PAM VIP Address and third party load balancer
Article ID: 191323
Updated On:
Products
CA Privileged Access Manager (PAM)
Issue/Introduction
How can I access a PAM server cluster via a third party load balancer?
Should the PAM VIP be used?
Should the load balancer IP Address be the one set as PAM Cluster VIP?
What address has to be used in the PAM Clients or Web Browsers to access the PAM Cluster?
Should the PAM VIP be used?
Should the load balancer IP Address be the one set as PAM Cluster VIP?
What address has to be used in the PAM Clients or Web Browsers to access the PAM Cluster?
Environment
Product: Privileged Access Manager
Version: 3.x
Resolution
- When using a third party load balancer with PAM, the load balancer has to use its own IP address, which should be different from any of the PAM Cluster VIP addresses.
- Each PAM Cluster site has its own VIP Address which has to be defined as mentioned in the manuals, an IP address belonging to the same subnet as the PAM nodes in the site. These VIPs are used internally by the secondary sites to access the primary cluster site.
- To access the PAM cluster, the PAM Clients or Web Browsers must point to the third party load balancer IP address.
- The load balancer itself will be the one which will decide, based on their policies and rules, what PAM Cluster node will each PAM Client or web browser be redirected to.
Feedback
Yes
No
Powered by
