Symantec Privileged Access Management

  • 1.  Comparison between and migration from SAM to PAM 3.1.1?

    Posted Feb 09, 2018 09:57 AM

    Hi everyone,

     

    One of my customers could be interested in upgrading his version of SAM\PIM 12.92, but this is the latest release available of this suite, so the only kind of upgrade would be switching to PAM 3.1.1.

     

    So, the questions are:

     

    Has a sort of comparison between SAM (intended as a PIM component) and PAM (Privileged Access Manager) features ever been documented?

     

    Furthermore I'm wondering if it's possible to migrate accounts that are already configured on SAM (PIM 12.92) in a PAM 3.1.1 appliance.

     

    Thanks for helping me.

    Best regards,

    Alessia



  • 2.  Re: Comparison between and migration from SAM to PAM 3.1.1?

    Posted Feb 09, 2018 12:11 PM

    Hi Alessia.  I working on getting an official response from Product Management, but I can give you an answer, based on my understanding of the products.  SAM is a component of PIM, and its purpose is to act as a password vault for privileged accounts.  PAM SC is essentially PIM without SAM, and can easily be integrated with PAM.  PAM has a variety of capabilities, one of which is a password vault.  PAM also has a couple of APIs, which could be used to migrate passwords.  Assuming you can extract the relevant information from SAM, you could write a program or script that would upload the information into PAM.  Here is a link to the Programming section of the PAM 3.1.1 documentation wiki.  It contains quite a bit of information, including the available commands.  I do not know if a migration tool will be provided.  That is information that would have to come from Product Management.



  • 3.  Re: Comparison between and migration from SAM to PAM 3.1.1?

    Posted Feb 10, 2018 06:19 AM

    Hi Voged, thanks for answering so fast.

    I'll have a look at PAM APIs.

    Maybe I've asked the wrong question about comparison. What I need to know is if PAM adds some features to the old SAM. That means, why should someone move from SAM to PAM, established that the purpose is to manage priviled shared account and which benefits would come.

     

    Thanks again for helping me, have a nice w.e.



  • 4.  Re: Comparison between and migration from SAM to PAM 3.1.1?
    Best Answer

    Broadcom Employee
    Posted Feb 16, 2018 04:23 AM

    Hello Alessia,

     

    CA PAM and CA PIM are two separate products, not integrating to each other in any way.

     

    Please note, the latest version of CA PIM is r14.0.

    New Features against CA PIM 12.92 are described here:

    New and Changed Features - CA Privileged Identity Manager - 14.0 - CA Technologies Documentation 

     

    To my information this will be the last version of the SAM component released.

    (maybe this already is argument enough for your customer to switch to the CA PAM product)

     

    Myself working with both products I would say, from a functional point of view both products basically provide the same features.

     

    In PIM/SAM it is possible to export the privileged accounts and endpoints via the WorldView to a CSV.

    However, this file first needs to be adjusted to meet the requirements of the CA PAM product before it can be imported there.

     

    Best Regards,

    Andreas