Application Scaling in PAM360 using PostgreSQL Server

Considering the continually growing user base, an organization should have continuous and uninterrupted access to the database to provide sustainable service. In general, application scaling is the process of improving an application's ability to handle huge loads and operations without disrupting its performance and user experience.

In PAM360, implementing Application Scaling via the external PostgreSQL database cluster aims at providing uninterrupted access to the resources and accounts, thereby enhancing the application scalability and overall performance. The model operates with one main node and several subnodes connected by a single PostgreSQL database cluster.

At the end of this document, you will have learned the following topics related to Application Scaling:

  1. Prerequisites
  2. Configuring the Application Nodes (Main-Node and Subnode)
  3. Changing a Subnode into a Main-Node
  4. Node-Based Operations Performed from PAM360 Web Interface
  5. Node-Based Audit Trails

1. Prerequisites

The PAM360 main node and all its sub-nodes should point to the same PostgreSQL database cluster, although they do not need to be connected individually. However, the main node, i.e., the machine that will perform the operations, is required to satisfy any of any of the following conditions:

  1. If PAM360's agentless password management capability is enabled, the main-node and the target endpoints should reside in the same subnet.
    2. (or)
  2. The main-node and the target end-points must be capable of communicating with one another when residing in different networks, i.e., they should not be blocked by a firewall or situated outside the range of connectivity, such as demilitarized zone.

The Architecture Diagram Depicting Application Scalability in PAM360

application-scaling

Notes:
1. You can change any configured subnode into a main-node until it has adequate connectivity to other machines and can carry out the scheduled operations without interruption.
2. You can create up to four subnodes in this application scaling model.

2. Configuring the Application Nodes (Main-Node and Subnode)

To configure the main-node pointing to the database cluster, do the steps that follow:

  1. Install the PAM360 application in the server that you want as the main-node.

    2. Notes:
    1. During the installation process, select the configuration server as the 'High Availability Primary Server'.
    2. Post the installation, do not start the PAM360 service.

  2. Configure the PostgreSQL database cluster as the backend database. Now, the PAM360 application installed in the main-node will work using the standalone PostgreSQL database cluster.
  3. Restart the PAM360 application post the external database configuration.

To configure a subnode pointing to the same database cluster, do the steps that follow:

  1. Install the PAM360 application in the server that you want as the subnode.
  2. Download the root CA certificate of the PostgreSQL database cluster. If you are unaware of creating an SSL for the PostgreSQL database, refer to this section to generate the required SSL certificates and validate the SSL connection.
  3. Import the root CA certificate of the PostgreSQL database cluster into the PAM360 application installed in the subnode.
  4. Open the command prompt and navigate to the <PAM360_Primary_Installation_Folder>/bin directory in the main node.
  5. Execute the AppScalingSetup file that follow based on your Operating System:
    1. For Windows, execute the command AppScalingSetup.bat
    2. For Linux - execute the command AppScalingSetup.sh
  6. Navigate to <PAM360 installation directory>\ApplicationScaling and copy the file named ApplicationScalingPack.zip.
  7. Now, navigate to the required subnode and paste the file into the conf folder present in the PAM360 installation directory.
  8. Unzip the ApplicationScalingPack.zip in the conf folder of the subnode.
  9. Copy the pam360_key.key file from the main-node and paste it into any directory of the subnodes. Now, update the full path of the pam360_key.key file in the <PAM360-Home>\conf\manage_key.conf file in the subnode. If the key is stored in a remote directory, supply the full path of the remote location in the manage_key.conf file.
  10. Edit the file named system_properties.conf present in the path <PAM360 installation directory>\conf\ in the subnodes using Wordpad with administrator rights. Add the line ignore.scheduler=true at the end of the file and save it.
  11. Navigate to <PostgreSQL_Installation_folder>pgsql_installation\data and open the file pg_hba.conf:
    1. Add an entry at the end with the IP address of the configured subnode.
      E.g., host all <user name> <ip address>/32 md5
  12. Navigate to <PostgreSQL_Installation_folder>pgsql_installation\data and open the file postgresql.conf:
    1. Search for listen_addresses and provide the IP address of the configured subnode in a comma-separated manner.
  13. Restart the PostgreSQL server.

    14. Note: Repeat the procedure for all the required subnodes.

  14. Now, start the PAM360 service in all the subnodes. As a result of the previous steps, all the subnodes will start using the same PostgreSQL cluster as the backend database.
  15. The default URL of the subnodes will look like https://subnode_servername:8282. To apply your license file in all the subnodes, open the URL of all the subnodes in a web browser and log in. Click the profile icon in the top right corner and click the License option. Here, add your license XML file and upgrade.
  16. Navigate to Admin >> Configuration >> PAM360 Server to update your SSL certificate in all your subnodes.
  17. Restart the PAM360 service in all the subnodes.

Now all the subnodes will start with the relevant SSL certificate and use the same PostgreSQL cluster as the backend database.

Once the main-node and subnodes are configured, navigate to Admin >> Configuration >> Application Scaling to view and manage them from the PAM360 GUI.

pgsql-appscaling-1

3. Changing a Subnode into a Main-Node

Follow the below steps to change any of the configured subnode in the PostgreSQL database cluster into a main-node. This change can be done at any point in time from any of the available PAM360 application servers.

  1. Keep the PostgreSQL database cluster running.
  2. Stop all the PAM360 applications in the servers, including the main-node.
  3. Open a command prompt and execute the following commands from any of the PAM360 application servers:

    4. For Windows:
    <PAM360_installation_directory>\bin\makePrimary.bat

    For Linux:
    <PAM360_installation_directory>/bin/sh makePrimary.sh

  4. Executing the above commands will show the main-node and the list of available subnode servers. Choose any PAM360 application server from the drop-down and click Save.
  5. Restart all the application servers that stopped earlier.
  6. Now, the selected subnode server will start performing as the main-node.

4. Node-Based Operations Performed from PAM360 Web Interface

Note: Only the administrators and users with custom roles having the 'Application Scaling' permission can enable, disable, rename, delete, and restore the subnode(s), from the server that act as a main-node.

a. Enable/Disable a Subnode

  1. Navigate to 'Admin >> Configuration >> Application Scaling'.
  2. From the Application Scaling dashboard, click the toggle button beside the desired subnode to enable or disable it.

b. Rename a Node

  1. Navigate to 'Admin >> Configuration >> Application Scaling'.
  2. From the Application Scaling dashboard, click the edit icon beside the Host Name of the desired node.
  3. In the pop-up that opens, update the server name and click Confirm.
  4. Now, you have successfully renamed the node.

c. Delete and Restore a Subnode

Navigate to 'Admin >> Configuration >> Application Scaling'.

To Delete a Subnode:

  1. First, disable the subnode using the toggle button.
  2. Click the Delete icon on the top right corner of the subnode. In the pop-up that opens, click Confirm.
  3. You have successfully deleted the subnode.

    4. Note: Deleting the subnode will only hide the node from the Application Scaling dashboard and will not remove the entry from the database cluster. Delete the physical server and any server-specific configurations to remove the server from PAM360 entirely.

To Restore a Subnode:

  1. Click the Restore Deleted Nodes icon in the Application Scaling dashboard.
  2. Now, select the desired subnode(s) and click Restore.
  3. You have successfully restored the selected subnode(s).

    4. Note: The subnode(s) cannot be restored if the node(s) is(are) removed from the database cluster and the application server(s).

5. Node-Based Audit Trails

By default, PAM360 comprises Resource, User, and Task-based audit categories. Once configured and Application Scaling is enabled, the product additionally shows node-based audits in each category with the main-node and available subnode(s) in separate columns. This assists you with the complete audit trails under Resource Audit and User Audit.

To know more about Audits, click here.
Top