Symantec Privileged Access Management

View Only

Cross vCenter vMotion and PAM

Jump to Best Answer

MARUBUN SUPPORT posted Feb 26, 2026 03:22 AM

The PAM manual's cluster section includes “VMware vMotion Support for Live Migration.”

VMware vMotion Support For Live Migration
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/4-3/administrating/maintenance/cluster-maintenance.html

Is Live Migration via Cross vCenter vMotion possible for a PAM cluster environment?

I believe migration of PAM members is also possible.

However, since migrating the environment takes time, I believe the number of members to migrate should be limited to the number required to maintain quorum.
(For a three-node cluster, migrate one node at a time)

Is this understanding correct?

Broadcom Employee Ralf Prigl posted Feb 26, 2026 09:48 PM Best Answer

Hello, As this documentation states: "PAM supports VMware vMotion for live migration of both primary and secondary cluster members running on VMware vSphere.". Your understanding is correct. You should only move a minority of the primary site nodes at any given time, so that there will always be a quorum. If there is no activity requiring database changes at the time, you may get away with moving nodes at the same time, but the note on the page explicitly warns against moving half or more of the nodes in the primary site at the same time.

MARUBUN SUPPORT posted Feb 27, 2026 02:32 AM

Thanks,

The description stating that this supports vMotion is found in the manual's cluster section.
However, is it possible to migrate the virtual environment using vMotion while keeping the PAM server operational in a non-cluster environment?

Broadcom Employee Ralf Prigl posted Feb 27, 2026 11:28 AM

The main concern with vMotion is database synchronization, that's why it's discussed in PAM documentation in the context of a cluster. Any problem with a standalone node would be considered a problem with vMotion itself, not with PAM.