[PAM] Cluster going out of sync

book

Article ID: 197324

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

PAM Virtual Appliance is clustered and running in cluster with multiple Sites located in different geographic location.

One of Secondary Site is failing to sync up for no reason.

 

Cause

When Virtual Appliance is hosted, it is usually forgetten that it is sharing resource with other competing Guest OS/Virtual Appliances.

When the VM Host Resources such as CPU/RAM/DISK/NETWORK are shared, they need to be responsive to Guest OS' requests but that is not always the case.

CPU: Transactions take longer time and experience timeouts, rejection and many unexpected results.

RAM: Performance will become slow or processes terminate unexpectedly.

DISK: Space - If the Storage runs out then the Guest OS may get corrupted and demonstrate unexpected results.

          Slow - Performance will become slow and processes terminate unexpectedly.

NETWORK: Transactions fail or timeout. Outage alerts and etc.

These are generic behaviors that you can commonly experience, not specific to PAM.

 

Guest OS is given resources but when actually trying to access they are not available and this would usually result in severe situation.

In this case, troubleshooting the Guest OS may only lead to confusion as nothing would make sense.

 

In case of PAM, this can result in all kinds of issues such as:

1. PAM fails to boot up

2. PAM boots up but unable to login

3. PAM Cluster fails to communicate with its members

4. Cluster sync fails

5. Unable to access target devices

6. PAM Menu fails to function (eg. create device does not work)

7. Unable to download logs.

8. etc

 

Environment

Release : ALL

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

In case if you are encountering severe issues, note down the time range when the issue started and have the VM team to check the time range for the Host Resources.