PAM High Availability (HA) Installation Scenarios

This section looks at HA Pair installation scenarios:

• Introduction

• Installation Scenarios

Introduction

Here we describe and illustrate installation scenarios of how organisations may implement different configurations of a PAM HA Pair. This will help you to plan your implementation based on the needs of your organisation.

Installation scenarios

• Scenario A: HA Pair in same subnet

  In this installation both HA PAM Servers reside on the same subnet with a floating IP used for user connections.

• Scenario B: HA Pair in different subnets

  In this installation both HA PAM Servers reside on different subnets. A floating IP cannot be used.

• Scenario C: HA Pair in different Subnets and using a load balancer

  In this installation both HA PAM Servers reside on different subnets and a load balancer is used to direct user connections to the active server. A floating IP cannot be used.

• Scenario D: HA Pair using PAM UI Servers in different subnets and using a load balancer

  In this installation both HA PAM Servers and PAM UI Servers reside on different subnets.

Scenario A: HA Pair in same subnet

Installation summary:

• Stretched VLAN either in the same or different data centres
• HA Pair (IP address: A, B) and floating IP (C) are all on the same subnet
• Primary server is active
• Secondary server is on standby
• Floating IP used by user to log on
• Manual failure is required by running the ha-failover command on the Management Interface of the Secondary server
• IP address does not change during failure as a floating IP is being used

Scenario B: HA Pair in different subnets

Installation summary:

• Separate VLANS either in the same or different data centres
• HA Pair (IP address: A, B) are on separate subnets
• Floating IP cannot be used
• Primary server is active
• Secondary server is on standby
• PAM User logs onto the active server
• Manual failure is required by running the ha-failover command on the Management Interface of the Secondary server
• After failover, users need to switch over to the IP of the Secondary server (B)

Scenario C: HA Pair in different subnets and using a load balancer

Installation summary:

• Separate VLANS either in the same or different data centres
• HA Pair (IP address: A, B) are in separate subnets
• Floating IP cannot be used
• Primary server is active
• Secondary server is on standby
• Manual failure is required by running the ha-failover command on the Management Interface of the Secondary server
• The load balancer (C) monitors through an API and directs user traffic to the active server. For information on how to configure a load balancer in front of a PAM HA Pair click here
• PAM User uses a virtual IP address configured on the load balancer (C) to log on
• IP address does not change during failure as a virtual IP is used

Scenario D: HA Pair using PAM UI Servers in different subnets and using a load balancer

Installation summary:

• Separate VLANS either in the same or different data centres
• HA Pair (IP address: A, B) and PAM UI Server (IP address: X, Y) either in the same or different data centres
• Primary server is active
• Secondary server is on standby
• Manual failure is required by running the ha-failover command on the Management Interface of the Secondary server
• Host file configured on the PAM UI Servers (IP address: X, Y) to include floating IP or HA Pair (A, B) IP addresses to connect to the active server
• PAM User uses a virtual IP address configured on the load balancer (C) to log on
• IP address does not change during failure as a virtual IP is used