Layer7 Privileged Access Management

Expand all | Collapse all

Multi Site clustering

Jump to Best Answer
  • 1.  Multi Site clustering

    Posted 01-26-2018 06:33 AM

    In an Multi-Site clustering, can both primary and secondary sites have only one instance each. During an primary site failure or that one instance in the primary site failing and failover will be manually promoting the secondary site to primary until we restore the primary site. My client has only purchased two instances but want a HA\DR solution with it.



  • 2.  Re: Multi Site clustering
    Best Answer

    Posted 01-26-2018 01:11 PM

    Hi Manoj,

     

    Yes it is possible to configure multi-site clustering with only one node in each site.

     

    No, this would NOT provide "HA". For HA you would be required to have at least 2 nodes in the Primary site. The secondary site node cannot take control of the VIP for the Primary site, so there would be no availability when the solitary Primary node goes down. The secondary site can be set up to continue working (operationally safe), but it will be working in a limited capacity and it is not suggested that you leave the cluster in this state.

     

    PAM does not currently have any supported "DR" setup. Our usual recommendation for DR type questions is to ensure that you are either taking snapshots (PAM should be shutdown whenever taking a snapshot for best results) or Database & Config backups regularly. This way you would have a recent backup to restore in the case of a disaster.

     

    Regards,

    Christian Lutz

    Support Engineer

    CA Technologies - North America



  • 3.  Re: Multi Site clustering

    Posted 01-26-2018 02:04 PM

    Maybe not HA, but for DR you can certainly follow instructions at https://docops.ca.com/ca-privileged-access-manager/3-1-1/EN/deploying/set-up-a-cluster/cluster-synchronization-promotion-and-recovery under "Site Promotion Using Replication Analysis” to promote a secondary site to become the primary site when the default primary site is unavailable.