Symantec Privileged Access Management

  • Private Community
 View Only

  • 1.  PAM_V3.2.3: Creating Failover mount for session recording

    Posted Mar 03, 2020 03:40 AM
    Hi Community,

    Can you please confirm the below plan,
    As changes will be made directly on production server, will there be any impact or any known issue regarding this.

    We are planning to create a failover mount point for both the data centers in our PAM.

    As of now we have only primary mount point for session recordings respectively in our DC's and now we are planning to create a failover point for both DC's.

    We are planning to create primary mount point of DC1 as failover point of DC2 and vice-versa.

     


    Regards,
    Ashish


  • 2.  RE: PAM_V3.2.3: Creating Failover mount for session recording

    Broadcom Employee
    Posted Mar 03, 2020 04:24 AM
    Hello Ashish,

    Don't set DC1 as failover for DC2 and DC2 as failover for DC1. This will not be a good design. Fail over is supposed to be different and unique.
    Doing so, you might end up filling the disk space and when you might really need to perform a failover to secondary session recording location, this might fail.

    Thanks,
    Reatesh.

    ------------------------------
    Principal Support Engineer
    Broadcom
    ------------------------------

    Original Message


  • 3.  RE: PAM_V3.2.3: Creating Failover mount for session recording

    Posted Mar 03, 2020 05:09 AM
    Hi Reatesh,

    Thank you for your valuable suggestion!

    So, I was observing that users where getting session recording errors on daily basis for which I would recommend them to change the site of PAM and they were able to login the servers. So with that thought in mind I was planning this activity.

    Can you let me know if this is a speculation or you have encountered this event before.
    Also we have 1.5 Tb of storage in both DCs of which almost 30-40% is used respectively. So my understanding with this idea was that if I create other as failover it will occupy the disk space only when primary is not available and this can help us create a high sustainable session recording.

    Please help me understand the challenges in detail so that I can study about it.

    Best Regards,
    Ashish Khar
    Original Message


  • 4.  RE: PAM_V3.2.3: Creating Failover mount for session recording
    Best Answer

    Posted Mar 03, 2020 09:03 AM
    Hi Ashish

    I always configure the main storage in the same route, because if for example the cluster is 2 site and each site with 3 nodes when configuring an independent storage for each site when trying to see in the site2 a session recording generated in PAM site1 generates an error because it cannot access storage.

    Under your configuration this "error" will surely be presented. The fault storage must be independent with the objective that when the main storage fails, the sessions are recorded in the fail over until the main storage is recovered.
    Original Message