Symantec Privileged Access Management

 View Only
  • 1.  I have need to connect to PAM environments at different releases

    Posted Jun 06, 2023 01:20 PM

    Hi team, we are using AVD to connect in PAM. The issue is that this AVD is shared with hundred users and next week we may have different PAM environments at different releases. 2 issues: it will keep updating the client and for any reason, even after to have it up to date I am not able to work with PAM Client in different releases.

    Any recommendation or suggestion?

    Higor



  • 2.  RE: I have need to connect to PAM environments at different releases

    Broadcom Employee
    Posted Jun 06, 2023 01:38 PM

    Hello Higor, My recommendation is to use separate PAM client instances to connect to different PAM releases. You can customize the installation folder during the install process.




  • 3.  RE: I have need to connect to PAM environments at different releases

    Posted Sep 21, 2023 10:13 AM

    Hi Ralf, has anything changed since last time we talked about it? Having 2 installations in separated folders will not work for me. I have thousand users and 20 different PAM environment as you know being used in AVD.

    Higor




  • 4.  RE: I have need to connect to PAM environments at different releases

    Broadcom Employee
    Posted Sep 21, 2023 12:13 PM

    Hi Higor, there are no changes in this regard. You may have 20 different PAM environments, but you cannot have more than two different releases to deal with. I never had a problem with using the same client to connect to different maintenance releases on the same main release, although I cannot connect to two different maintenance releases with one client at the same time. As long as I have the jar files for the different releases cached, the client update is quick, just requires a restart. The PAM client needs to update its own jar files to match the release of the PAM server it connects to, that cannot change. Why are your "thousands users" affected by this? Why would end users have to connect to PAM servers at different releases? Also, for administrative work and for direct password view, you can you a browser session. The client is needed only for access sessions.




  • 5.  RE: I have need to connect to PAM environments at different releases

    Posted Sep 21, 2023 12:58 PM
    Hi Ralf,

    First your recommendation was: "to use separate PAM client instances to connect to different PAM releases"

    Now I are mentioning: "I never had a problem with using the same client to connect to different maintenance releases on the same main release"

    Let me try again:

    1 - I have all users using AVD (around 200 workstations)
    2 - I have 20 PAM environment running in version 4.0.2
    3 - I have upgraded 1 PAM environment to 4.1.3
    4 - I have SAME user trying to use PAM Version 4.0.2 AND 4.1.3 (same time or not. It doesn´t matter)
    5 - I got error: Applet not available!



    That´s all.



    Higor Louback
    Security Analyst, Identity Management, DXC Security
    DXC Technology

    higor.louback@dxc.com<mailto:hilton.machado@dxc.com>

    DXC.com<http: www.dxc.com/=""> / Twitter<https: twitter.com/dxctechnology=""> / Facebook<https: www.facebook.com/dxctechnology/=""> / LinkedIn<https: www.linkedin.com/company/dxctechnology="">




  • 6.  RE: I have need to connect to PAM environments at different releases

    Broadcom Employee
    Posted Sep 21, 2023 01:46 PM

    This is all in line with our previous discussion. 4.0.2 and 4.1.3 are based on different main releases and the recommendation is to use separate PAM client installations. I would say that end users should not have a need to connect to PAM servers at different releases. The PAM environments that an end user needs to connect to should be at the same release. If they are different types of environments (e.g. dev vs production), it should be straightforward for the user to know which PAM client to use for which connection.




  • 7.  RE: I have need to connect to PAM environments at different releases

    Posted Sep 21, 2023 01:50 PM
    Ralf,
    The time required to upgrade 40 appliances to the same version must be consider until we have all environment equalized.

    That´s what I am looking for. It cannot depend on the end user to know which PAM version is going to access.

    But anyway, if this work like this ok.

    Higor Louback
    Security Analyst, Identity Management, DXC Security
    DXC Technology

    higor.louback@dxc.com<mailto:hilton.machado@dxc.com>

    DXC.com<http: www.dxc.com/=""> / Twitter<https: twitter.com/dxctechnology=""> / Facebook<https: www.facebook.com/dxctechnology/=""> / LinkedIn<https: www.linkedin.com/company/dxctechnology="">