Minimum configuration require before adding a new node into a PAM cluster
Article ID: 237787
Updated On: 10-19-2023
Products
Issue/Introduction
Please define the minimum amount of configuration needed before adding a new appliance into a PAM cluster.
Environment
Release : 3.4.x , 4.0.x
Component : Cluster
Resolution
Described below is a list of the configuration items that are not sent or updated when an appliance is added to a cluster. If you are adding a new node your should consider all these prior to adding to the cluster to avoid needing to recycle the node or eject it from the cluster.
Required - All network and DNS settings should be set
Required - Add and confirm all licensing is set and matches the license defined in the existing cluster
Required - Ensure NTP is configured and working, (look for the condition sys.peer)
Required - Add and confirm the cluster certificate is set. (Depending on your exact configuration you may need to update all nodes in the cluster with a certificate that includes this new node in the SANS configuration)
Required - Upload any custom Branding Logo
Required - If using SAML for authentication Ensure at least the "Fully Qualified Hostname" and the "Certificate Key Pair" are set
Required - If you are using a sybase target account you will need to manually upload the sysbase jar file to the node which should be done prior to using
Recommended - While you can change the config user password after the node is added to the cluster it is suggested you ensure it is changed before adding to the cluster. Note after adding a new appliance to the cluster the super password is overwritten by the cluster, the config user password is not updated when adding to the cluster.
https://<NODE IP>/config ( https://10.46.128.121/cspm/app/feature/app.html?feature=StandAloneConfig )
Feedback
