ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

cluster members - best practices for PAM CLUSTER


Article ID: 208405


Updated On:


CA Privileged Access Manager (PAM)


PAM Admin currently has a multi-master cluster (version 3.3.x or 3.4.x) with 2 current member's.  Was wondering if they need to stop the cluster to add a 3rd?



Release : 3.3.x or 3.4.x



With PAM 3.3.x or 3.4.x - we introduced the concept of a quorum in our clustering technology.

Historically in old versions of PAM 3.2.x and below, when any member of the primary site went out of sync - you would have to stop the cluster and restart it - causing a temporary outage.

So if you currently have 2 members of your cluster in a good standing, you can always add a 3rd member in without bringing the cluster in.

On the 3rd member you would into the:

PAM UI >> Configuration >> Clustering

  • The first step would be making sure the Key is the same from the other members.
  • Than on the Global Settings -> select "Load Configuration from member" -> than enter the ip address for your primary master member.
  • After it loads -> go into Global Settings -> "Primary Site" -> and add this machine to the list and click save.
  • Than on the bottom, click "Save Config Locally"

After doing this, you than can click on "Subscribe to Active Cluster" -> which will add this server into the cluster without stopping it.