Two Ivanti EPMM servers and two Ivanti Sentry servers on one data center

The example in this section describes a typical Ivanti EPMM and Sentry High Availability Solution.

Ivanti recommends to allow HTTPS traffic on port 8443 from the corporate network, limited to Ivanti applications only. This service is intended for EPMM server management and must have strictly controlled access.

Figure 1. Two Ivanti EPMM servers and two Sentry servers on one data center

While the Sentry HA details are outside the scope of this document, it is used here to show a typical Ivanti EPMM complete HA solution architecture. For details about Sentry, please refer to the latest Ivanti Standalone Sentry Installation Guide.

The key components in this architecture include:

  • One data center hosting a pair of Ivanti EPMMs. This pair of Ivanti EPMMs is set up as Primary and Secondary. These two Ivanti EPMMs serve as the Ivanti EPMM High Availability solution. The Sentry setup serves the same purpose, but unlike the Ivanti EPMMs, they can be configured in Active/Active or Active/Standby configuration.

  • A DNS or load balancer that controls the traffic to the Primary Ivanti EPMM and Sentry. This “traffic controller” monitors the health of the other Ivanti EPMM and detects when the Primary becomes unresponsive and begins routing traffic to the Secondary Ivanti EPMM. This is how external traffic is controlled and routed to the Primary Ivanti EPMM.

  • The Secondary Ivanti EPMM checks the status of the Primary through a process called “heartbeat”. This process is configured during HA Standby setup. This process detects if the Primary becomes unresponsive. When this happens it initiates the failover process. When a failover occurs, the Secondary attempts to become Primary, depending on what settings have been configured; it might stay as a Secondary or become Primary.

  • The Secondary Ivanti EPMMs periodically synchronizes with its Primary Ivanti EPMM ensuring it has the latest changes as the Primary. The synchronization process frequency is configurable and it is automated.

  • The ports used to communicate between Ivanti EPMMs are ports 8443, 443 and 22 as outlined in the diagram. This intra-Ivanti EPMM communication is essential for proper Ivanti EPMM HA operation.