Symantec Privileged Access Management

  • 1.  AWS clustering

    Posted Jan 26, 2018 05:52 AM

    1. It is documented that the members of a CA Privileged Access Manager synchronization cluster that is created within AWS must be located within the same AWS VPC subnet. So in this case it is not possible to have the active-active synchronization cluster in different availability zone meaning the primary node of A-A sync cluster in one availability zone and secondary node of the A-A sync cluster on different availability zone since the subnets cannot span across availability zones?

     

    2. having only two instances purchased in the above case we can only have a multi site cluster spread across two availability zones: one instance in the primary site (Availability zone 1a) and One instance in the secondary site(Availability zone 1b) pulling asynchronous data from primary site? 

     

    Could anyone please confirm if an active-active synchronization cluster on AWS can span across availability zones?



  • 2.  Re: AWS clustering
    Best Answer

    Posted Jan 26, 2018 05:50 PM

    Hi Manoj.  You should be able to set up a Multisite cluster across availability zones, or even regions, as long as you have a connection that meets clustering requirements.  I know that Engineering tested a multisite cluster between the Tokyo and Virginia regions.  I don't have the details, but might be able to get them.  Performance for Tokyo users accessing the Virginia system would be slow, and vice versa, but replication between the cluster members would work well, as long as the network throughput was good enough.  Here is the link to the AWS AMI Clustering Requirements section in the 3.1.1 documentation:  Cluster Deployment Requirements - CA Privileged Access Manager - 3.0.1 - CA Technologies Documentation