Symantec Privileged Access Management

 View Only
  • 1.  Need help on Oracle RAC server Onboarding

    Posted Apr 23, 2019 04:46 AM

    Can someone help me to onboard Oracle RAC(Real Application Clusters).


    RAC servers basically will be in clustering setup and if the password rotation is done on one server, same password will be updated in rest of the RAC servers mapped to main server. In this case, how can rotate the password from PAM. If we change the password for one server is enough, same can be used for rest of the RAC servers. How can we onboard these servers and manage the password from PAM.

  • 2.  Re: Need help on Oracle RAC server Onboarding

    Broadcom Employee
    Posted Apr 24, 2019 10:56 AM

    Hi Ashwini, I am not familiar with RAC server clustering, but isn't there a VIP for which you can define a device in PAM and have a single target account? You would then add all cluster members to a device group and define the VIP device as the credential source. If there is no VIP, you should be able to group the cluster members into a target group and define a job to update the accounts with the same password on the target group. Here a behavior of PAM that can be troublesome in other cases may help you. I am referring to the behavior that PAM always first tries to verify a new password before setting it. So if you have 5 devices getting their password updated, the first one processed will do the update, and the subsequent four would only do a verify and find that the new password is right already. This assumes that the password is updated on all cluster members in real time. The drawback with multiple target accounts referring to the same account on the cluster is that you should not configure password view policies that would trigger a password update on view or auto-connect, because that would update only one of the target accounts.