from Kristen Palazzolo (CA) to Everyone:
Hi Dean! Thanks for joining today!
from Dean Olson to Everyone:
Good Morning!
from Kristen Palazzolo (CA) to Everyone:
Hi Eduard!
from Kristen Palazzolo (CA) to Everyone:
Hi Stephen!
from Kristen Palazzolo (CA) to Everyone:
Hi Bill!
from Kristen Palazzolo (CA) to Everyone:
Thanks for joining everyone!
from Kristen Palazzolo (CA) to Everyone:
We'll get started in a couple minutes.
from Eduard Palomeras to Everyone:
Hi Kristen!
from Kristen Palazzolo (CA) to Everyone:
Alright - let's get started!
from Kristen Palazzolo (CA) to Everyone:
If you're new to Office Hours, there is no audio. All conversation happens right here in the chat window.
from Kristen Palazzolo (CA) to Everyone:
Today's session coveres CA Privileged Access Manager (formerly XSuite), CA Privileged Access Manager Server Control (formerly PIM/ControlMinder) and CA Shared Account Manager.
from Kristen Palazzolo (CA) to Everyone:
covers*
from Eduard Palomeras to Everyone:
Is there any plan to create a graphical workflow designer?
from Eduard Palomeras to Everyone:
Is there any plan to expose a SDK to create custom connectors?
from Michael Dullea to Everyone:
Hi @Eduard - I assume you are referring to CA Privileged Access Manager? No specific plans to add a graphical workflow designer at this time, however we do intend to make some improvements on our credential workflow capabilities.
from Eduard Palomeras to Everyone:
thanks Mike!
from Kristen Palazzolo (CA) to Everyone:
Any other questions for our team out there?
from Mustapha Benmahbous to Everyone:
in A2A Developper guide, the C#.NET example is based on Java servlet which requires a Java Container. My customer does not have Java skilled people, what would be the alternate.
from Michael Dullea to Everyone:
Hi @Eduard - One other thing to mention is that in PAM 2.7 we introduced integration with service desk ticketing systems for ticket validation (i.e. CA Service Desk Manager, BMC Remedy, ServiceNow, HP Service Desk Manager etc.) so customers can incorporate PAM into their service desk workflows.
from Michael Dullea to Everyone:
Hi @Eduard - One of the items we are considering for a future release is to introduce a new target connector framework that will enable us to introduce new connectors quickly...and potentially extend it to customers to create custom connectors.
from Eduard Palomeras to Everyone:
thanks Mike!
from Jeff Parker (CA) to Everyone:
You can call the A2A client via command line/system call. Will that work?
from Kristen Palazzolo (CA) to Everyone:
@Mustapha - See Jeff's reply above.
from Mustapha Benmahbous to Everyone:
Yes
from Mustapha Benmahbous to Everyone:
thanks
from vasu to Everyone:
We had one requirement which requires setting a single password for the backup user created over multi target system for which we raised an idea also. If there any plan to add such functionality, setting single password for multiple target.
from Jeff Parker (CA) to Everyone:
@Mustapha, PERL syntax, but a good example; my $cmd= $ENV{'CSPM_CLIENT_HOME'}."/cspmclient/bin/cspmclient " . $alias . " " . $bypassCache . " -x";
from Mustapha Benmahbous to Everyone:
the customer is 100 % Microsoft shop.
from Mustapha Benmahbous to Everyone:
the example is Linux based
from Shahn Soomro (CA) to Everyone:
@Vasu, you should be able to meet that requirement easily in a couple of different ways. One would be to create a group of the account that require same password and assign a password policy to the group that generate a single password .. other will be to manually assign a single password to a group of accounts..
from Jeff Parker (CA) to Everyone:
@Mustapha, this is from a PERL script on Windows
from Shahn Soomro (CA) to Everyone:
@Vasu, I would no recommend the second method.. but its doable
from vasu to Everyone:
Thanks
from Mustapha Benmahbous to Everyone:
Thanks. I will explore the PERL scripts method then.
from Jeff Parker (CA) to Everyone:
@Mustapha, it is just an example of calling the CLI to get credentials. No need for PERL, no need for an API, and laguage, just do a system call.
from Kristen Palazzolo (CA) to Everyone:
[PIM] How to enable additional logging for Java SDK and CAJDBC for password consumers -> https://communities.ca.com/docs/DOC-231170006
from Kristen Palazzolo (CA) to Everyone:
Tech Tip - CA Privileged Access Manager: Scheduling Database Backup https://communities.ca.com/docs/DOC-231169876
from Mustapha Benmahbous to Everyone:
Is there a plan to export all PAM logs into a sys log server ?
from Jeff Parker (CA) to Everyone:
PAM exports logs to SPLUNK, and 2 syslog destinations.
from Shahn Soomro (CA) to Everyone:
@Mustapha.. ALL PAM administrative/user operation logs can be forwarded to one or more syslog servers... not sure what you question means there. Only logs that are not forwarded to syslog are the Tomcat logs which show mostly system/ui related messages
from Jeff Parker (CA) to Everyone:
@Mustapha, Config, logs, syslog settings. 2 server limit.
from Mustapha Benmahbous to Everyone:
thank you
from Jeff Parker (CA) to Everyone:
@Mustapha, I posted a screenshot on the communities site.
from Kristen Palazzolo (CA) to Everyone:
@Mustapha - Here's the link: https://communities.ca.com/events/3160?commentID=233944615#comment-233944615
from Kristen Palazzolo (CA) to Everyone:
15 minutes left! Get your final questions in now!
from Shahn Soomro (CA) to Everyone:
@Vasu... on review I realized I mentioed assigning password composition policy to groups .. in fact it is assigned to "Applications".. so if your users are part of same "Application" you an assign them a common password composition policy that will give them same password.
from Kristen Palazzolo (CA) to Everyone:
Ok - that's all the time we have for today! Join us again next month for another session of CA PAM Office Hours. I will be posting the chat transcript from today's session to the CA Security Community later today: