Three Ivanti EPMM servers across two data centers
This example shows high availability in the Main data center using a disaster recovery approach.
Ivanti recommends to allow HTTPS traffic on port 8443 from the corporate network, limited to Ivanti applications only. This service is intended for EPMM server management and must have strictly controlled access.
Ivanti recommends restricting access to port 22 or SSH from the internal corporate network only. This service is intended for Ivanti Standalone Sentry System Manager and must have strictly controlled access.
Figure 1. Three Ivanti EPMM servers across two data centers
This approach is typically used in environments where a main data center is expected to be always available and a Disaster Recovery data center is exclusively used as part of business continuity approach and typically requires manual intervention to bring online.
The key components in this architecture include:
-
A main data center hosting a pair of Ivanti EPMMs. This pair of Ivanti EPMMs is set up as Primary and Secondary. These two Ivanti EPMMs served as the main Ivanti EPMM High Availability solution. The third Ivanti EPMM serves as part of the Disaster Recovery (DR) configuration and it resides in the DR data center.
-
Another data center (Disaster recovery) hosting a third Ivanti EPMM in Secondary mode.
-
A Global Traffic Manager (GTM) or DNS or load balancer that controls the traffic to the Primary Ivanti EPMM. This “traffic controller” monitors the health of the other Ivanti EPMMs and detects when the Primary becomes unresponsive and begins routing traffic to the Secondary in the Main data center or DR data center in case of Main data center failure. This is how external traffic is controlled and routed to the Primary Ivanti EPMMs.
-
The Secondary Ivanti EPMM checks the status of the Primary through a process called “heartbeat”. This process is configured during HA Standby setup. This process detects if the Primary becomes unresponsive. When this happens it initiates the failover process. When a failover occurs, the Secondary attempts to become Primary, depending on what settings have been configured; it might stay as a Secondary or become Primary. In the case of the Ivanti EPMM located in the DR data center, it sees the Secondary in the Main data center as its Primary Ivanti EPMM and the failover process takes place between these two Ivanti EPMMs.
-
The Secondary Ivanti EPMMs periodically synchronizes with its paired Primary Ivanti EPMM, ensuring it has the latest changes as the Primary. The synchronization process frequency is configurable and is automated.
-
The ports used to communicate between Ivanti EPMMs are ports 8443, 443 and 22 as outlined in the diagram. This intra-Ivanti EPMM communication is essential for proper Ivanti EPMM HA operation.