PAM Centralized Deployment Manager
The PAM Centralized Deployment Manager (CDM) is an Ansible-based toolset to help automate PAM deployment and configuration tasks.
Supported Scope of Operations
Tasks that the PAM Centralized Deployment Manager can perform:
| Deploy PAM Master Nodes | A PAM master node is a PAM node with the Management Console service installed. The PAM CDM supports both single-master and multi-master PAM farms. All PAM master nodes deployed with the PAM CDM will also have the Session Manager and Job Engine services installed. |
| Deploy PAM Remote Nodes | A PAM remote node is a PAM node with the Session Manager and/or Job Engine services installed, but not the Management Console service. The PAM CDM supports any number of remote nodes in a PAM farm. |
| Deploy PostgreSQL Database | Can install PostgreSQL database and configure it for use with the PAM farm being deployed. PAM CDM also supports external database integration which is the recommended configuration for production PAM farms. |
| Deploy Apache Load Balancer | Can install Apache web server and configure it as a load balancer for the PAM farm being deployed. PAM CDM also supports integration with an external load balancer which is the recommended configuration for production PAM farms. |
| Add Nodes to an Existing PAM Farm | With some restrictions, PAM CDM can deploy new PAM master and/or remote nodes and integrate them into a PAM farm that was previously deployed with the PAM CDM. |
| Update PAM Components | Includes tools to help update the PAM framework, web, or session components on existing PAM installations. This is currently considered an experimental feature. |
System Requirements
The PAM CDM operates on a set of hosts, which are typically VMs but could be physical servers. The required VM count depends on the complexity of the PAM farm.
The basic requirement is that PAM CDM must be able to connect to the VM over SSH with a user that has sudo privileges.
NOTE: Do not install PAM using a root account. This is not recommended nor best practices for installing or configuring any software in a Unix environment. The recommendation is to create a new user and give it su or sudo (or add to the sudo group) privileges to perform the installation of PAM Centralized Deployment Manager (CDM).
Operating System Requirements
| Single Ansible controller VM, Test or Quick Trial *minimum | Medium Use Deployment Production Farm *recommended | |
| Unix O/S (64-bit only) | Ubuntu 22.04, Alma 9 | Ubuntu 22.04, Alma 9 |
| Database | CDM-Managed PostgreSQL or External PostgreSQL, MSSQL, MySQL, or Oracle | CDM-Managed PostgreSQL or External PostgreSQL, MSSQL, MySQL, or Oracle |
| VM size | 2 VCPUs | 4 VCPUs |
| Memory (reserved for use) | 8 GB+ | 16 GB+ |
| Disk Space (reserved for use) | 40 GB+ | 80 GB+ |
| Ports in use | Ports 6443, 5432 are allowed. Follow PAM Ports for details. | Ports 6443, 5432 are allowed. Follow PAM Ports for details. |
Windows installation for PAM using the CDM tool is not supported.
Detailed Host VM requirements are available in the PAM CDM documentation package.
Please contact us https://support.imprivata.com/ to discuss the architecture and system recommendations for large scale farm deployments.
Getting Started
Follow the documentation to get started with your PAM Centralized Deployment Manager deployment:
PAM CDM documentation: https://bin.xtontech.com/cdm/README.html
PAM CDM package: https://bin.xtontech.com/cdm/pam-cdm.tgz
PAM CDM checksum: https://bin.xtontech.com/cdm/pam-cdm.tgz.sha256
Please contact us https://support.imprivata.com/ if you have any question about the PAM Centralized Deployment Manager (CDM).
