Identity Manager Clustering and Load Balancing with NSX

In this blog post, I would like to write up the procedure for setting up an NSX Edge Load Balancer for a VMware Identity Manager cluster. Like discussed in this post and this post, NSX Edge Load Balancers will be all over the place in a Workspace ONE platform environment. And this is one place…
I am also working on testing the available persistence configuration of Workspace ONE NSX Edge load balancers (heads up to a blog post), and adding to the NSXHorizonJumpstart script more Workspace ONE firewall sections and load balancing configuration. If only my new year’s resolution was to grow four extra brains and hands, this would be published a little faster….

Identity Manager, Hmmmm?

For the Workspace ONE user access or identity management service, VMware Identity manager (IDM) is needed. And not just user access, also the application catalog. It is the layer your users sessions will hit first (well after enrolling their devices). And with that presumably, some availability requirements, insert a cluster of IDM ergo a High Available IDM. A cluster of IDM is a minimum of 3 nodes and this needs a load balancer. But how? Well after the first node is deployed, you will configure IDM to have an external database, for active-active on an MSSQL Always-On. When that is running an identity source should be configured, for example, connected to an Active Directory. And have a load balancer setup and FQDN filled. Then after a correct configuration shut down the node and clone to an identity manager cluster.

IDM Load Balancing

Need some more information on the steps than the above TL;DR? Read on

Continue reading Identity Manager Clustering and Load Balancing with NSX

vRealize Log Insight broadening the Horizon: Active Directory integration deploy VMware Identity Manager

At a customer I am working on the design of vRealize Log Insight. With the authentication objective we can choose from the sources local, Active Directory or VMware Identity Manager. In the latest release (4.5) it is clearly stated that authentication configuration of Active Directory directly from Log Insight is depreciated.

Deprecated vRLI

Edit: Unlike some previous information going around, Active Directory from Log Insight directly is still supported. Quote from updated VMware Knowledge base article: Although direct connectivity from VMware vRealize Log Insight to Active Directory is still supported in Log Insight 4.5, it may be removed in a future version.

But I think it will still be very beneficial to move to vIDM sooner then later.

Continue reading vRealize Log Insight broadening the Horizon: Active Directory integration deploy VMware Identity Manager