Whenever looking at a CA PAM appliance it may be good for the purpose of planning resources, to understand how Password Management Licenses usage is counted
CA Pivileges Access Management, all versions
Whenever a device is added to CA PAM, there is the possibility of checking whether it will be enabled for Password Management or not
Whenever this is done, an entry is created in the password management database so that each defined device with password management enabled (no matter how many target applications or target accounts are defined for it) will use one license.
There are however some devices which come predefined whenever a PAM appliance is installed and which correspond to objects required for managing connections to third party, integrations, etc, which, even though having Password Management enabled, will NOT use a license.
As of CA PAM 3.3.X and 3.4.X these are
nim.pam.ca.com
tap.ca.com
xceedium.aws.amazon.com
xceedium.nsx.vmware.com
ca.portal.azure.com
apikey.xceedium.com