Symantec Privileged Access Management

 View Only

 Max memory size of PAM Client

Jump to  Best Answer
MARUBUN SUPPORT's profile image
MARUBUN SUPPORT posted Oct 17, 2024 02:48 AM

Hi Team,

Product & Environment
PAM 4.1.7 & PAM 4.1.0
PAM Client on Windows Server 2016

After installing "PAM Client" from "PAM 4.1.7" and then accessing "PAM 4.1.0" and downgrading "PAM Client", "PAM Client" did not restart.
When I checked the "PAM Client" folder, I found that "memory.max" in "settings.properties" was 2048.

The manual says that the maximum value for memory.max is 1200.
Modify Client Configuration Settings (Optional)

After changing memory.max from 2048 to 1024, the PAM Client was able to run.

Q1
PAM 4.1.7's ‘PAM Client’ Default Value is 2048, which exceeds the maximum value (1200).
“PAM Client” in ‘PAM 4.1.3’ or later was changed to 64-bit Application, so I assume it was changed to 2048 at that time, but the maximum value is also 1200 in the 4.2 manual.
Has the maximum value of “PAM Client” been increased since “PAM 4.1.3”?
 
Q2
Regarding the maximum value of “PAM Client” in “PAM 4.1.0”, the maximum value that can be set in “PAM Client” is 1460.
I have confirmed that “PAM Client” starts up at 1477 after rewriting the configuration file in my environment,
Is this maximum value an environment-dependent number, or is the maximum value that can be guaranteed 1200?

Best Regards,
MARUBUN Support,

Ralf Prigl's profile image
Broadcom Employee Ralf Prigl  Best Answer

Hello, Yes, the documented limit applies to the old 32-bit PAM client only. We will contact the PAM documentation team to get this updated for the latest PAM releases. The maximum value that works indeed is environment dependent. 1200 was the highest number that was confirmed to work for all PAM users.

Update on Oct 21, 2024: The documentation pages for 4.1.7, 4.1.8 and 4.2 have been updated to reflect the new default setting of 2048. Generally only the last 2-3 documentation releases get updated with minor corrections.

MARUBUN SUPPORT's profile image
MARUBUN SUPPORT

Hi  Ralf,

I have a follow-up question about the maximum memory size of the PAM Client.
 
When I set the maximum memory size to 1-127, the PAM Client did not run.
However, when I set it to 0, the PAM Client ran.
Do you have any information on this behavior?

Best Regards,
MARUBUN Support,

Ralf Prigl's profile image
Broadcom Employee Ralf Prigl

Obviously, if there is not enough memory available to load the application, it cannot run. And a setting of 0 is the same as not using the configuration parameter, it will make the JVM use a default setting.

MARUBUN SUPPORT's profile image
MARUBUN SUPPORT
Hi  Ralf,

Thanks for the answer.
 
 
When we set the maximum memory size in the PAM Client GUI for both the 32-bit and 64-bit versions, the lower limit is 256 and it cannot be set below that value. The upper limit is 1460 and it cannot be set above that value.
What is the recommended lower limit for the maximum memory size of the 32-bit version of PAM Client?
Also, in the case of the 64-bit version, the initial value is 2048, and it is possible to rewrite it in the GUI within the range of 256-1460, but it cannot be changed to any other value, including the default value of 2048.
The modified manual says that if it no longer starts, it should be reset to the default value, but what is the range of this maximum memory size (upper and lower limits)?
 
I'm not sure if there is any information on this, but is the maximum memory size of the PAM client the size of the heap area set in the Java VM?

Best Regards,
MARUBUN Support,

Ralf Prigl's profile image
Broadcom Employee Ralf Prigl

Yes, this parameter sets the maximum Java heap size. There is no such thing as a "recommended lower limit" for this parameter. The default, and therefore recommended, values are 1024 for 32-bit clients and 2048 for 64-bit clients. The value can be changed by editing the settings.properties file, as pointed out in documentation. The fact that the PAM Client Settings GUI (launched with gear icon on the bottom left) has not been adjusted for 64-bit clients is a bug. If that bothers you, I suggest you open a case with PAM Support to get it fixed.