CA PAM is multisite clustered application which entails that CA PAM can failover service from problematic nodes within each site but there is no automatic failover from one site to another without using a thirdparty load balancer. The specific requirements and expected configuration should be considered when designing the architectural flow to allow for your desired results.
Release : 3.x, 4.x
Component : CA PAM
With CA PAM 3.3 and higher you should always be using 3 or more nodes in the primary cluster for a fault tolerant cluster. If you configure your cluster with only 2 nodes then you simply have a processing cluster where if either node is inaccessible the entire cluster is inaccessible and will require manual intervention. This is documented in the on-line manuals, please see "Primary Site Fault Tolerance" ( https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/4-0/deploying/set-up-a-cluster/cluster-synchronization-promotion-and-recovery/primary-site-fault-tolerance.html ) for more information
To configure a disaster recovery to handle an entire site level outage you will have to configure a CA PAM secondary site. You can have a single node in the secondary site which would receive updates from the primary site and can manually be started as the master server assuming the entire production site became importable, please review "Site Promotion Using Replication Analysis" ( https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/4-0/deploying/set-up-a-cluster/cluster-synchronization-promotion-and-recovery.html#concept.dita_f58a3e782c2b3c5b616dff2be1c3b751b73c276b_SitePromotionUsingReplicationAnalysis ) for more information. The concept of having at least one node in an offsite location is important to ensure quick recoverability for certain types of outages. If you choose to have more than one node in this site for this type of disaster recovery scenario then you should consider the possibility of using the disaster recovery location for the CA PAM primary site and have endusers connect only to the secondary site for normal daily operations. This idea is based on the following considerations.
Basically the health of the overall cluster depends on the health of the primary cluster site. If you only have a single CA PAM appliance set aside for disaster recovery then changing this may not be cost effective. If you do have several nodes provisioned simply for disaster recovery then it may be beneficial to consider changing your architecture to distribute the load. Before making any such changes you should evaluate your specific environment for any additional concerns this type of change may impact.