Symantec Privileged Access Management

  • Private Community

  • 1.  Session Recording in AWS or Azzure

    Posted Jul 04, 2018 08:52 PM

    Hello, When deploy CA PAM in AWS or Azzure, the session recording where reside? in the AWS or Azzure cloud or on the customer premise?

     

    Thank You!

     

    Adolfo N.



  • 2.  Re: Session Recording in AWS or Azzure

    Broadcom Employee
    Posted Jul 05, 2018 04:24 AM

    Hello Adolfo,

     

    Session recording files are stored in mount point, be it S3 bucket, Windows CIFS drive or UNIX shared drive.

    Session logs are stored in the “log” table in the uag DB within PAM server.

    Session recording references are stored in the session_recording database table.

    Hope this helps.

     

    Best regards,

    Lawrence



  • 3.  Re: Session Recording in AWS or Azzure

    Posted Jul 05, 2018 10:23 AM

    Hello Lawrence,

     

    If CA PAM is deployed in AWS, and the Session Recording storage is in S3, the the bandwidth of customer will be affected??? i mean, this continuos data trasnfering of session recording maybe to impact negative the bandwidth.

     

    Thank You.

     

    Adolfo.



  • 4.  Re: Session Recording in AWS or Azzure

    Broadcom Employee
    Posted Jul 05, 2018 10:54 AM

    Hi Adolfo, If you are asking about the expected data rate, please take a look at https://communities.ca.com/thread/241783236-tips-calculating-space-for-recording-sessions . In general, if you are running PAM in AWS, it makes sense to store the session recordings in an S3 bucket. Whether other options are viable depends on what rates are expected, which in turn depends on expected user activity, and the required storage size depends on this rate and also on the retention policy, i.e. how long the customer needs to keep recordings on the share for PAM administrators to view. The latest PAM releases allow you to configure automatic purging of session recordings older than X days.



  • 5.  Re: Session Recording in AWS or Azzure

    Posted Jul 05, 2018 11:39 AM

    Hi Ralf, 

     


    But, the estimation of the amount of traffic that will be sent to Cloud Storage maybe could impact negative the Bandwidth at consecuence of the data will be sent. Taking the example of the above information that you kindly sent me, which mount of bandwidth will be acceptable for not to impact the network, maybe 60 mbps for example?

     

    Thank You.

     

    Adolfo.



  • 6.  Re: Session Recording in AWS or Azzure
    Best Answer

    Broadcom Employee
    Posted Jul 05, 2018 12:36 PM

    Hi Adolfo, That is a question for the administrator of the specific environment, not for PAM. For the AWS example with an S3 bucket, AWS documentation can be consulted. https://aws.amazon.com/blogs/aws/the-floodgates-are-open-increased-network-bandwidth-for-ec2-instances/ states that EC2 to S3 bandwidth may be as high as 25Gbps, which would be many times larger than your 60Mbps example. We wouldn't know whether there would be any other data transfer competing for bandwidth between PAM and the recording share.