Symantec Privileged Access Management

  • Private Community
 View Only

 Migration of PAM execution environment

Jump to  Best Answer
MARUBUN SUPPORT's profile image
MARUBUN SUPPORT posted Nov 28, 2024 04:58 AM
Hi Team,
A customer had a question.
----
[Product]
CA Privileged Access Manager
[Question]
We are planning to replace the virtual infrastructure and are considering migrating the CA-PAM virtual appliance to the new environment as is.
If we migrate the CA-PAM virtual appliance from the old environment to the new environment,
please let us know the points to consider, such as possible problems and settings that need to be addressed after the migration.
----
I understand that the IP address of the virtual environment will change, but is there anything in particular I need to be careful of when using PAM when migrating the environment?
Thanks,
Ralf Prigl's profile image
Broadcom Employee Ralf Prigl posted Nov 28, 2024 11:46 AM  Best Answer

Hello, If this is a standalone PAM appliance there is no PAM-internal problem. It's all about the configurations you have implemented. Authentication methods like SAML, Radius or RSA may be affected if the client's (in this case PAM is the client) IP address changes. Servers configured in PAM, such as DNS servers, time servers, session recording share servers, may need to be changed. Firewall rules may need to change so that target devices can be accessed from the new PAM server, and users can access PAM in the new environment. Our recommendation would be to stand up the VM in the new environment while the old one is running still, and cluster the new VM as a secondary site with the old one. Once the new VM is confirmed to work correctly, you can stop the cluster, remove the old appliance and decommission it.