To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

how to create a redyndency for the PM server

Mohammed W/ Alumni Posts: 12 Security Scout

hi all


if I want to make a redundency for the Policy Manager Server !!

how to do this ??


so if a server fails (like hardware damadge) the other takes the role !??


kindly share only the guide lines and I will take care of the details,





  • Ben
    Ben W/ Alumni Posts: 664 Cybercrime Crusader

    We unfortunately don't have official guidelines to implement this kind of set-up.


    However in case of failure of PMS, client should fall back to our Update servers by default, to get virus definition updates.

    In addition you can take regular backups of the H2 database as advised in page 47 of the admin guide. This should allow for a quick restoration of an instance of your PMS, should a problem occur.

  • Mohammed
    Mohammed W/ Alumni Posts: 12 Security Scout

    thank you for your reply

  • Chu
    Chu W/ Alumni Posts: 49 Junior Protector

    Have one way (not officially) to create PM Server redundancy.


    Just create another PM Server and create a bat file to stop fsms service in the two or more servers (make a task to execute this bat file when dont have anyone using the PMS) and after this, sincronize  the main server to slaves servers (copy the folder from main server C:\Program Files (x86)\F-Secure\Management Server 5\data to all slave servers). After this, just restart the service.


    With this, you have two or more PMS syncronized at least once time per day. If the main server goes down, in the slave server, just put the same name and same IP of the main server.

  • Mohammed
    Mohammed W/ Alumni Posts: 12 Security Scout

    if I will use the same name and same IP address, that will make an issue when resolving arp cache !!


    because the mac address of them are different, and the mac table in the network switches will have a problem then !!





  • Chu
    Chu W/ Alumni Posts: 49 Junior Protector

    The redundancy where I showed its passive, not active-active (using the same IP address), you will just put the same name and IP address when the main server goes down.


    As the F-Secure Database is H2DB, maybe have a way to go inside the database and replicate to another server without stop fsms service.

  • Ben
    Ben W/ Alumni Posts: 664 Cybercrime Crusader

    There is unfortunately no perfect solution to make that redundancy happen.


    I think what Chu was providing was a workaround to automate the backup of the database as much as possible.


    A manual intervention in case of problem(active PM going down), will be however necessary. 

  • etomcat
    etomcat W/ Alumni Posts: 1,172 Firewall Master



    Another situation where redundancy / cluster synchronisation would be useful:


    A company has many laptops, running FSCS 11.60 (Standard Edition). Laptops often leave the corporate HQ and lose connection to the Windows-based PM 11.22, which is located on the company LAN.


    The officially encouraged solution would be to install VPN clients on all laptops and always have them connect into the company network via an encrypted tunnel through the public net, as long as they are outside the headquarters. However, this is an expensive solution, especially considering the VPN server-side appliance costs.


    Thus the company wishes to add a second server, running a Linux-based PM 10.43, to face the public net and maintain policy control over roaming laptops which are connecting to internet. (Many companies have a ban on any Windows servers facing the public net and demand the use of Un*x family solutions for such a dangerous task.)


    Thus, it would be nice, if two F-Secure PM servers, in this case one running on Linux and one on Windows, could automatically maintain syncronised coherency between their H2 databases or even act as a kind of cluster. Thus, the Linux-based PM server could be slaved to the Windows-based one.


    (Or the PM server of a filiale location could be slaved to the headquarters PM server. Some kind of a Super Policy Manager edition)


    Best regards: Tamas Feher, Hungary.

This discussion has been closed.