Privileged Access Management Deployment Architecture

The article discusses a typical mid-size deployment architecture of a Privileged Access Manager system.


The diagram below illustrates typical High-Availability (HA) setup of an PAM Privileged Access Management system with Disaster Recovery (DR) option.

2 nodes deployed in the “Primary Site” in a High Availability configuration with the third node as a single deployment in the “DR site”.

Data replication (outside of PAM) would be enabled for both the database as well as the file share where objects like Video Recordings are stored.

This replication could be extended to the DR site if possible.

Alternatively, use PAM export/import commands to provide data to the DR node.





The diagram also includes a depiction of additional nodes in the Primary Site (“Additional Scaling Options”).

Additional PAM nodes can quickly be setup and included in the Primary deployment even during production use of the system.

Configure these additional nodes (PAM Nodes 3+) like the first two acting to expand the HA options.


Alternatively, they could act as independent Session Manager or Job Engine nodes.

If and/or how these nodes would be deployed depends entirely on the circumstances that may arise when PAM is deployed.

Additional nodes could be used to address concerns like performance issues, increasing number of PAM users, isolated networks and others.


Read about details of High Availability configuration in the following article.