Configuring a separate network interface for PAM cluster traffic

book

Article ID: 102311

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction



What is the best practice to configure a CA PAM clustering network interface (for heartbeat and replication) . Would it be better to use a designated interface for it, like GB2, while all the production traffic is on GB1? 

Environment

Release:
Component: CAPAMX

Resolution

If it is sometimes desired to isolate the clustering/replication traffic and user traffic from each other. Whether or not that is necessary would depend on the organization's requirements and the load the users would put on the system. If the necessary resources are available then this should be done. The interface would have to be selected on the Config --> Clustering page.  If a PAM VM is used it would first be necessary to add the network interface to the VM.  The desired clustering interface would be selected on the Config --> Clustering --> Local Settings page, with the cluster down.  The interface selected must be the same on all cluster members.  It would also be necessary to insure that the users would not use the interface configured for clustering, either by not giving them the IP address or Fully Quallified Domain Name used by the clustering interface, and by making sure that any external load balancer not be configured to send users to that interface.