How do I set up a private CA Delivery Network for PAM Client distribution

Document ID : KB000009786
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

The purpose of this document is to assist you in setting up a private CA Delivery Network(CDN), for the distribution of the CA PAM Client, when you don't wish to go to the internet, or have deployed CA PAM in a closed network.

 

Instructions:

Under normal circumstances CA PAM goes to the internet when deploying the CA PAM Client.  Specifically, files are retrieved from an AWS Service called Cloudfront, which is used to distribute binaries.  You can go to https://d21oi5tjuccwe.cloudfront.net to see what is available.  This includes the installers for the various platforms we support, the different versions of CA PAM for which it is available, and the Java runtime executables.  The url will open into XML code, but you can easily identify this information by locating the KEY tags.  Here are a few:

ca-pam/install/linux64/CAPAMClientInstall_V2.8.0.bin

ca-pam/install/linux86/CAPAMClientInstall_V2.5.0.bin

ca-pam/install/mac/CAPAMClientInstall_V2.6.2.zip

ca-pam/install/win/CAPAMClientInstall_V2.5.0.exe

ca-pam/module/linux64/runtime-1.8.0_74.zip

 

In order to set up your private CDN you must do two things.  The first is to build your depository.  You just need to match the directory structure at the location used by CA PAM.  You can see that structure at this url:  https://docops.ca.com/ca-privileged-access-manager/2-8/EN/implementing/accessing-your-appliance-server/ca-pam-client-for-alternate-appliance-access#CAPAMClientforAlternateApplianceAccess-ServeCAPAMClientInstallers.  You will have to download, or otherwise obtain, the various binaries and place them into the correct folders in your CDN.  Once this is done you will have to configure CA PAM to point to your private CDN.  You can see this in the screen capture below.

CDNsetup.png

At this point, CA PAM is ready to deliver the installers and Java runtime executables from the private CDN.  Your users just need to select the client they wish to download from the login page, assuming that you've enabled the Download Button, as above.  This does not allow for an admin to push out the Client to their users.  That would require a separate process, which might depend on your organization's environment.