8
6.7.7
6.7.6
6.7.5
6.7.4
6.7.3
6.7.2
6.7.1
6.7.0

SMB

SMB

SMB deployments are typically smaller and can consist of an all-in-one, or a small distributed solution.

The FortiSIEM all-in-one architecture is an easy to deploy, self-contained single server solution that is suitable for smaller deployments. In this architecture, only the FortiSIEM Supervisor node is deployed. It runs the GUI, the FortiSIEM application, the ClickHouse database with a single shard and no replicas, and the ClickHouse keeper processes.

SMBs requiring additional scalability to meet current or future capacity and performance requirements should use a small, distributed solution with a Supervisor and Worker node. The small additional overhead of an additional node provides significant benefits: the system is significantly more scalable; resilience is increased due to the worker hosting a second replica.

Collectors can be used with both architectures for remote site log collection, to offload log collection and performance monitoring from the Supervisor, and for agent log collection. Organizations should plan to deploy at least one Collector to assist with log collection, and to support FortiSIEM server agents.

Previous
Next

SMB

SMB deployments are typically smaller and can consist of an all-in-one, or a small distributed solution.

The FortiSIEM all-in-one architecture is an easy to deploy, self-contained single server solution that is suitable for smaller deployments. In this architecture, only the FortiSIEM Supervisor node is deployed. It runs the GUI, the FortiSIEM application, the ClickHouse database with a single shard and no replicas, and the ClickHouse keeper processes.

SMBs requiring additional scalability to meet current or future capacity and performance requirements should use a small, distributed solution with a Supervisor and Worker node. The small additional overhead of an additional node provides significant benefits: the system is significantly more scalable; resilience is increased due to the worker hosting a second replica.

Collectors can be used with both architectures for remote site log collection, to offload log collection and performance monitoring from the Supervisor, and for agent log collection. Organizations should plan to deploy at least one Collector to assist with log collection, and to support FortiSIEM server agents.

Previous
Next