Should CPMs be configured for automatic failover?

Configuring CPMs (Central Password Managers) for automatic failover raises significant concerns, particularly about the potential for a split-brain scenario. In distributed systems, a split-brain can occur when two or more nodes lose contact with each other but continue to operate independently. This situation could lead to conflicting actions, such as both nodes attempting to manage the same set of credentials or changes being made on one node that are not reflected on the other, resulting in a loss of data integrity and consistency.

Choosing to avoid automatic failover maintains a centralized control in handling failovers, which ensures that one single source of truth remains in charge of the password management system. This approach mitigates risks associated with data conflicts and consistency issues, providing a more stable environment for sensitive credential management, which is critical for an organization's security and operational continuity.

In contrast, other options suggest varying degrees of automatic failover or conditional configurations, which might seem beneficial for reliability or operational efficiency but fail to account for the critical complexities and risks involved with credential management in a failover scenario. Understanding the implications of these choices is essential for maintaining a secure and reliable CyberArk environment.