How to distribute PAM Client from intranet instead of cloud

Document ID : KB000072274
Last Modified Date : 28/02/2018
Show Technical Document Details
Introduction:
Following error occurred when trying to upgrade PAM using PAM Client. "Error occurred during the update. Reason: Failed loading module files for Module https://d21oi5tjuccwe.cloudfront.net/ca-pam/module/win/runtime-1.8.0_144.zip"
Background:
Many customers use a Jump Server to run PAM Client and this server may not have internet access.
When PAM Client connects to PAM Server and if their version is different then the PAM Client will be told to either goto the cloud to download(by default) or the configured local distribution server.
If local distribution is not configured and if the Jump Server do not have internet access, then it will fail to download necessary files from the cloud and throw error.
Environment:
Any version of PAM.
Instructions:
When the PAM Client does not have internet access, you will fail to download necessary files to update the PAM Client.
In that case, you can configure a local web server to host the files instead.

Please follow the instructions outlined in the following link.
https://communities.ca.com/people/SungHoon_Kim/blog/2018/02/28/how-to-setup-local-web-server-to-host-pam-client-and-java-runtime-files-in-intranet

1. You will need to have a local web server with https enabled.
2. You should not enable any authentication, allow anonymous access so the PAM Client can download files.
3. Then you will have to create folder structure as seen in the XML file when you visit https://d21oi5tjuccwe.cloudfront.net/
4. Download the files from the cloud and place the files exactly as in the XML file at your local web server.
5. Logon to PAM and at the Global Settings/Client Settings/Distribution Mode, select Intranet and enter the FQHN of the local web server.
6. Logout from PAM Client, close it

Now, if the PAM Client version and PAM Server version do not match, the necessary files will now be downloaded from the local web server instead.





 
Additional Information:
https://docops.ca.com/ca-privileged-access-manager/2-7/EN/deploying/deploy-the-ca-pam-client
https://communities.ca.com/docs/DOC-231175707-tech-tip-how-to-download-the-pam-client-installer-files