Two Ivanti EPMM servers across two data centers

This example shows the simplest Ivanti EPMM High Availability (HA) Architecture with its related components.

Ivanti recommends to allow HTTPS traffic on port 8443 from the corporate network, limited to Ivanti applications only. This service is intended for EPMM server management and must have strictly controlled access.

Disable SSH protection on the Firewall when connecting between two Ivanti EPMM servers.

Figure 1. Two Ivanti EPMM servers across two data centers

The components in the diagram are:

  • One data center hosts the Primary Ivanti EPMM server.

  • A second, Disaster Recovery (DR), data center hosts the Secondary Ivanti EPMM server.

  • A Global Traffic Manager (GTM) or DNS or load balancer controls traffic to the Primary Ivanti EPMM server. This “traffic controller” monitors the health of the Primary and Secondary servers. When it detects the Primary has become unresponsive, it routes traffic to the Secondary.

  • The Secondary Ivanti EPMM server checks the status of the Primary through a process called “heartbeat”. This process is configured during HA Standby setup. This process detects if the Primary becomes unresponsive. When this happens it initiates the failover process. When a failover occurs, the Secondary attempts to become Primary, depending on what settings have been configured; it might stay as a Secondary or become Primary.

  • The Secondary periodically synchronizes with the Primary ensuring it has the latest changes as the Primary. The synchronization process frequency is configurable and is automated.

  • The ports used to communicate between servers are ports 8443, 443 and 22 as outlined in the diagram. This internal communication is essential for proper Ivanti EPMM HA operation.