What is most valuable?
With CA PAM, it's mainly the vaulting of credentials that we're looking for, and then after that, probably the bastion functionality where we force all of our administrators through that to get to the servers. We'll also do session recording of both RDP and the SSH sessions through it.
How has it helped my organization?
It definitely helps with security. It also helps with how we audit which credentials are being used. When somebody actually logs in to CA PAM, they have to go in through second factor authentication. Once they're logged in, whatever credentials they check out, we get to see that and our auditors get to see that. It helps out in that way.
What needs improvement?
A better discovery interface of accounts.
It does do discovery of accounts for Windows servers, and you could do UNIX servers as well, but it's kind of clunky how it does it.
What do I think about the stability of the solution?
It's a very stable solution, but we also built it to be highly available and redundant as well. We built it out where we have four appliances in one single cluster across two data centers.
What do I think about the scalability of the solution?
It's pretty scalable from what we can see. We have four appliances in a single cluster across two data centers, and we can actually even grow that if we wanted to.
How are customer service and technical support?
I haven't had to call in any cases yet, but we've been working with the CA services team to help us implement the solution. They've been really really good.
Which solution did I use previously and why did I switch?
Over time security has been becoming more prevalent, mainly because of the number of attacks out there. We found that just by looking at our whole portfolio of solutions that we already had in place, there were definitely some small gaps and areas that we needed to fill. PAM was one of the solutions that we found to help us with vaulting credentials, rapidly changing credentials.
Beforehand, for administrators to change certain credentials, they would have to go in and there would be change control processes that they had to go through. The vaulting automates a lot of that for us.
How was the initial setup?
When we set up CA PAM, it's a OVA. It's an appliance, a virtual appliance, that we just needed to throw in VMware, spin it up, and there it is. From there it was just connecting in other things like our storage, our time server, and whatever else. Very very simple to set up.
Which other solutions did I evaluate?
For us, we mainly wanted a solution that worked in the scenarios that we were looking for.
We've demoed numerous products. After even just watching the demos we weeded some out. Then we actually brought a few in-house that we liked, and we did proof of concepts. We found out that some products just didn't work the way we wanted them to in our environment.
The reason we chose CA PAM is it worked in the scenarios that we wanted it to, and it just worked without problems.
What other advice do I have?
Rating: I would say probably a seven or an eight. As I said, the interface is not the easiest to navigate and it doesn't really have the discovery piece or fully baked discovery. Overall, the solution works and there's just multiple ways of doing things. You don't have to use the whole GUI interface to get your stuff in. There's ways of importing our credentials and what not through Excel spreadsheets and what not. It's really easy how the import/export mechanism works.
I would definitely tell them [peers] to do an in-house proof of concept of the solution to make sure that solution works for their environment.