This Post will cover Objective 1.3 of the VCAP-DTM Deployment Exam
Tools and References for Objective 1.3:
Tools and References for Objective 1.3:
Installing and Configuring
VMware Identity Manager
Upgrading to VMware Identity Manager 2.4. x from 2.1 or 2.1.1
Upgrading to VMware Identity Manager 2.4. x from 2.4
VMware Identity Manager Administration
Setting Up Resources in VMware Identity Manager
Using VMware Identity Manager Apps Portal
VMware Identity Manager Admin Console
Upgrading to VMware Identity Manager 2.4. x from 2.1 or 2.1.1
Upgrading to VMware Identity Manager 2.4. x from 2.4
VMware Identity Manager Administration
Setting Up Resources in VMware Identity Manager
Using VMware Identity Manager Apps Portal
VMware Identity Manager Admin Console
Skills and Abilities:
Prepare environment to install VMware Identity Manager Portal
Check Installing and Configuring VMware Identity Manager for System and network configuration requirements.
Create DNS records and IP addresses
A DNS entry and a static IP address must be available for the VMware Identity Manager appliance. Because each company administers their IP addresses and DNS records differently, before you begin your installation, request the DNS record and IP addresses to use
Determine database options (internal/external) with Identity Manager
VMware Identity Manager can be set up with an internal or external database to store and organize server data. You can either use the bundled Postgre database that is embedded in the appliance or you can set up an external database. The internal database is the default.
- Embedded database is best for small deployments
- For Large deployments use External database
To use an external database, your database administrator must prepare an empty external database and schema before connecting to the external database in the Setup wizard. Licensed users can use an external Microsoft SQL database server, Oracle database server, or an external vPostres database server to set up a high availability external database environment.
Configure Active Directory connection
VMware Identity Manager uses your Active Directory infrastructure for user authentication and management. You can integrate VMware Identity Manager with an Active Directory environment that consists of a single Active Directory domain, multiple domains in a single Active Directory forest, or multiple domains across multiple Active Directory forests. To sync users and groups, the VMware Identity Manager virtual appliance must connect to Active Directory.
Your Active Directory must be accessible in the same LAN network as the VMware Identity Manager virtual appliance
Deploy Identity Manager OVF file
- Download the VMware Identity Manager OVA file from My VMware
- Log in to the vSphere Client or the vSphere web Client
- Select File > Deploy OVF Template
- In the Deploy OVF Template wizard, specify the following information.
| Page | Description |
|---|---|
| Source | Browse to the OVA package location, or enter a specific URL. |
| OVF Template Details | Review the product details, including version and size requirements. |
| End User License Agreement | Read the End User License Agreement and click Accept. |
| Name and Location | Enter a name for the VMware Identity Manager virtual appliance. Names are case sensitive. Select a location for the virtual appliance. |
| Host / Cluster | Select the host or cluster in which to run the virtual appliance. |
| Resource Pool | Select the resource pool. |
| Storage | Select the storage for the virtual appliance files. You can also select a VM Storage Profile |
| Disk Format | Select the disk format for the files. |
| Network Mapping | Map the networks used in VMware Identity Manager to networks in yourinventory. |
| Ready to Complete | Review your selections and click Finish. |
- When the deployment is complete, click close in the progress dialog box
- Select the VMware Identity Manager Virtual appliance you deployed, right-click, and select Power > Power on
Add/Edit IP pools in Identity Manager
- In the vSphere Client or the vSphere Web Client, right-click the VMware Identity Manager virtual appliance and select Edit Settings.
- Select the Options tab.
- Under vApp Options, click Advanced.
- In the Properties section on the right, click the Properties button.
- In the Advanced Property Configuration dialog box, configure the following keys:
- vami.DNS.WorkspacePortal
- vami.netmask0.WorkspacePortal
- vami.gateway.WorkspacePortal
- Select one of the keys and click Edit.
- In the edit property settings dialog box, next to the Type field, click Edit.
- In the Edit Property Type dialog box, select Dynamic Property and select the appropriate value from the drop down menu for Netmask, Gateway Address, and DNS Servers respectively.
- Click Ok, and click OK again.
- Repeat these steps to configure each key
- Power on the virtual appliance
Configure Identity Manager settings according to a deployment plan
- Go to the VMware Identity Manager URL that is shown on the blue screen in the console tab. Forexample, https://hostname.example.com.
- Accept the certificate, if prompted.
- In the Get Started page, click Continue.
- In the Set Passwords page, set passwords for the following administrator accounts, which are used to manage the appliance, then click Continue.
- In the Select Database page, select the database to use.
- If you are using an internal database, click Continue.
- If you are using an external database, select External Database and enter the external database connection information, user name, and password. To verify that VMware Identity Manager can connect to the database, click Test Connection.
- After you verify the connection, click Continue.
- Click the administration console link on the Setup is complete page to log in to the administration console to set up the Active Directory connection.
- Log in to the administration console as the admin user, using the password you set.
- In the administration console, click the Identity & Access Management tab.
- Click Setup > User Attributes to select the user attributes to sync to the directory.
- Default attributes are listed and you can select which ones are required. You can also add other attributes.
- If you plan to sync XenApp resources to VMware Identity Manager, you must make distinguishedName a required attribute.
- After a directory is created, you cannot change an attribute to be a required attribute. You must make that selection now.
- Click Save.
- Click the Identity & Access Management tab, and, in the Directories page, click Add Directory.
- Select the type of Active Directory you have in your environment and configure the connection information.
- Click Save & Next.
- For Active Directory over LDAP, the domains are listed with a checkmark. Click Next.
- Verify that the VMware Identity Manager directory attribute names are mapped to the correct Active Directory attributes. If not, select the correct Active Directory attribute from the drop-down menu. Click Next.
- Click + to select the groups you want to sync from Active Directory to the directory, and click Next.
- Click + to add additional users. For example, enter CN-username,CN=Users,OU-myUnit,DC=myCorp,DC=com.
- Review the page to see how many users and groups are syncing to the directory and to view the sync schedule.
- Click Sync Directory to start the directory sync.
Administer proxy server settings for Identity Manager
Note: Proxy Servers that require authentication are not supported
- From the vSphere Client, log in as the root user to the VMware Identity Manager virtual appliance.
- Run the following command to set the proxy.
- /opt/vmware/share/vami/vami_set_proxy proxyServer proxyPort
- For Example:
- /opt/vmware/share/vami/vami_set_proxy proxy.mycompany.com 3128
- Run the following command to verify the proxy settings.
- /opt/vmware/share/vami/vami_proxy
- Restart the Tomcat server on the VMware Identity Manager virtual appliance to use the new proxy settings.
- service horizon-workspace restart
Enable the Syslog server
- Log in to the administration console
- Select the Appliance Settings tab and click Manage Configuration.
- Click Configure Syslog.
- Click Enable.
- Enter the IP address or the FQDN of the server where you want to store the logs.
- Click Save.
Configure redundancy/failover for Identity Manager to meet RTO requirements
To achieve failover and redundancy, you can add multiple VMware Identity Manager virtual appliances in the VMware Identity Manager cluster.
To set up failover, you first install and configure the VMware Identity Manager virtual appliance, then you clone it. Cloning the virtual appliance creates a duplicate of the appliance with the same configuration as the original. You can customize the cloned virtual appliance to change the name, network settings, and other properties as required.
Modify Internal Database:
Note: If your VMware Identity Manager appliance is configured for an external database, you do not need to modify any settings before cloning the appliance.
Follow the instructions in VMware KB 2094258, Using embedded vPostgres in Production for VMware Workspace Portal VA 2.1.
Change VMware Identity Manager FQDN to Load Balancer FQDN:
Before you clone the VMware Identity Manager virtual appliance, you must change its Fully Qualified Domain Name (FQDN) to match the load balancer FQDN.
Procedure:
- Log in to the VMware Identity Manager administration console.
- Select the Appliance Settings tab.
- In the Virtual Appliance Configuration page, click Manage Configuration.
- Enter your administrator password to log in.
- Click Identity Manager Configuration.
- In the Identity Manager FQDN field, change the host name part of the URL from the VMware Identity Manager host name to the load balancer host name.
- For example, if your VMware Identity Manager host name is myservice and your load balancer host name is mylb, you would change the URL
- https://myservice.mycompany.com
- to the following:
- https://mylb.mycompany.com
- Click Save.
Clone the Virtual Appliance:
- Log in to the vSphere Client or vSphere Web Client and navigate to the VMware Identity Manager virtual appliance.
- Right-click the virtual appliance and select Clone.
- Enter the name for the cloned virtual appliance and click Next.
- The name must be unique within the VM folder.
- Select the host or cluster on which to run the cloned virtual appliance and click Next.
- Select the resource pool in which to run the virtual appliance and click Next.
- For the virtual disk format, select Same format as source.
- Select the data store location where you want to store the virtual appliance files and click Next.
- Select Do not customize as the guest operating system option.
- Review the options and click Finish.
Assign a New IP Address to Cloned Virtual Appliance:
- In the vSphere Client or the vSphere Web Client, select the cloned virtual appliance.
- In the Summary tab, under Commands, click Edit Settings.
- Select Options and in the vApp Options list, select Properties.
- Change the IP address in the IP Address field.
- If the IP address is not in the reverse DNS, add the host name in the HostName text box.
- Click OK.
- Power on the cloned appliance and wait until the blue login screen appears in the Console tab.
Note: Before you power on the cloned appliance, ensure that the original appliance is fully
powered on.
Thanks for this blog, keep sharing your thoughts like this...
ReplyDeleteNode JS Training in Chennai
How Does Node JS works
great article.Thanks for posting this blog for us.
ReplyDeleteFull-stack training in Nagpur
Thanks for sharing article . Keep sharing
ReplyDeleteFull Stack Classes in Solapur