PAM Admin currently has a multi-master cluster (version 3.3.x, 3.4.x, 4.0.x and 4.1.x) with 2 current member's (a quorum).  Was wondering if they need to stop the cluster to add a 3rd?

Release : 3.3.x , 3.4.x, 4.0.x and 4.1.x

Component : PRIVILEGED ACCESS MANAGEMENT

With PAM 3.3.x , 3.4.x, 4.0.x and 4.1.x  - we introduced the concept of a quorum in our clustering technology.

Historically in old versions of PAM 3.2.x and below, when any member of the primary site went out of sync - you would have to stop the cluster and restart it - causing a temporary outage.

So if you currently have 2 members of your cluster in a good standing, you can always add a 3rd member in without bringing the cluster in.

On the 3rd member you would into the:

PAM UI >> Configuration >> Clustering

• The first step would be making sure the Key is the same from the other members.
• Than on the Global Settings -> select "Load Configuration from member" -> than enter the ip address for your primary master member.
• After it loads -> go into Global Settings -> "Primary Site" -> and add this machine to the list and click save.
• Than on the bottom, click "Save Config Locally"

After doing this, you than can click on "Subscribe to Active Cluster" -> which will add this server into the cluster without stopping it.

Please see our documentation on quorums:

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/4-1-2/deploying/set-up-a-cluster/cluster-synchronization-promotion-and-recovery/primary-site-fault-tolerance.html