In a Disaster Recovery (DR) environment, which component should NEVER be configured for automatic failover due to the possibility of split-brain phenomenon?

In a Disaster Recovery environment, the Central Policy Manager (CPM) should not be configured for automatic failover because this component is critical for managing and enforcing policies on credential access. Automatic failover could lead to a scenario known as "split-brain," where two instances of CPM operate independently with potentially conflicting policies and changes. This situation can result in inconsistent state and corruption in the central reference for credential management, leading to security risks.

By keeping the CPM out of automatic failover configurations, organizations ensure that there is a controlled and deliberate process for handling failover situations. This way, if a failover is necessary, it can be managed correctly to maintain the integrity and consistency of policy enforcement.

Event Notification Engine, Password Vault Web Access, and Vault Agent may not have the same level of critical operational interdependence as CPM. They can often operate in a more loosely coupled fashion relative to credential management and do not exert the same risk of conflicting policy execution in a split-brain scenario. Thus, the rationale for avoiding automatic failover with CPM primarily revolves around maintaining policy integrity and preventing chaotic operational states.