Hello communitymake the implementation for 2 servers "CA PAM VirtualAppliance" and nowi want to perform the installation of the agent for windows proxy. I wonder if this agentshould install and address one of the 2 servers in the cluster or the installation madelater pointing to the VIP once the cluster has been configured. I think that this questionis valid for the case of Agent Socket filter and A2A I appreciate your collaboration
Hi Julian, Please take a look at https://docops.ca.com/ca-privileged-access-manager/3-1-1/EN/implementing/add-and-run-credential-manager-a2a-requestors/configure-the-a2a-client-multi-home-feature
This explains how to add multiple PAM server entries in the cspm_client_config.xml file post-install. It is valid for A2A clients and Windows Proxy agents, and the configuration file name is the same. Make sure to add "cspmserver” and "cspmserver_port” pairs as the doc states. The port default is 443 (PAM HTTPS port) and can be left blank. But you still need to have a port parameter for each server parameter. If you are only connecting to nodes in one cluster, it is ok to just use the cluster VIP. What you choose also depends on your network/firewall configuration, specifically whether the Windows proxy nodes are meant to connect to the PAM servers directly, or through an external load balancer, if you have one. The Windows Proxy service needs to be able to communicate with one PAM server on startup. Otherwise it will stop. Once running, any PAM server that has this proxy configured can communicate with it.