PAM Server Installation and Upgrade Guide
This document provides instructions on how to install, setup, configure and upgrade the PAM Server as a standalone or clustered environment.
From release version 7.0.0 of Osirium PAM you will be able to deploy the PAM Server to either function as a standalone server or deploy and configure a group of servers to work together as a cluster.
The method for deploying and configuring a standalone server has not changed but will include the clustering components should you wish to use the clustering feature in the future. The installation instructions for a standalone deployment can be found here.
To cluster your environment you will need more than one PAM Server. We recommend that you have a minimum of three servers in your cluster to allow for redundancy. The first server deployed, although at this stage it is just a standalone server, will be identified as the cluster leader node. This is because the first server created will be responsible for generating the cluster joining bundles which will allow all subsequent servers to join the cluster you are creating. These subsequent servers joining the cluster will be known as follower nodes.
Before starting your deployment take note of the following prerequisites.
|Hardware & Software||Ensure the correct resources are available before deploying. The following outlines the hardware and software requirements.
|Licencing||A valid license file will be required during the finalise setup step. If you don't have a license file contact Osirium.|
|Ports||Ensure TCP ports 443 and 9002 are open as they are required for the UI and client-side.
TCP 2380 (etcd, i.e. key-value store), 2390 (cluster setup API), 2391 (cluster delegation API), 5432 (postgres, i.e. database)
For a full list of ports used by the server click here .
|Software packages and downloads||The software installation package is supplied in Open Virtual Appliance (OVA) and Virtual hard disk (VHD) formats, ready for deployment into your existing virtual infrastructure.
To download the latest software, click here.
To cluster your servers you must use release version 7.0.0 or above.
NOTE: SHA256 checksum is available to verify the integrity of the download.
|Master Encryption Key
|Ensure you have the Master Encryption Key (MEK) of the current PAM Server leader node.|
|Cluster joining bundle
|Ensure you have the cluster joining bundle of the current PAM Server leader node.|
Additional Prerequisites for clustering
|Node identifiers||Nodes are identified by their address which can either be a fully qualified domain name (FQDN) (i.e. clusterleader.companyABC.net) or an IP Address.
Cluster nodes communicate with each other using their assigned address, therefore the address must be unique to allow a node to resolve the address of other nodes.
|Network time protocol (NTP)||Recommended to ensure the clocks are synchronised across all nodes for certificate times.|
Further information relating to Osirium PAM can be found here.