Deploying auto scaling on AWS
You can deploy FortiWeb-VM to support auto scaling on AWS. This requires a manual deployment incorporating CFT.
Multiple FortiWeb-VM instances can form an auto scaling group (ASG) to provide highly efficient clustering at times of high workloads. FortiWeb-VM instances can be scaled out automatically according to predefined workload levels. When a spike in traffic occurs, the Lambda script is invoked to scale out the ASG by automatically adding FortiWeb-VM instances. Auto scaling is achieved by using FortiWeb-native HA features such as manager mode, which synchronizes configurations across multiple FortiWeb-VM instances at the time of scale-out events.
This auto scaling feature is available with FortiWeb 6.1.1 and later versions for on-demand instances. BYOL instance support is planned for a later time.
Before you deploy FortiWeb-VM auto scaling on AWS, it is recommended that you become familiar with the following AWS services. If you are new to AWS, see Getting Started.
- Amazon Elastic Cloud Compute (Amazon EC2)
- Amazon EC2 Auto Scaling
- Amazon VPC
- AWS CloudFormation
- AWS Lambda
- Amazon DynamoDB
- Amazon API Gateway
- Amazon CloudWatch
- Amazon S3
It is expected that DevOps engineers or advanced system administrators who are familiar with the area will deploy auto scaling.
FortiWeb-VM auto scaling uses AWS CFT to set up the following:
- A highly available architecture that spans two AZs
- A VPC configured with public subnets
- An Internet gateway to allow access to the Internet
- In the public subnets, a FortiWeb-VM host in an ASG compliments AWS security groups to provide web filtering and threat detection to protect your services from cyber attacks
- An externally facing network load balancer is created as part of the deployment process.
- An elastic IP to access the master FortiWeb-VM. When the master role is transferred from one instance to another, the EIP will be associated with the new instance at the same time.
- Amazon API Gateway, which acts as a front door by providing a callback URL for the FortiWeb-VM ASG. FortiWeb-VMs use API Gateway to send API calls and to process FortiWeb config-sync tasks to synchronize configuration across multiple FortiWeb-VM instances at the time of the auto scaling scale-out event. This is currently only for internal use. There is no public access available.
- AWS Lambda, which allows you to run certain scripts and code without provisioning servers. Fortinet provides Lambda scripts for running auto scaling. Lambda functions are used to handle auto scaling, failover management, CFT deployment, and configuration for other related components.
- An Amazon DynamoDB database that uses Fortinet-provided scripts to store information about auto scaling condition states.