Symantec Privileged Access Management

View Only

We are thinking of updating to Windows Server 2019.

MARUBUN SUPPORT posted May 16, 2023 04:41 AM

Product
CA Privileged Access Manager 4.1.2

Question
Currently, we are setting up the existing AD management target device "WindowServer2012"
so that automatic connection and password display can be performed with the WindowsRemote connector.

This time, we plan to abolish this existing device "WindowServer2012" and introduce a new "WindowServer2019".

We are considering making the IP address of the target device the same as the existing one by the following method,
but if the IP address is the same, is it possible to use the existing CAPAM settings as they are?
Are there any other settings that need to be changed?

・Windows 2012 IP is IP-A
・Windows 2019 IP is IP-B

We consider construction and migration as follows.

1. CAPAM is IP-A and WindowsServer2012 is set.
2. Build Windows Server 2019 with IP-B.
3. Power off Windows Server 2012.
4. Change IP-B of Windows Server 2019 to IP-A.
5. From CAPAM, connect to WindowsServer2019 with IP-A.

Thanks,

Broadcom Employee Ralf Prigl posted May 17, 2023 11:43 PM

Hello, This looks like a good procedure. No configuration needs to change in PAM, if the device address configured in PAM remains the same. PAM doesn't interact with the Windows OS, only connects to the Active Directory listener ports (389 or 636, or possibly the global catalog ports 3268 or 3269). There should be no problem with PAM connecting to the new domain controller after the switch.