Changing the PAM Database

Switching PAM’s back-end database from one to another is a relatively straight forward process. For example, you originally deployed your PAM instance using the Internal Database option and now wish to use MS SQL.

The following article describes this process.

 

  1. Navigate to $PAM_HOME/web/conf and make a copy of the file catalina.properties. Save this to a location outside of $PAM_HOME and if something goes wrong, you can simply replace this file, restart the service and you will be back to the original database (assuming it still exists).
  2. Create an on-demand Export of PAM (Administration > Settings > Database > Export Encrypted).
  3. Manually create the new database in your chosen database. The database name should be PamDB (case sensitive) and the database account should have full control, owner or ALL privileges.
  4. Next we will run an PAM command to switch it from your current database to this new one. Execute the command from $PAM_HOME, replacing the value in green to your new database vendor and the values in red with your new database parameters: databasedb.server db.user db.password. The supported database vendors are:
  5.  

    Database Vendors

    • MSSQL
    • MySql
    • Oracle
    • PostgreSQL
    • Derby

     

    For Windows:

    Copy
    bin\PamDirectory.cmd DBConnect web database db.server db.user db.password

     

    For Unix or Linux:

    Copy
    bin/PamDirectory.sh DBConnect web database db.server db.user db.password

     

    For example, if your PAM instance is deployed to a Windows server and you are switching the back-end database to MS SQL, your command would look similar to this:

    Copy
    bin\PamDirectory.cmd DBConnect web MSSQL 10.0.0.152 sa 6QP8psY93PWVe3Dr

     

    Or if you do not want to include the password in the command, you can simply replace it with a dash character and after it is executed, you will be prompted to enter the required password.

    Note if your password includes special characters, we would recommend this approach to minimize potential errors.

    Copy
    bin\PamDirectory.cmd DBConnect web MSSQL 10.0.0.152 sa -

     

  6. After the command is run successfully, restart the PamManagement (Windows) or pammanager (Linux) service.
  7. When the service restarts, open your browser and login to PAM. You should see the Database Initialization screen, click the Initialize button to setup PAM’s new database.
  8. After it initializes your new database, navigate to Administration > Settings > Database and click the Import button for the export you created in step 2.
  9. Once the import is complete (may take several minutes), test the import by clicking around the Vault to make sure everything is running as expected (folders, permissions, unlock, etc.)

If anything goes wrong during the procedure, you can revert the process by replacing the catalina.properties file that was saved in step 1, restarting the service again and PAM will return to your original database. Do not delete this original PAM database until you are absolutely sure the entire process has completed successfully.