Symantec Privileged Access Management

  • 1.  Need SOAP or REST APIs details that can be used for load testing in CA PAM.

    Posted Aug 02, 2018 06:20 AM

    At client location we need to perform Load testing / Performance Testing on CA PAM (V 3.1.1), PAM Server Control and Threat Analytics under below scenarios. leveraging on CA PAM APIs to create login sessions and creating multiple connections to Target Systems externally from Performance testing tools / SOAP UI .

     

    a) Concurrent user login to PAM – 50 users to 600 users Max

    b) Single user login to PAM and Multiple connections on Target Servers – 50 to 300 connections Max

    c) Multiple Users login to PAM and Multiple connections on Target Servers – 50-600 users , 50-300 connections Max

     

    Please help in getting API details and sample code if available. Like SOAP or REST APIs that can be used for load testing.



  • 2.  Re: Need SOAP or REST APIs details that can be used for load testing in CA PAM.

    Broadcom Employee
    Posted Aug 02, 2018 11:55 AM

    Hi Ganesh, There are no PAM APIs available to simulate user activity at this time. This requires external tools.



  • 3.  Re: Need SOAP or REST APIs details that can be used for load testing in CA PAM.

    Posted Aug 03, 2018 01:02 AM

    We tried to use "Load Runner" tool for performance testing, that as soon as the load runner user connects to PAM, the session is getting terminated by PAM automatically...

     

    We have already raised a support case as per  CA Engineer, the load runner sends the proxy request to PAM which is not transparent. As a security product PAM server treats the proxy connection as a threat and deactivates.

     

    Please Suggest if any alternate way to achieve this

     



  • 4.  Re: Need SOAP or REST APIs details that can be used for load testing in CA PAM.

    Posted Aug 03, 2018 08:16 AM

    PAM seeing connections from LoadRunner as a security threat is likely a certificate issue.  Are you seeing messages in the Session Log related to Potential Tampering?  This would confirm my suspicion.  You need to get the certificate used in PAM into LoadRunner.  I believe that will solve the problem.