Hi Communitie
We are currently in the process of installing and configuring the PAM solution for a customer. At the architecture level, the solution is distributed in 2 data centers, geographically
located in different cities. For each data center there are 2 PAM Appliance, for a total of 4, which must be configured in high availability. The customer needs the balancing to be done by the PAM solution, but when
configuring the virtual ip the documentation indicates that both the VIP and the cluster members
must be under the same red segment therefore, VIP can not guarantee high availability and
replication of the solution. The customer additionally requires that the case of the failure of the devices of a data
center, the data center alternate ensure access and administration of the endpoints of managed
devices.As an alternative, i try to configure a second network card through the GB2 network
interface, but it does not respond to ping. I have some questions that I would like to help me solve: How can you establish high availability of the PAM solution between the 2 data centers? Can you configure another network card over the GB2 network interface? The attached image can give an idea of the architecture and the problem. Any idea about it is welcome
Hi Julian,
I see that you are using virtual appliances. Virtual appliances have some caveats when attempting to add network cards. Any network cards should be added BEFORE the first time you ever boot the system. Attempting to add another NIC after may cause catastrophic problems with PAM depending on your version. This is a actually related to the licensing control feature because PAM sees that the hardware has changed & assumes it has been tampered with. I believe the catastrophic results no longer happen in the 3.x branch, but the 2.x definitely still has this happen.
Please see this doc for more information on my statements:
Is it possible to add additional NIC cards to a virtual CA PAM appliance?
Related Documentation:
"NICs: One interface. Add extra required interfaces before initial boot."
Installation Requirements - CA Privileged Access Manager - 3.0.2 - CA Technologies Documentation
Hope this helps,
Christian Lutz
Support Engineer
CA Technologies - North Ameirca