Configuring a separate network interface for PAM cluster traffic


Article ID: 102311


Updated On:


CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)


What is the best practice to configure a CA PAM clustering network interface (for heartbeat and replication) . Would it be better to use a designated interface for it, like GB2, while all the production traffic is on GB1? 


Component: CAPAMX


If it is sometimes desired to isolate the clustering/replication traffic and user traffic from each other. Whether or not that is necessary would depend on the organization's requirements and the load the users would put on the system. If the necessary resources are available then this should be done. The interface would have to be selected on the Config --> Clustering page.  If a PAM VM is used it would first be necessary to add the network interface to the VM.  The desired clustering interface would be selected on the Config --> Clustering --> Local Settings page, with the cluster down.  The interface selected must be the same on all cluster members.  It would also be necessary to insure that the users would not use the interface configured for clustering, either by not giving them the IP address or Fully Quallified Domain Name used by the clustering interface, and by making sure that any external load balancer not be configured to send users to that interface.