search cancel

Recommended AWS instance type for CA PAM

book

Article ID: 258283

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

According to

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/4-1-1/release-information/installation-requirements.html

AWS specifications vary by region and over time. We suggest an AWS instance type of C4.4xlarge for production. For evaluation or testing, an instance type of M3 Medium is sufficient.

But in case the instances are not meant for production, what other options are there?

Environment

CA PAM 3.4.X / 4.0.X and 4.1.X

Resolution

The minimum memory for PAM to run is 16 Gbyte and 8 cores. The core part is not so critical, even though having too few cores may lead to high CPU usage, slowness, etc,..so 8 is the minimum specification recommended

The memory bit is really much more critical.

PAM can  run with 16 Gbyte, but it is not advisable for any appliance which has to do some work (even if not production). 32 Gbyte would be recommended to avoid issues with memory exhaustion when doing many concurrent session recordings or large password rotation jobs.

Storage is in all cases recommended to be at least 80 Gbyte SSD

There are several instances of AWS which suppor these specifications. For instance:

https://aws.amazon.com/es/ec2/instance-types/m5/

type m5.2xlarge supports  8 CPU and 32 Gbyte, and r5.2xlarge  CPU and 64 Gbyte

https://aws.amazon.com/ec2/instance-types/r5/

Any of these could be used, but it must be taken into account that the network bandwidth in these cases is much lower than for the recommended type. This must be considered before departing from the recommended specification