Configure a Distributed Deployment

This procedure is a continuation of Step 7c from the FMOS Configuration Wizard topic.

To configure a distributed ecosystem deployment, complete the following steps.

The first server in a distributed ecosystem must always hold the database role. It can also hold the application server role, typically if it will be the only application server in the environment.

  1. Install the Database Server.
  2. On the Environment selection screen, select New Deployment.
  3. If the server will not hold the AS role, also select Database Only, and click OK.

After installation and deployment is complete, the DB will be running PostgreSQL, available for remote connections over TCP/IP secured by TLS.

  1. Install the Application Server.
  2. On the Environment selection screen, select Existing Deployment, and click OK.
  3. Confirm that the FQDN resolved to the correct IP address for the database server, and the PostgreSQL client can connect over TCP/IP with TLS.
  4. From the application server, run the command: fmos ecosystem join <DB FQDN>

The fmos ecosystem join command communicates with the FMOS Server Control Panel on the superior server of the new appliance (in this case, the database server), which provides the necessary configuration settings for the new appliance (the application server). The superior server must be specified as a command line argument, using the fully qualified domain name (FQDN).

  1. To ensure secure communication with the FMOS Control Panel on the superior server, the program may prompt for manual verification of the server’s HTTPS certificate. In this case, follow the provided on-screen prompts to verify the fingerprint of the certificate before continuing.

    If the certificate fingerprint shown does not match, DO NOT allow the command to continue. This is a sign that a man-in-the middle attack is in progress. Failure to verify the correct fingerprint can expose sensitive data to malicious parties. Follow the on-screen instructions to manually verify the certificate.

  2. You will be prompted to confirm the identity of the server (in this case, Application Server).

  3. You will be prompted for authentication credentials. Enter the username and password for an FMOS user on the remote server who holds the FireMon Administrator privilege.

  4. After retrieving the configuration from the superior server, the program will enable the selected roles and then deploy the new configuration. Once this process completes, the application server should be running.

  5. To add additional application servers, repeat the above steps. Install FMOS and on the Environment selection screen, select Existing Deployment, and then click OK. Then join the server to the environment use the fmos ecosystem join command, specifying the database server as the superior server.
  6. To add a data collector, install FMOS and on the Environment selection screen, select Existing Deployment, and then click OK.

  7. The fmos ecosystem join command is also used to add an appliance to the environment as a data collector. The appliance specified as the superior server must be a server that holds the AS role. The Data Collector role will be automatically selected for the new appliance.

  8. Data collectors require a system user account within SIP, the program will prompt for SIP credentials. Enter the username and password for an account that has write permissions granted for data collectors.

    Permissions are granted to users at the user group level. These settings are in Administration application > Access > User Groups.

  9. After retrieving the configuration from the superior server, the program will enable the selected roles and then deploy the new configuration. Once this process completes, the data collector server should be running.
  10. Run the command fmos health to confirm that all servers are running normally.