Skip to content

PAM Server Installation and Upgrade Guide

This document provides instructions on how to install, setup, configure and upgrade the PAM Server as a standalone or clustered environment.

Overview

From release version 7.0.0 of Osirium PAM you will be able to deploy the PAM Server to either function as a standalone server or deploy and configure a group of servers to work together as a cluster.

The method for deploying and configuring a standalone server has not changed but will include the clustering components should you wish to use the clustering feature in the future. The installation instructions for a standalone deployment can be found here.

To cluster your environment you will need more than one PAM Server. We recommend that you have a minimum of three servers in your cluster to allow for redundancy. The first server deployed, although at this stage it is just a standalone server, will be identified as the cluster leader node. This is because the first server created will be responsible for generating the cluster joining bundles which will allow all subsequent servers to join the cluster you are creating. These subsequent servers joining the cluster will be known as follower nodes.

Prerequisites

Before starting your deployment take note of the following prerequisites.

Prerequisite Description
Hardware & Software Ensure the correct resources are available before deploying. The following outlines the hardware and software requirements.

Prerequisites
Licencing A valid license file will be required during the finalise setup step. If you don't have a license file contact Osirium.
Ports Ensure TCP ports 443 and 9002 are open as they are required for the UI and client-side.

TCP 2380 (etcd, i.e. key-value store), 2390 (cluster setup API), 2391 (cluster delegation API), 5432 (postgres, i.e. database)

For a full list of ports used by the server click here .

Software packages and downloads The software installation package is supplied in Open Virtual Appliance (OVA) and Virtual hard disk (VHD) formats, ready for deployment into your existing virtual infrastructure.

To download the latest software, click here.

To cluster your servers you must use release version 7.0.0 or above.

NOTE: SHA256 checksum is available to verify the integrity of the download.

Master Encryption Key
(Follower only)
Ensure you have the Master Encryption Key (MEK) of the current PAM Server leader node.
Cluster joining bundle
(Follower only)
Ensure you have the cluster joining bundle of the current PAM Server leader node.

Additional Prerequisites for clustering

Prerequisite Description
Node identifiers Nodes are identified by their address which can either be a fully qualified domain name (FQDN) (i.e. clusterleader.companyABC.net) or an IP Address.

Cluster nodes communicate with each other using their assigned address, therefore the address must be unique to allow a node to resolve the address of other nodes.

Network time protocol (NTP) Recommended to ensure the clocks are synchronised across all nodes for certificate times.

Supporting documentation

Further information relating to Osirium PAM can be found here.