ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Minimum configuration require before adding a new node into a PAM cluster

book

Article ID: 237787

calendar_today

Updated On:

Products

CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

Please define the minimum amount of configuration needed before adding a new appliance into a PAM cluster.

Environment

Release : 3.4.x ,  4.0.x

Component : Cluster 

Resolution

Described below is a list of the configuration items that are not sent or updated when an appliance is added to a cluster. If you are adding a new node your should consider all these prior to adding to the cluster to avoid needing to recycle the node or eject it from the cluster.

 

Required - All network and DNS settings should be set

Required - Add and confirm all licensing is set and matches the license defined in the existing cluster

 

Required - Ensure NTP is configured and working, (look for the condition sys.peer)

Required - Add and confirm the cluster certificate is set. (Depending on your exact configuration you may need to update all nodes in the cluster with a certificate that includes this new node in the SANS configuration)

Required - Upload any custom Branding Logo

    

Required - If using SAML for authentication Ensure at least the "Fully Qualified Hostname" and the "Certificate Key Pair" are set

 

Required - If you are using a sybase target account you will need to manually upload the sysbase jar file to the node which should be done prior to using

 

 

Recommended - While you can change the config user password after the node is added to the cluster it is suggested you ensure it is changed before adding to the cluster. Note after adding a new appliance to the cluster the super password is overwritten by the cluster, the config user password is not updated when adding to the cluster.

https://<NODE IP>/config    ( https://10.46.128.121/cspm/app/feature/app.html?feature=StandAloneConfig )

 

Attachments