How does CA PAM client install and update

book

Article ID: 208073

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

The CA PAM client is not much different than the common browser interface. Since most common web browsers no longer support the us of Java Applets the CA PAM client  became a more common way to use the product. The PAM Client is created using a customized Chromium Browser with local Java components to allow local access. Due to the updates required to maintain compatibility an update process is used to ensure the common components installed locally match the version from the PAM server it is connected to.

 

 

 

Environment

Release : 3.3

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

The general process of the way the CA PAM Client is installed an updated is as follows.  

 

When first connecting to the CA PAM server through a standard web browser at https://<IP or DNS Name of the CA PAM server>/ the initial login screen will appear. A link is provided to download the proper client based on the operating system detected through the browser.

 

 

When the download button is clicked it with generate the download from the defined download location which by default is an external cloud location  https://d21oi5tjuccwe.cloudfront.net/ca-pam/install/<OS>/<Client Install>  . All binaries are retrieved from an AWS Service called Cloudfront over HTTPS.

After The client is installed and launched and the connection to the CA PAM server has started the client version will either upgrade or downgrade to match the specific server build connected. This download will update the base client version by downloading from the specific appliance it is connected to.

The links below can provide greater details on the process.

 

 

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/3-4-1/deploying/deploy-the-ca-pam-client.html

 

 

Configure How the Client is Made Available

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/3-4-1/deploying/deploy-the-ca-pam-client/configure-how-the-client-is-made-available.html

 

Use a Private Delivery Network to Distribute the Client Installer

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/3-4-1/deploying/deploy-the-ca-pam-client/use-a-private-delivery-network-to-distribute-the-client-installer.html

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/3-4-1/deploying/deploy-the-ca-pam-client/configure-how-the-client-is-made-available.html

 

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/3-4-1/deploying/deploy-the-ca-pam-client.html

 

See  (Optional) Disable PAM Client Update Checking

 

 

Attachments