Symantec Privileged Access Management

  • 1.  Multi Site clustering

    Posted Jan 26, 2018 06:33 AM

    In an Multi-Site clustering, can both primary and secondary sites have only one instance each. During an primary site failure or that one instance in the primary site failing and failover will be manually promoting the secondary site to primary until we restore the primary site. My client has only purchased two instances but want a HA\DR solution with it.



  • 2.  Re: Multi Site clustering
    Best Answer

    Broadcom Employee
    Posted Jan 26, 2018 01:11 PM

    Hi Manoj,

     

    Yes it is possible to configure multi-site clustering with only one node in each site.

     

    No, this would NOT provide "HA". For HA you would be required to have at least 2 nodes in the Primary site. The secondary site node cannot take control of the VIP for the Primary site, so there would be no availability when the solitary Primary node goes down. The secondary site can be set up to continue working (operationally safe), but it will be working in a limited capacity and it is not suggested that you leave the cluster in this state.

     

    PAM does not currently have any supported "DR" setup. Our usual recommendation for DR type questions is to ensure that you are either taking snapshots (PAM should be shutdown whenever taking a snapshot for best results) or Database & Config backups regularly. This way you would have a recent backup to restore in the case of a disaster.

     

    Regards,

    Christian Lutz

    Support Engineer

    CA Technologies - North America



  • 3.  Re: Multi Site clustering

    Broadcom Employee
    Posted Jan 26, 2018 02:04 PM

    Maybe not HA, but for DR you can certainly follow instructions at https://docops.ca.com/ca-privileged-access-manager/3-1-1/EN/deploying/set-up-a-cluster/cluster-synchronization-promotion-and-recovery under "Site Promotion Using Replication Analysis” to promote a secondary site to become the primary site when the default primary site is unavailable.



  • 4.  RE: Re: Multi Site clustering

    Posted Oct 02, 2019 02:30 AM
    Hi Ralf,

    As you had mentioned "promote a secondary site to become the primary site when the default primary site is unavailable.", the next thing to understand is, whether subsequently, it is possible and supported to demote the DR "Primary" site back to secondary site and promote back the Production site to Primary site in the cluster?

    If Yes, how is that to be done?

    Thanks!
    Sandeep



  • 5.  RE: Re: Multi Site clustering

    Broadcom Employee
    Posted Oct 02, 2019 09:43 AM
    Hi Sandeep, This is not a different use case. You have a primary site and you want to make another site primary. If the DR primary site now has the newer and better data, you bring the original primary site back into the cluster as a secondary site first so that it gets the latest data from the current primary site, and then you make it primary again in a second step.