Supported Environments

This content shows platform support for
Privileged Access Manager
versions 3.3.x, 3.4, and 3.4.1.
capam341
2
At a Glance
This content shows platform support for
Privileged Access Manager
versions 3.3.x, 3.4, and 3.4.1.
Privileged Access Manager
ships as either a hardware or software-based appliance. In both cases, the operating system and database are included with the software package. We support the listed platforms for end-point Session Management, Credential Management, and ancillary agents. These agents (A2A Client, Socket Filter Agent, or
PAM
Workstation Client) are required for certain features of
Privileged Access Manager
.
PAM
Workstation Client is the primary access method to
PAM
. The only browser option is Microsoft Internet Explorer 11 as IE remains the only browser with NPAPI support. If you use IE11, Java 8u-
latest
must be installed on the desktop.
Session and Credential Management Platform Support
Operating System Platforms
v3.3.x
v3.4, 3.4.1
CentOS 7.0
CentOS 7.2
Fedora™ 23
IBM® AIX 7.2
Microsoft® Windows 2008 R2
Microsoft® Windows 2012 R2
Microsoft® Windows 7
Microsoft® Windows 8.1
Microsoft® Windows 10
Microsoft® Windows 2016
Microsoft® Windows 2019
Oracle® Solaris 10
Oracle® Solaris 11
Red Hat® Enterprise Linux 6
Red Hat® Enterprise Linux 7
SuSE® Linux Enterprise Server 11 SP3
Databases (as Target Applications)
v3.3.x
v3.4, v3.4.1
IBM® DB2 v10.5
1
Microsoft® SQL Server 2008 R2
Microsoft® SQL Server 2012 R2
Microsoft® SQL Server 2014
Microsoft® SQL Server 2016
Microsoft® SQL Server 2017
Oracle® 11g
Oracle® 12c
Oracle® 18c
Oracle® MySQL 5.7
Oracle® MySQL 8.0
1
IBM® DB2 is an OS credential. Use the UNIX connector. See product documentation.
Network Devices
2
v3.3.x
v3.4, v3.4.1
Cisco™ ASA
Cisco™ IOS
Cisco™ TACACS+ Server
Palo Alto PAN Server 6
Palo Alto Devices (Layer 3, Option C configuration)
Devices with *nix Operating Systems using SSHv2 connection
2
As Target Applications. Typically Network devices use SSH protocol for User session establishment. Use the UNIX connector. See product documentation.
Mainframe
3,4
v3.3.x
v3.4, v3.4.1
CA ACF2™ r15
CA TopSecret® r15
3
Requires CA LDAP for Mainframe System z
4
Transparent Login functionality for Mainframe not supported
Directories
v3.3.x
v3.4, v3.4.1
CA® Directory v12
Microsoft® Active Directory
5
Red Hat® Enterprise Linux 389
6
5
For any supported Windows Server
6
When installed on a supported Red Hat Enterprise Linux Server
Cloud & Virtualization Platforms
v3.3.x
v3.4, v3.4.1
Amazon Web Services™ Admin web console access
Microsoft® Office 365 Admin console access
VMware® vCenter 5.x
VMware® vCenter 6.x
VMware® NSX for vSphere
Web/Application Servers
v3.3.x
v3.4, v3.4.1
Apache Tomcat 7
Apache Tomcat 8
IBM® Websphere
Oracle® Weblogic
CA Threat Analytics (for PAM)
v3.3.x
v3.4, v3.4.1
CA Threat Analytics (for PAM) v2.0
CA Threat Analytics (for PAM) v2.2
CA Threat Analytics (for PAM) v2.3
IT Service Management Systems
v3.3.x
v3.4, v3.4.1
CA Service Desk Manager 14.1
CA Service Desk Manager 17.0
BMC Remedy 8.1
BMC Remedy 9.1
HP Service Manager 9.32
HP Service Manager 9.41
Salesforce Service Cloud (Winter 2015)
ServiceNow (Istanbul)
ServiceNow (Jakarta)
CA PAM Workstation Client
PAM
Workstation Client
The
PAM
Workstation Client enables you to log in to
Privileged Access Manager
and perform administrator and end-user activities without a customer-installed web browser and Oracle Java engine. The Client removes the required maintenance of keeping Java and browser configurations compatible with
PAM
. You can run any
PAM
connection applets and can provide a complete substitute for the traditional
PAM
GUI using the Client.
The client does not interfere in any way with traditional GUI access – both methods can be used from the same workstation. However, as of January 1, 2017, the only browser option is Microsoft Internet Explorer 11. IE is the only browser still with NPAPI support, which is required for the applets. If you use IE11, Java 8u-
latest
must be installed on the desktop. (Oracle Java 7 is end-of-life for public updates).
You can download a client version compatible with your workstation OS types and can install from a button on the
PAM
GUI login page. The embedded JRE is downloaded with the client but
PAM
-served JARs download at runtime.
PAM
Workstation Client (End-User Desktop Support)
v3.3.x
v3.4, v3.4.1
Microsoft® Windows 7, 8.1, 10
Microsoft® Windows 2012 R2, 2016
RHEL 7.3 x64
Apple macOS (Sierra)
Apple macOS (High Sierra)
Apple macOS (Mojave)
Apple macOS (Catalina)
3.3.3 and later
PAM
Access Agent
The
PAM
Access Agent is a lightweight Windows alternative to the
PAM
Client.
PAM
Agent (End-User Desktop Support)
v3.3.x
v3.4, v3.4.1
Microsoft® Windows 10 64-bit
Mobile Support for
PAM
Privileged Access Manager
offers limited support for mobile devices. The
PAM
browser user interface is optimized for password view requests and password check-in and check-out operations for mobile devices.
Mobile Device
Operating System
Browser
v3.3.x
v3.4, v3.4.1
iPhone X
iOS 11
Safari
iPhone 8
iOS 11
Safari
iPad Pro 12.9
iOS 11
Safari
iPad Pro 10.5
iOS 11
Safari
Samsung Galaxy 8
Android 7 (Nougat)
Chrome v.64.0.3282
Samsung Galaxy 7
Android 7 (Nougat)
Chrome v.64.0.3282
PAM 3.4.x supports Chrome browser on Android and Safari browser on iOS.
PAM
A2A Client
A2A integration allows administrators to provide authorization for applications to access privileged credentials for application to application transactions. An A2A client is installed on the Request server where the requesting application resides and has various security checks to maintain authorization control. Multiple programming and scripting languages can be used (see product documentation for integration details).
PAM
A2A Client
v3.3.x
v3.4, v3.4.1
AIX 6
AIX 7
Microsoft® Windows 2008 R2
Microsoft® Windows 10
Microsoft® Windows 2012 R2
Microsoft® Windows 2016
Microsoft® Windows 2019
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Solaris 10
Solaris 11
PAM
A2A languages
v3.3.x
v3.4, v3.4.1
Java
C++
C
C#
PHP
Python
JavaScript
Perl
PowerShell
Korn Shell
C Shell
PAM
Socket Filter Agent
Installed on an endpoint, the Socket Filter Agent is used to provide lateral containment (such as preventing administrators from “leap frogging” to another server).
PAM
SFA Client
v3.3.x
v3.4, v3.4.1
UNIX, Linux
AIX 6
AIX 7
Microsoft® Windows 2008 R2
Microsoft® Windows 2012 R2
Microsoft® Windows 2016
Microsoft® Windows 2019