End of Year Sale. Upto 25% off on miniOrange Solutions - IAM | PAM | CIAM.
  Login  
Hello there!

Need Help? We are right here!

Support Icon
miniOrange Email Support
success

Thanks for your Enquiry. Our team will soon reach out to you.

If you don't hear from us within 24 hours, please feel free to send a follow-up email to info@xecurify.com

Search Results:

×

miniOrange PAM Solution for High Availability (HA) in DC and DR Environments

miniOrange's Privileged Access Management (PAM) solution provides a robust, scalable, and highly available architecture for managing privileged accounts, passwords, and access controls. It is designed to ensure that organizations can maintain uninterrupted access to critical systems, even in the face of server failures, outages, or network issues. miniOrange PAM supports various high availability (HA) setups, including Active-Active, Active-Passive, and Disaster Recovery (DR) configurations, ensuring seamless access management across both Data Center (DC) and DR environments.

This document outlines the high availability architecture for both the primary (DC) and secondary (DR) sites, as well as the availability and resiliency of the miniOrange PAM database, Password Vault, and the break-glass scenario.


Key Features of miniOrange PAM HA Solution

Active-Active and Active-Passive Configurations:

  • Active-Active Setup: In this configuration, both the primary and secondary sites are actively handling traffic, ensuring load balancing and fault tolerance. If one site experiences failure, the other site continues to provide services without any downtime.
  • Active-Passive Setup: Here, one site (the primary site) actively handles all requests, while the secondary site (the passive site) remains in a standby mode. If the primary site fails, the passive site becomes active, ensuring no disruption in service.

High Availability for PAM Database and Password Vault:

  • The miniOrange PAM solution ensures high availability for its core components, including the PAM Database and Password Vault.
  • PAM Database: The PAM database stores crucial data such as user permissions, access policies, audit logs, and account details. miniOrange ensures that this database is replicated in real-time to the secondary (DR) site, allowing the backup to take over if the primary database becomes unavailable.
  • Password Vault: The Password Vault, which stores encrypted passwords for privileged accounts, is also replicated across both primary and secondary sites. This ensures that users can access their passwords even if the primary vault is down.
  • Automatic Failover: In case of failure of the primary site (either DC or DR), the system automatically fails over to the secondary site. The failover mechanism ensures that no manual intervention is required, and the failover process is seamless, with minimal downtime.

Resiliency in Both DC and DR Environments:

  • miniOrange supports both Data Center (DC) and Disaster Recovery (DR) environments for high availability.
  • The DC is typically where the primary operations occur, and the DR is the backup site that ensures business continuity in case of a catastrophic failure.
  • In a DC-DR Setup, the DR site is designed to be an exact replica of the DC site and can take over in the event of a failure at the DC. This configuration ensures that both the PAM system and the associated Password Vault are fully operational at all times, with the DR site providing backup in case of failure.
  • The automatic synchronization between the DC and DR sites ensures that all data, including user credentials and audit logs, is up-to-date on both sites.

Break-Glass Scenario:

  • In the event of a disaster or if the administrative credentials for the PAM system are unavailable (e.g., due to a misconfiguration or corruption), the Break-Glass scenario provides emergency access to the system.
  • The Break-Glass mechanism is designed to allow predefined, privileged users (e.g., system administrators or emergency response personnel) to access the PAM system during critical situations, when normal access methods are not working. This access is typically granted through a highly secure and auditable process, ensuring that no unauthorized actions are taken.

Emergency Access Procedure: The Break-Glass procedure involves:

  • Logging into the system using emergency credentials (either through a manual process or predefined credentials stored in a separate location).
  • Accessing critical systems (such as the PAM database or the Password Vault) to restore normal operations.
  • Reverting to normal operational status once the issue is resolved and access to the PAM system has been restored.

High Availability Architecture

Architecture of Threat Detection Feature

Primary Site (DC)

  • The primary site (DC) hosts the main PAM infrastructure, including the web interface, database, and the Password Vault.
  • A load balancer sits in front of the DC to distribute traffic evenly across the available application servers.
  • The database is replicated in real-time to the secondary DR site, ensuring data integrity across both sites.

Secondary Site (DR)

  • The DR site functions as a backup, housing a replica of the primary PAM environment. The DR site contains all the necessary components for the PAM system to operate, including the database and Password Vault.
  • In case of a failure at the primary site, the DR site takes over, providing uninterrupted access to privileged accounts and passwords.

Synchronization Between Sites

  • Real-time replication ensures that data between the DC and DR sites is constantly updated. Any changes in the primary site are immediately reflected in the secondary site to ensure that there is no data inconsistency in the event of a failover.
  • The system can be configured to either synchronize all data (for full availability) or replicate critical data (for minimal failover support) depending on organizational needs.

Failover Mechanism

  • Automatic Failover: When a failure is detected at the primary site, the system automatically switches to the secondary site without requiring any manual intervention.
  • Health Checks: Continuous health monitoring of the DC and DR sites ensures that issues are detected early, and failover is triggered before a service disruption occurs.

Conclusion

miniOrange PAM offers a resilient and highly available solution for managing privileged access across both Data Center (DC) and Disaster Recovery (DR) environments. With support for Active-Active and Active-Passive configurations, high availability for both the PAM database and Password Vault, and a comprehensive Break-Glass emergency access scenario, miniOrange ensures that your privileged access management system remains operational, even in the most critical situations.

The seamless integration of DC and DR sites, along with automatic failover and synchronization, guarantees business continuity and minimizes downtime. Organizations can be confident that their privileged access management infrastructure will continue to function smoothly, regardless of unforeseen disruptions.

Want To Schedule A Demo?

Request a Demo
  



Our Other Identity & Access Management Products

Single Sign-On

Seamless login for workforce and customer identity to cloud or on-premise apps

Learn more

Multi-factor Authentication

Secure access for identities with an additional layer of authentication

Learn more

Adaptive Authentication

Block or grant user access based on IP, Device, Time & Location

Learn more

Lifecycle Management

Manage & automate user provisioning and deprovisioning to apps

Learn More