aitcrajeev
New Member.
1233 views

Clustering inside PAM3.5(HA)

Hi There,

Can you please share a doc or a KB for Privileged Account Manager for clustering HA.

If the PAM server goes down it should move to another PAM server and user doesn't feel any changes and able to login to another PAM server.

Please let us know if it's feasible or not.
0 Likes
4 Replies
Micro Focus Expert
Micro Focus Expert

Re: Clustering inside PAM3.5(HA)

Would this be fore the User Console (/myaccess or /pam) or for the Administration Console?
0 Likes
aitcrajeev
New Member.

Re: Clustering inside PAM3.5(HA)

We would be needing for both Admin console(/pam) and User Console(/myaccess).
0 Likes
frankabhinav Super Contributor.
Super Contributor.

Re: Clustering inside PAM3.5(HA)

Hi There,

I am also looking for the same. Please guys help me out.
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Clustering inside PAM3.5(HA)

Both User and Admin Consoles would work when a user accesses the Managers behind a Load Balancer, configured as you see fit for either faulting over to alternate if one goes down, or just balancing load between them.

There is just one complication imo with Load Balancing the Admin Consoles from a single URL.. Changes to PAM Admin Consoles are routed to primary and replicated to Backups, so if the Primary were to go offline, it may not be initially obvious to the admin user accessing, since the URL would be the same in this case. So their changes would be made locally to some Backup Manager in this Load Balancing pool, which would be unable to route to Primary (since it's offline). Once primary is available again, then these changes would go through, but I see a potential issue here if the admin is unaware that the primary manager is down in the PAM infrastructure..

Also may need to consider Reporting Console access to particular Audit Zones since the Audit Managers would be holding the audits for their respective Audit Zones. So blindly Load Balancing all Admin Consoles to a single URL if you have multiple Audit Zones would be problematic in this case as well.

These are my only real concerns with Load-Balancing the Administration Console URL.

The internal PAM communications have the following Load Balancing and Failover design (accessing the Consoles via URL is up to your design approach):
https://www.netiq.com/documentation/privileged-account-manager-35/npam_admin/data/bjh0sq0.html
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.