Hi Michael, here at SLAC we’re planning to run both CA and PVA gateways concurrently on the same subnet using the same access control files. However, the documentation says the existing CA files (ACF/pvlist) are not fully compatible with
the pvaGateway.
The specific concern is that several CA gateways are currently configured with the DENY,ALLOW evaluation order to support multiple gateway instances on the same subnet.
I believe that the original CA gateway instance became overloaded, so a second one was deployed to balance the load. Gateway 1 only provided access to half the PVs by denying access to some and granting access to others. Then gateway 2
was configured in the opposite way, granting access to those PVs denied by gateway 1 but denying access to the others.
The pvaGateway documentation clearly indicates that the DENY,ALLOW evaluation order is not supported, so I was going to suggest we use a single pvaGateway instance with its own ACF/pvlist. Do you have any suggestions or advice?