Is it possible to add additional NIC cards to a virtual CA PAM appliance?

Document ID : KB000046480
Last Modified Date : 10/09/2018
Show Technical Document Details
Introduction:
CA PAM can handle multiple NIC cards. However, when the virtual appliance is first deployed it only has one NIC card attached. It is best practice to edit you newly deployed CA PAM appliance to add any additional NIC cards BEFORE starting the VM for the first time. When the VM is first started the MAC address of each NIC card is used as part of the creation of a hardware ID. Any changes made after this are considered tampering and the appliance will no longer be accessible, usually with these symptoms: the VM console will show that it booted and the appliance will respond to pings, but the webpage will not be accessible.
Question:

Is it possible to add additional NIC cards to a virtual CA PAM appliance?

Environment:
CA PAM 2.x

Note: In PAM 3.x it is now possible to add NIC cards after initial deployment without problems, however it is still highly recommended to add them before starting the first time.
Answer:

Yes, however the process will be different depending on whether or not the appliance has ever been booted. Please see the following scenarios for more detailed answers.

Scenario 1) The appliance is brand new and has NEVER been booted:
New NIC card(s) can be added in the settings of the VM. (BEFORE you start up the VM for the first time.)


Scenario 2) The appliance HAS already been booted & is currently running properly:
Since the appliance has already been booted you will need the assistance of support in order to properly add a new NIC card. Please open a support ticket to request help with this. (NEVER attempt to add a NIC card on your own after the appliance has already been booted!)

Here are the basic steps that will need to be taken with support:
0- Prepare by taking a DB & Config backup.
1- Install SSH debug patch
2- Access the appliance via SSH & clear the current hardware ID
3- Shut down the appliance
4- Add the NIC card(s)
5- Start the appliance
6- After starting the appliance a new license will need to be requested because the appliance will have a new hardware ID. The old license will no longer be valid and CA PAM may be unusable until a new license is added.


Scenario 3) The appliance HAS already been booted & a new NIC card has already been added:

If the NIC was added while CA PAM was running & the appliance was NOT rebooted after (& the main webpage and/or config page is still accessible):

Leave the appliance running as it is, DO NOT REBOOT! It MAY be possible to recover from this situation. Contact support to attempt the fix mentioned in Situation 2.

• If the main webpage and/or config page are NOT accessible & the SSH Debug patch IS already installed from a previous support case:

It MAY be possible to recover from this situation. Contact support to attempt the fix mentioned in Situation 2.

• If the main webpage and/or config page are NOT accessible & the SSH Debug patch IS NOT already installed:

It will be impossible to recover this VM. A new VM will need to be deployed, licensed and have the information restored from DB & Configurations backups.


If all above has not worked and your newly added NIC is not recognized, please open a support ticket and request for "PAM_RESET_NETWORKING.p.bin" Patch.
PAM Cluster must be turned off first and PAM server need to be patched individually.
After the Patch has been applied, PAM server must be rebooted.
The patch will delete network related configuration files and they will be re-created after reboot and all NIC will be recognized.

Additional Information:

Please note that SSH Debug is only meant for use by engineering & support. We cannot provide customers with SSH access to the appliance.

Note: When setting up NIC cards you should always use a static MAC address & this MAC address should NEVER be changed.