All Hitachi ID Privileged Access Manager components, including user interface screens, reports, service programs and command-line / batch processes access the database using the same architecture:
This architecture is advantageous for several reasons:
Privileged Access Manager includes built-in data replication between servers.
Data replication between Privileged Access Manager servers occurs in real time -- all updates to one server's database are queued up and sent to other (peer) servers as well. If a peer server is unavailable, database updates are automatically retried when the server becomes available again.
All replication is performed at the application level, over an encrypted TCP/IP socket. This makes configuration of a replicated environment straightforward and eliminates the need to license and configure a replicated RDBMS server product.
Application-level replication is especially helpful for deployments where Privileged Access Manager servers are physically distant from one another, for example to provide fault tolerance in the event of a disaster at a single data center. Database replication provided by database vendors such as Microsoft or Oracle is very difficult to configure where the network between nodes is insecure, unreliable, low bandwidth or high latency. Since a WAN network normally exhibits all of these problems, Hitachi ID Systems built replication right into Privileged Access Manager to operate reliably under these same constraints.
Privileged Access Manager data replication is secure. Data transmitted between servers is encrypted and each endpoint authenticates the other. Replication uses relatively low bandwidth and is tolerant of high latency, making it suitable for deployment across physically distant sites. Replication is fault tolerant, in that failed transmissions are queued and retried until they succeed.
Privileged Access Manager uses a special form of replication when writing new passwords, called a distributed commit. Essentially, new passwords are written to multiple servers before being updated on target systems. This mechanism is designed to eliminate the possibility that a new password will be written to a target system but lost due to a server crash before it can be written to disk.