Layer7 Privileged Access Management

Expand all | Collapse all

PAM DC real-time sync with DR without downtime in different networks

Jump to Best Answer
  • 1.  PAM DC real-time sync with DR without downtime in different networks

    Posted 07-23-2019 05:29 AM

    Hi, 

    Please find our CA PAM architecture as below.

    In DC we have primary PAM and secondary PAM with in the same network. DR(only one PAM) is having on different Network.

    The customer wants to realtime sync between DC and DR without downtime. Please tell me is it possible?  and if possible how it is to be done.

    regards

    Sudip



    ------------------------------
    Network and security Engineer technical associative
    Cas Trading House
    ------------------------------


  • 2.  RE: PAM DC real-time sync with DR without downtime in different networks

    Posted 07-23-2019 10:25 AM
    Hi Sudip, The way to accomplish this would be to keep the DR node in the active cluster as a separate secondary site.​


  • 3.  RE: PAM DC real-time sync with DR without downtime in different networks

    Posted 07-24-2019 02:12 AM

    Hi Ralf,
    To configure separate secondary site what are the requirement need?
    is this need addition license?
    Can you explain me for this scenario also???

    Thank you,

    Regards,

    Sudip



    ------------------------------
    Network and security Engineer technical associative
    Cas Trading House
    ------------------------------



  • 4.  RE: PAM DC real-time sync with DR without downtime in different networks
    Best Answer

    Posted 07-24-2019 09:29 AM
    ​Hi Sudip, I don't quite know what you are after. Per your initial statement you have an existing cluster and an existing DR node. Is that not the case? If you have the PAM instances already, it's just a matter of updating the cluster configuration with a second site and put the DR node in there. You would have had to do that temporarily anyway so that the DR node can read passwords in the production database. See also page https://docops.ca.com/ca-privileged-access-manager/3-3/EN/administrating/maintenance/configuration-and-database-backups/restore-the-database-to-a-new-appliance/cluster-backup-and-disaster-recovery-process.
    In general, licensing for PAM is per instance and as far as licensing goes it doesn't matter whether the instance is part of a cluster or not.