cluster members - best practices for PAM CLUSTER

book

Article ID: 208405

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

PAM Admin currently has a multi-master cluster (version 3.3.x or 3.4.x) with 2 current member's.  Was wondering if they need to stop the cluster to add a 3rd?

 

Environment

Release : 3.3.x or 3.4.x

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

With PAM 3.3.x or 3.4.x - we introduced the concept of a quorum in our clustering technology.

Historically in old versions of PAM 3.2.x and below, when any member of the primary site went out of sync - you would have to stop the cluster and restart it - causing a temporary outage.

So if you currently have 2 members of your cluster in a good standing, you can always add a 3rd member in without bringing the cluster in.

On the 3rd member you would into the:

PAM UI >> Configuration >> Clustering

  • The first step would be making sure the Key is the same from the other members.
  • Than on the Global Settings -> select "Load Configuration from member" -> than enter the ip address for your primary master member.
  • After it loads -> go into Global Settings -> "Primary Site" -> and add this machine to the list and click save.
  • Than on the bottom, click "Save Config Locally"

After doing this, you than can click on "Subscribe to Active Cluster" -> which will add this server into the cluster without stopping it.