Symantec Privileged Access Management

Hi team

Currently have a cluster of 4 PAM nodes and running PAM 3.2. The nodes are in two different data centers about 200 km apart.

We are upgrading to PAM 3.3, and I know that In PAM 3.3, we need to have an odd number of nodes per site. So we are planning on having 4 sites with one node per site.

The current PAM cluster is configured with a VIP. This is not used by end users. End users either go directly to a specific node, or they access via an external load balancer, which forwards requests directly to the individual nodes. 

I read in the documentation that:
"We recommend always using a VIP. If a site has only one member, the VIP is not required.
However, if the site has more members, or if you plan to add members later, then a virtual IP is required."

Is this still correct?
Is it OK to have 4 sites with one node per site and no VIPs?
Users will continue to access via the external load balancer,

Thanks

Pearse

Original Message------

Hi team

Currently have a cluster of 4 PAM nodes and running PAM 3.2. The nodes are in two different data centers about 200 km apart.

We are upgrading to PAM 3.3, and I know that In PAM 3.3, we need to have an odd number of nodes per site. So we are planning on having 4 sites with one node per site.

The current PAM cluster is configured with a VIP. This is not used by end users. End users either go directly to a specific node, or they access via an external load balancer, which forwards requests directly to the individual nodes. 

I read in the documentation that:
"We recommend always using a VIP. If a site has only one member, the VIP is not required.
However, if the site has more members, or if you plan to add members later, then a virtual IP is required."

Is this still correct?
Is it OK to have 4 sites with one node per site and no VIPs?
Users will continue to access via the external load balancer,

Thanks

Pearse