Symantec Privileged Access Management

 View Only
  • 1.  ca pam client login slow

    Posted Sep 04, 2019 05:31 AM
    To Access ca pam server we are using ca pam client. while login with credential around 40 sec take time to reach dashboard. I clear all caches from temp and from client also. but we are facing similar type issue. So please can you give me the proper solution so I can login ca pam client fast.
     For login pam client we only open the 443 port but is we required to open other port??





    ------------------------------
    Network and security Engineer technical associative
    Cas Trading House
    ------------------------------


  • 2.  RE: ca pam client login slow

    Broadcom Employee
    Posted Sep 05, 2019 05:33 AM

    Hello Sudip,

     

    I think this is kind of normal – I also notice this – it became worse in recent versions of the product.

     

    Best Regards,

    Andreas

     






  • 3.  RE: ca pam client login slow
    Best Answer

    Broadcom Employee
    Posted Sep 05, 2019 02:55 PM
    The dashboard itself is not fast.  But clearing your cache will certainly slow things down somewhat.

    There are a couple of things that can speed you up a bit:

    1. For administrative tasks, use chrome or firefox.  These don't support Java, so they won't work for doing normal user tasks, but they work fine for administration and load a bit faster since there is no java applets to load.
    2. Disable PAM client upgrade checking: https://docops.ca.com/ca-privileged-access-manager-hotfixes/EN/3-1-2-hotfixes/3-1-2-02-hotfix#id-3.1.2.02Hotfix-(Optional)DisableCAPAMClientUpdateChecking
    3. Optimize your SSL configuration by using a ssl cert that is issued by a trusted root CA that uses a fast OCSP server for certificate validation.

    That said, in my testing, waiting for the dashboard accounted for about 2/3's of the time it takes to get logged in.  So the above will be limited in how much time it might save.


  • 4.  RE: ca pam client login slow

    Broadcom Employee
    Posted Sep 05, 2019 02:13 PM
    Hi,


    There are numerous factors when determining performances issues with any solution:

    1> Is there any anti-virus software that could be potentially putting overhead on us?
    2> How many hops away is the PAM Client to the PAM Appliance?  The more hops the more network latency = equals slower performance.
         --> Any potential to use a Jump Server that is closer to the PAM Appliance?
    3> Does the workstation that you are running on have any resource problem (IE: CPU/Memory)?  If it is a Citrix or VMware View - are the resources fully allocated?

    Please advise.
    Thanks,
    Kevin D.


  • 5.  RE: ca pam client login slow

    Posted Sep 10, 2019 03:35 AM
    Thank you
    Please find the inline comment.


    1> Is there any anti-virus software that could be potentially putting overhead on us?
    Yes, not overhead
    2> How many hops away is the PAM Client to the PAM Appliance?  The more hops the more network latency = equals slower performance.
         --> Any potential to use a Jump Server that is closer to the PAM Appliance?
    Same Network 
    3> Does the workstation that you are running on having any resource problem (IE: CPU/Memory)?  If it is a Citrix or VMware View - are the resources fully allocated?
    CPU used 0%
    RAM 13%
    HDD 5%
    Last line not understand?


    ------------------------------
    Network and security Engineer technical associative
    Cas Trading House
    Putalisadak, KTM
    ------------------------------



  • 6.  RE: ca pam client login slow

    Broadcom Employee
    Posted Sep 11, 2019 06:48 AM
    Sudip,

    Please enable the CA PAM client debug log and check, you might be able to find a problem with a connection?

    Thanks,
    Reatesh.

    ------------------------------
    Principal Support Engineer
    Broadcom
    ------------------------------