Symantec Privileged Access Management

  • Private Community

  • 1.  At what point should I integrate threat Analytics server ?

    Posted Mar 20, 2018 11:18 AM

    Hello

     

    Perform the deployment and configuration of 2 servers "CA PAM VirtualAppliance" and now I want to perform the integration with a third server for CA Threat Analytics, and establish the solution in HA, in the documentation does not indicate if the Threat Analytics server should be integrated before or after the cluster for HA and if they are before individually for each PAM server, you can have a single Threat Analytics server or 2, one for each CA PAM server

     

     

    The the designed architecture is the one described in the image

     

    Thank you



  • 2.  Re: At what point should I integrate threat Analytics server ?

    Broadcom Employee
    Posted Mar 21, 2018 12:18 AM

    Hi Julian, You have one Threat Analytics server per PAM cluster. A user could get connected to any of the cluster nodes and for threat analytics to work it has to know about all sessions. There is no choice. When you go to PAM configuration pages, you will find a global symbol next to many configuration headers, including the CA Threat Analytics configuration under Configuration > CA Modules > CA Threat Analytics. This tells you that it's a global setting that will be replicated to all cluster members. You'll see a text box stating so when you hover over the icon.

     



  • 3.  Re: At what point should I integrate threat Analytics server ?

    Posted Mar 21, 2018 09:38 AM

    Hi Ralf

     

    Thanks by your answer, it is correct.