Symantec Privileged Access Management

  • 1.  CA PAM SLOW?

    Posted Apr 29, 2019 02:04 AM

    In our environment Our CA PAM 3.2.4 is very slow ?
    while open the PAM and also open application as well while open database client from the jump server?

    can any one explain me what should need to be check?

    as well if network issue can we find out the report or anything which may be find that is the happen by Network ??

    please suggest me????



  • 2.  Re: CA PAM SLOW?

    Posted Apr 29, 2019 03:23 AM

    Hi, Sudipkarma

    Can you share more details and how and what is slow?

    Let's go one by one.

    1. Logon to PAM is slow?

      => Are you using Browser? Is so, which browser and what authentication type?

      => Are you using PAM Client? What authentication type are you using?

      => How much time does it take from clicking on the login button until you start to see the PAM screen?

    2. Logon to Application is slow? (This is a different topic to #1 above, better to open a separate thread for this)

      => Which application?, What "Access Type" is it?

      => If it is RDP or SSH, do you have tcp port 8550 open on those target servers?

     

    Regards,

    Kim



  • 3.  Re: CA PAM SLOW?

    Posted Apr 29, 2019 11:23 AM

    Can you share more details and how and what is slow?

    while open PAM client its slow? Several time hang while using and need to close forcefully

    Let's go one by one.

    1. Logon to PAM is slow?

      => Are you using Browser? Is so, which browser and what authentication type?

    No

      => Are you using PAM Client? What authentication type are you using?

    Yes and LDAP and local

      => How much time does it take from clicking on the login button until you start to see the PAM screen?

    By clicking 10-20 sec for login/after login to appear dashboard it take time 10-20 sec.. (if you want accurate this i just check only in login jumpserver to database its take around the 50 sec)

    2. Logon to Application is slow? (This is a different topic to #1 above, better to open a separate thread for this)

      => Which application?, What "Access Type" is it?

    SSH(Same network its fast but different network its become slow)/

      => If it is RDP or SSH, do you have tcp port 8550 open on those target servers?

    Yes Opened but not solved the problem?

     

    Note: Can you provide me the process of accessing to ssh. i means to say while clicking to open to server with auto login what are the process done if 

    i knew that then its more easy to troubleshoot?

    Thank you advance:



  • 4.  Re: CA PAM SLOW?

    Broadcom Employee
    Posted Apr 30, 2019 09:05 AM

    Hi Sudip,

     

    I see you asked about network troubleshooting. To troubleshoot network from PAM you can use the tools under: Configuration > Tools 

     

    Can you confirm that you are meeting the hardware requirements for the VM?

     

    Doc Link: Installation Requirements - CA Privileged Access Manager - 3.2.4 - CA Technologies Documentation 

    Virtual Instances

    CA Privileged Access Manager provides virtual images as VMware OVA, AWS AMI, and Azure VHD. When you provision these instances, we require these parameters:

    • Memory: 16 GB
    • CPU: 8 cores (we support up to 512 CPU cores)
    • Storage: 80 GB

     

    Regards,

    Christian Lutz

    Support Engineer 3

    Broadcom (CA) - ESD Support



  • 5.  Re: CA PAM SLOW?

    Posted Apr 30, 2019 09:43 AM

    In that tools we can only check port open or not and ping, trace route but which don't show that From Network issue pam is slow?

    Yes, Its confirm that meets the hardware requirements for the VM.

     

    Thank you,



  • 6.  Re: CA PAM SLOW?
    Best Answer

    Broadcom Employee
    Posted May 01, 2019 02:45 PM

    Hello Sudip, the traceroute tool is useful in checking on the network connection. This is relevant for the connection between PAM and the client workstation, and between PAM and any target device you are accessing through PAM. Since the login itself is slow, the bottleneck may be the connection between the PAM client and PAM. On the dashboard you should be able to see whether PAM has high CPU usage. I assume that's not the case, given that you didn't mention it. If you can't figure out what causes the performance problem, please open a support case and provide the system logs from the PAM appliance by using the DOWNLOAD button to the right of the "System Log Configuration File" label on the Configuration > Diagnostics > Diagnostic Logs -> Download page. Make sure to click only once. It may take a while before the logs are collected and you are prompted to save a file named logs.bin. Also attach the logs.log file from the PAM client installation directory.



  • 7.  Re: CA PAM SLOW?

    Broadcom Employee
    Posted May 01, 2019 02:46 PM

    Just to make sure this is clear: Attach the files to a support case, not here!