Symantec Privileged Access Management

  • Private Community
 View Only

  • 1.  How stable should be connections via CA PAM?

    Posted Jan 24, 2017 07:14 AM

    In a stable network, how many time will CA PAM allow RDP connections and Webportal connections to be online?

     

    I'm asking because we received a testimonial that connections normally used to stay active up to 5 days, but since yesterday one of our client's environment they had two disconnections and one of them happened just before they restarted the access.

     

    Today the guy who uses most CA PAM told me when he arrived at work the connections were lost.

     

    To add more info, it happened in thick client and with browser too.

     

    Any suggestions where to look for clues about the problem?

     

    I asked him to start a paralel RDP connection to realize if the disconnection will happed with native client too.

     

    Best,

    Ellery



  • 2.  Re: How stable should be connections via CA PAM?
    Best Answer

    Broadcom Employee
    Posted Feb 24, 2017 04:51 AM

    Hello

    There are two settings controlling the session length and the connection length

     

    The Login timeout will tell you how long you can be logged in to PAM being idle before you get disconnected. The Applet timeout is the same but for a given applet. If you set 0 for any of them, that sets them to the max possible timeouts, which are 48 hours.

     

    The way in which it works is a bit tricky. Please see

     

    https://docops.ca.com/ca-privileged-access-manager/2-8/EN/reference/web-gui/menu-bar/global-settings-menu-bar-reference

     

    Basically the logi timeout will start counting and it will interrupt if you have an applet session open (e.g. rdp). If the applet session times out, then it will restart counting until the login timeout expires.

     

    You mention your sessions were open for 5 days. That is a bit odd, but still possible, since if one of these values is 0 it means the corresponding timeout will be 48 hours,

     

    To follow up on your sessions you may go to Sessions and manage sessions therein and you will see the session time, etc. If you see anything anomalous or contrary to the above explanation, please open a case for us to look into this

     

    Please let us know if this helped

     

    Miquel Gilibert

    CA Support



  • 3.  Re: How stable should be connections via CA PAM?

    Posted Feb 24, 2017 06:58 AM

    Hello Miquel!

     

    Yes, it was useful! Tks!

     

    We already have a case for another simptom of freezing RDP sessions after ~35 minutes.

     

    Best,

    Ellery



  • 4.  Re: How stable should be connections via CA PAM?

    Broadcom Employee
    Posted Feb 24, 2017 07:50 AM

    Hi Ellery

    OK, I've recently had a similar case. If you see this is not really behaving you certainly want to have a case open for this so that we can take a look at it

    Let me know if you need more help