Try our new research platform with insights from 80,000+ expert users
it_user708474 - PeerSpot reviewer
Pre-Sales Engineer at a tech services company with 51-200 employees
Real User
It has proven to be a very stable solution, even when it is run as a virtual appliance
Pros and Cons
  • "Password Management and Session Recording. The simplicity and ease that it is to be up and running out-of-the-box is very much appreciated."
  • "The support for other remote assistance tools would be excellent. Free included tools in Windows (Remote Assist) and Microsoft SCCM Configuration Manager (ConMgr Remote Control) allow companies to reduce the amount of RDP connections and expand the usage of the tools are frequently used by companies to provide technical support for remote assistance."

What is most valuable?

Password Management and Session Recording. The simplicity and ease that it is to be up and running out-of-the-box is very much appreciated.

The recording feature uses a proprietary format that is very light, even with high definition videos, allowing you to use very little hard drive space. This has proven very valuable when managing large amounts of sessions.

How has it helped my organization?

We are now able to record all technical support requests that require a remote control session, therefore accountability has risen reducing the amount of mistakes or errors.

Clients are also more confident that all activities are recorded and everyone is held accountable when asking for support being provided.

With the recently added feature that supports recording VNC sessions, we have been able to expand the session management to the IT personnel who prefer VNC for remote session management.

What needs improvement?

The support for other remote assistance tools would be excellent. Free included tools in Windows (Remote Assist) and Microsoft SCCM Configuration Manager (ConMgr Remote Control) allow companies to reduce the amount of RDP connections and expand the usage of the tools are frequently used by companies to provide technical support for remote assistance.

This could increase the amount of purchased licenses, with increasing growth of (remote) managed services (MSPs), and would also allow a company to demand that a provider use a tool such as CA PAM when providing remote assistance, in order to record evidence or increase accountability. Access to online training free of charge is also highly recommended.

For how long have I used the solution?

Over two years.

Buyer's Guide
Symantec Privileged Access Manager
October 2024
Learn what your peers think about Symantec Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.

What do I think about the stability of the solution?

Not in my experience. It has proven to be a very stable solution, even when it is run as a virtual appliance.

What do I think about the scalability of the solution?

Not in my experience.

How are customer service and support?

I have had a good experience because they have been able to resolve issues nine of 10 in a short period.

The cons are that you are rarely (if ever) able to talk to a technician when calling support. This is frustrating when the issues are critical or urgent.

This is much worse in out of office hours. At times, when the issues are complex, the resolution times has been longer than desired and the time in between contacts is also too long.

There is a lot of space to improve in this area.

Which solution did I use previously and why did I switch?

No, I have looked at CyberArk, but never used it as a customer.

How was the initial setup?

Session management is pretty straightforward as is the password management. We were able to get it up and running in no time. It might be a bit complex to follow the flow of creating the devices, users, and single sign on using the password vault, so that process could be simplified for those getting started with the solution.

What's my experience with pricing, setup cost, and licensing?

Can’t say much. The prices are not low, but one can ask for a discount. It’s not the cheapest PAM solution.

Which other solutions did I evaluate?

Yes, CyberArk. We found it too complex and with more features than one would probably need.

What other advice do I have?

If looking for a solution with privileged session management, great recording features with an integrated password vault and Single Sign-On that is pretty straightforward to implement out-of-the-box and does not overwhelm you with unnecessary features, it the best way to go.

It has space for improving the user interface and remote connection tools, but surely this is something that should be in their roadmap.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Vendor
The most valuable features are session manager, access manager, and credential manager. They don't offer multi-tenancy.

What is most valuable?

When you look at the whole PAM itself, session manager is very important. It records what happens. Access manager and credential manager are very important as well. Those are the key things. Session manager, access manager, and credential manager.

How has it helped my organization?

On the access management side, our system administrators, under privileged management, don't have to use their local tools to log on to the production servers.

They basically will log on, but they need access controls. They log on to a web interface, so that they will have access to the servers. From there, they can make the sessions.

What I'm saying is that on 443, with an extra cell connection, you log on to a web server and that web server will basically initiate the sessions from the web server to the production server. At that point, my session is secure because all that is happening inside that subnet or inside that network. All my end user is seeing is training the HTML-file interface.

That makes the access more secure. Even on the session side, the sessions are really between the production servers and the IA PAM. The sessions are not between the endpoint and the production server. So that makes it more secure by using a PAM.

What needs improvement?

When we look at CA PAM, the multi-tenant deployment is definitely an improvement that we want to see. They don't offer multi-tenancy.

If I have an enterprise, or if I am an MSP and I would like use an instantiation of CA PAM for multiple tenants, I can't do that.

I have to deploy a CA PAM for each tenant, which basically increases the cost and the management side of it. That's a very essential thing.

CyberArk does the multi-tenancy, but CA PAM doesn't have this.

For how long have I used the solution?

We have used it for two years.

What do I think about the stability of the solution?

Stability-wise, there were no issues. It met our SLAs. For the most part, it's really stable. There were no significant outages or issues with the stability of the product. We didn't have any of that experience with the solution.

What do I think about the scalability of the solution?

There were some scalability issues. Along with access manager, there's something called a credential manager. The way the CA PAM solution is designed, a credential manager is local to each of these boxes.

If you want to scale to multiple data centers and multiple end points, the credential manager is not centralized anymore. We need to have a way to synchronize that. That seems to be one of the biggest issues of scalability.

It has AD integration, but the way they do it is an issue, because it's not scalable. For every active directory identity, it basically creates a local user. It defeats the whole purpose of using a single identity store. That's not a scalable solution to manage identities itself. That's a big issue.

We did submit an enhancement request to CA on multi-tenancy and the active directory implementation, and we don't think they have released any updates. That's a big issue with this product.

How are customer service and technical support?

I would give tech support a rating of 7/10. They're not the best, because the product was acquired from a small company. Just updating the portal with the knowledge base and the support took a long time. We had a bad experience with that.

Once they got all the stuff integrated into the CA support structure, the responsiveness was there, but the relevant information of the tech staff to solve the problem was not there.

Which solution did I use previously and why did I switch?

There were no previous solutions. CA PAM is the new evolution of Privileged Management. We haven't used a PAM solution in the past, and this was our first generation PAM that we used. We didn't move from an existing solution.

How was the initial setup?

Once you have a network, then the reach-out is added. They have something called Outer Discovery, which discovers all the accounts and all the servers’ end points and groups.

I'm not going to say it's very easy, but on the flipside, I'm not going to say it's terribly hard to do it.

The reason it was not easy, was that the end points of the system administrators that have access to PAM needed a version of Java and some Java libraries on the end point.

With logged-on systems in the DOD space, or with the federal space, it's really tough to get those versions installed. The federal government, the central IT, update the Java versions and we don't have control over that. Every time we have an upgrade, it breaks the accessibility of the software.

Even though they say it's a web based tool, they still need a Java version that is compatible and libraries have to be on your client to do it. The Java competence has been a nightmare.

The product installation by itself is fairly easy, but the accessibility is very difficult.

We did reach out to CA and submitted a ticket with them, saying, "Okay, you need to get out of this Java thing, and then have something like HTML-file-based access, so that we don't have to have any of these Java things."

They said, "Great," but nothing has happened so far.

Which other solutions did I evaluate?

We did evaluate other solutions.

  • We did a market research of Xceedium, before CA bought Xceedium Xsuite
  • CyberArk
  • Dell had a tool to do privileged identity management
  • There's another company also, that starts with Cyber, but I don't remember the name

We evaluated these solutions, and Xceedium, which is now CA PAM, stood out.

What other advice do I have?

If you are going for a multi-tenant deployment as an MSP, I would work with CA to see when that feature will be available.

If the local end points are logged down with the Java versions, I would really tell them to pull out the HTML-file-based solution. The accessibility of this tool from the desktops is very, very difficult. Those are two big things for a use case.

I would recommend them to make sure they validate that these things are rolled out and then use it. Other than those two issues, everything else is good.

Asking me to rate the solution is a tough question, because the market research came out well. It stood out. The usability was good.

The accessibility and other issues were big blockers for our customer:

  • The local accounts with AD integration
  • Multi-tenant deployment
  • Java installation on the local machines

Those three elements were the biggest blockers. I would have rated it higher, but because of those three blockers, I'll had to rate it lower. They were very significant blockers for our project when we used it, and we were always putting out fires to do that.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
Symantec Privileged Access Manager
October 2024
Learn what your peers think about Symantec Privileged Access Manager. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
816,406 professionals have used our research since 2012.
it_user707196 - PeerSpot reviewer
Principal Consultant
Vendor
Some of the valuable features are safe access to company resources and an intuitive management interface

What is most valuable?

Some of the valuable features are safe access to company resources, quick, comprehensible, and intuitive management interface, and good integration capabilities. Control on targets could be extended through CA PAM Server Control component. It now includes an optional risk evaluation engine (CA Threat Analytics for Privileged Access Manager).

How has it helped my organization?

  • Quick setup
  • Support for different types of existing user stores
  • Management automation through REST interface
  • Integration with Identity Management solutions easily for automatic user provisioning.

What needs improvement?

I would like it to support more types of integration.

For how long have I used the solution?

We have used this solution since CA acquired Xceedium.

What do I think about the stability of the solution?

There were no stability issues.

What do I think about the scalability of the solution?

There were no scalability issues.

How are customer service and technical support?

I would give technical support a rating of an eight out of 10.

Which solution did I use previously and why did I switch?

Many customers switched to CA PAM, because the list of useful features quickly expands.

How was the initial setup?

The deployment was very fast, as it is commonly deployed as a virtual appliance.

What's my experience with pricing, setup cost, and licensing?

Contact the sales department.

Which other solutions did I evaluate?

We evaluated Hitachi ID PAM and IBM PIM.

What other advice do I have?

Proceed!

Disclosure: My company has a business relationship with this vendor other than being a customer: We sell and implement CA PAM.
PeerSpot user
it_user459162 - PeerSpot reviewer
Presale Engineer with 51-200 employees
Vendor
When a customer uses CA PAM, they can control who can access their server and what they do

What is most valuable?

Access control and Password Management, because almost every customer wants to protect and audit their server(s), as well as their credentials.

How has it helped my organization?

When a customer uses CA PAM, they can control who can access their server and what they do. So they feel more comfortable when using outsourced engineers to manage their assets.

What needs improvement?

Reporting, Logging, and support recording for Web App using Java.

Now, the reporting feature on CA PAM only shows the basic information in white-black table format. If I’m a customer, I like to see the reports with colorful charts and pictures.

About the Web App using Java:

Currently, CA PAM only can record and work with a Web Console that doesn't use Java. If a Web Console uses Java and has a pop-up, CA PAM can’t do a recording.

For how long have I used the solution?

Over three years. I used it before CA acquired Xceedium.

What do I think about the stability of the solution?

The CA PAM appliance works stably. I didn’t see many errors related to stability.

What do I think about the scalability of the solution?

Not yet.

How are customer service and technical support?

I appreciate CA technical support. They respond quickly.

Which solution did I use previously and why did I switch?

No, I didn’t.

How was the initial setup?

Simple for me.

Which other solutions did I evaluate?

No, I didn’t.

What other advice do I have?

The CA PAM product can help companies/organizations who looking are for Privilege Access Management. CA PAM is an industry leader; a powerful, easy to use solution.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
it_user705705 - PeerSpot reviewer
Finance at a tech services company with 10,001+ employees
Consultant
Have a test environment for testing any upgrades/patches first, before pushing it to production

What is most valuable?

Manager user/admin’s password, so it’s more secure and password will be changed on time.

What needs improvement?

When there’s new patches or upgrades, please test the new release well, so it won’t break the functional parts.

What do I think about the stability of the solution?

It’s very stable, unless we do some patches or upgrade, then it’ll break some functional parts.

What do I think about the scalability of the solution?

So far, no.

How are customer service and technical support?

So far, it's fair. Because sometimes, it takes me a few days/weeks to get attention.

Which solution did I use previously and why did I switch?

No.

How was the initial setup?

I didn’t get involved in the initial setup.

What's my experience with pricing, setup cost, and licensing?

I don’t handle that.

Which other solutions did I evaluate?

I didn't get involved in that evaluation, either.

What other advice do I have?

Have a test environment for testing any upgrades/patches first, before pushing it to production.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
it_user616500 - PeerSpot reviewer
Security Engineer
Vendor
Some of the valuable features are transparent login and cluster synchronization. There are a lot of gaps in the documentation.

What is most valuable?

Transparent login and cluster synchronization. This is quite stable compared with other products. It is easy to manage for the administrator.

How has it helped my organization?

After the CA acquisition of Xceedium, I was able to see a lot of improvement in technical support.

What needs improvement?

There are a lot of gaps in the documentation. The documentation has to improve like anything else. There are a lot of things which are not covered in the documentation, and there are a few things which are covered in the documentation, but are not clear.

To mention the features which are not covered and which are not clear would require a separate document. Here are some examples:

  • Authentication methods: PAM does support a few authentication mechanisms to login to PAM. But the documentation does not have the details of how to integrate TACACS+ in PAM. The documentation explains it at a very high level.
  • Application Connectors: PAM does support different application connectors. But for CISCO devices, the details are not clear.
  • Roles and Privileges: There are almost 200 privileges in Credential Management. There is not a document which has the details for the privileges and their functionality.
  • Segregation of Duties: There is not a document for PAM roles. For example, if the user has “Standard User” as a role, he cannot have “Approver Role” from CM. It is a limitation in PAM. This limitation might be due to security or operational functionality. But it should be documented if it is limitation of PAM.

For how long have I used the solution?

We have been using this solution for two and a half years.

What do I think about the stability of the solution?

I faced stability issues in the past, but I have not faced any stability issues lately.

What do I think about the scalability of the solution?

I have not faced any scalability issues.

How are customer service and technical support?

I would give technical support a rating of 6/10.

Which solution did I use previously and why did I switch?

We did not use a previous solution.

How was the initial setup?

The setup was straightforward.

What's my experience with pricing, setup cost, and licensing?

There are currently other tools on the market which are much cheaper than PAM. They can do almost all of what PAM does, and even do it better. CA can think of reducing the pricing for PAM.

Which other solutions did I evaluate?

We did not evaluate other solutions.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
it_user713793 - PeerSpot reviewer
Citrix / Windows Administrator/PM at a government with 10,001+ employees
Vendor
The tool helps us manage local, domain, and service accounts. I would like to see improvements in the documentation.

What is most valuable?

The tool helps us manage local, domain, and service accounts. It helps us meet compliance standards.

How has it helped my organization?

The fact the password is changed after each checkout beats changing passwords manually every few months.

What needs improvement?

I would definitely like to see improvements in the documentation. It is very plain and doesn't provide details. They are no screenshots either.

For how long have I used the solution?

We owned this product for about three years. I took over the project about six months ago.

What do I think about the stability of the solution?

I did not encounter any issues with stability.

What do I think about the scalability of the solution?

I did not encounter any issues with scalability.

How are customer service and technical support?

Few people I've dealt with know the product well. They are not very helpful. Some technical support team members don't have much knowledge.

Which solution did I use previously and why did I switch?

I don't think DSS used any other solution prior to this.

How was the initial setup?

I didn't do the initial setup, so I can't answer this question.

What's my experience with pricing, setup cost, and licensing?

I'm the admin and do not know anything about pricing and licensing.

Which other solutions did I evaluate?

I personally have used RPM and think it is more user-friendly.

What other advice do I have?

Be prepared to call tech support a lot because the documentation is almost worthless.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
it_user705735 - PeerSpot reviewer
IAM Architect at a tech services company with 5,001-10,000 employees
Real User
So far, we’re using the RDP-gateway and the “published application” features
Pros and Cons
  • "The RDP-gateway: For limiting which server an operator can access."
  • "I’m no fan of Java as an application front-end, as it tends to have issues depending on what browser one’s using."

What is most valuable?

So far, we’re using the RDP-gateway and the “published application” features.

  • The RDP-gateway: For limiting which server an operator can access.
  • The “published applications” feature: To minimize the exposure of sensitive usernames and passwords.

How has it helped my organization?

The exposure of sensitive usernames and passwords has been limited in a massive way. This allows us to give much needed access to LDAP servers and databases without the operator knowing the username and/or password. They just have a link to click on after logging into the PAM virtual appliance.

What needs improvement?

I’m no fan of Java as an application front-end, as it tends to have issues depending on what browser one’s using. Have nothing further right now due to limited exposure to the more technical parts of the product.

For how long have I used the solution?

We’ve had it running for approximately six months so far.

What do I think about the stability of the solution?

No issues so far, except the typical Java/web-browser problems that all Java-based products have.

What do I think about the scalability of the solution?

Do not know as of right now, as we only have one instance in production at the moment.

How are customer service and technical support?

So far, I would rate it high. I have gotten fast and accurate answers to my questions and any issues have been resolved in a timely manner.

Which solution did I use previously and why did I switch?

We used the now discontinued Shared Account Management component of CA Privileged Identity Manager.

How was the initial setup?

The initial setup is really easy. The only thing to worry about is to add all needed networks to your virtual appliance prior to the initial boot. This is a pain and should be fixed in my opinion.

What's my experience with pricing, setup cost, and licensing?

I do not know as I only work with the technical parts of the product, I do not worry about pricing and licensing.

What other advice do I have?

Make sure you have all your network needs mapped out prior to installation, as you have to add all needed networks to the virtual appliance prior to the first boot.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
Download our free Symantec Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.
Updated: October 2024
Buyer's Guide
Download our free Symantec Privileged Access Manager Report and get advice and tips from experienced pros sharing their opinions.