您可以将目录与多个连接器实例相关联,然后为目录设置一个“同步连接器”列表,以便为目录同步配置高可用性。“同步连接器”列表中的连接器按故障切换顺序排列。VMware Identity Manager 服务使用列表中的第一个连接器同步目录的用户和组。如果第一个连接器不可用,则使用列表中的下一个连接器,依此类推。

Each directory has its own Sync Connectors list.

As a best practice, set up your deployment in a way that the same connector does not sync multiple directories at the same time. You can use the following strategies.

  • Use a different set of connectors for different directories.
  • If you use the same set of connectors in the same failover order, schedule the sync at different times for each directory.
  • If you use the same set of connectors for multiple directories, set a different failover order for each directory so that sync does not fall back to the same connector.

This feature is available beginning with the VMware Identity Manager 19.03 on-premises release. To use this feature, upgrade all connectors to version 19.03.0.0, then follow this procedure to set up the Sync Connectors list. Take into account the following situations.

  • For existing directories, the Sync Connectors list is empty. Until you configure the Sync Connectors list, the connector that was originally configured for the directory continues to be used for sync and no fallback is available if the connector fails.
  • New directories created in an upgraded or new environment have one connector listed in the Sync Connectors list. This connector is the one you selected as the sync connector while creating the directory.
重要事项: 此功能仅在 VMware Identity Manager 内部部署安装中可用。而在 VMware Identity Manager 云部署中不可用。

前提条件

  • 您已安装并配置额外的连接器实例。请参阅《安装和配置 VMware Identity Manager Connector 19.03.0.0 (Windows)》中的“安装和配置额外的 VMware Identity Manager Connector 实例”。
  • VMware Identity Manager 服务关联的所有连接器必须为 19.03.0.0 或更高版本。如果任何连接器为旧版本,则不会在目录的“同步设置”页面中显示“同步连接器”选项卡。

过程

  1. 将新的连接器实例与目录的 Workspace IDP 相关联。
    1. VMware Identity Manager 控制台中,单击身份和访问管理选项卡。
    2. 在显示的“目录”页面中,单击要配置高可用性的目录。
    3. 目录同步和身份验证部分中,单击 WorkspaceIDP 链接。
    4. 在 WorkspaceIDP 页面中,滚动到连接器部分,从下拉菜单中选择每个新的连接器实例,然后单击添加连接器
    5. 单击保存
  2. 单击目录选项卡,然后单击目录名称。
  3. Click Sync Settings.
  4. Click the Sync Connectors tab.
  5. Select the connector instances to be used to sync users and groups for this directory.
    1. From the Select a Connector list, which displays all the connectors added to the service, select a connector and click the + icon.
      The connector is added to the Sync Connectors list.
    2. Add all the connectors that you want to use for sync to the Sync Connectors list.
    3. In the Sync Connectors list, arrange the connectors in failover order by using the up and down arrow keys.
      To perform a directory sync, VMware Identity Manager tries to use the first connector in the list. If the first connector is unavailable, it tries to use the second connector, and so on.
      For example:
      Sync Connectors tab screenshot

  6. Click Save.

结果

The list of sync connectors for the directory is saved and is applied from the next sync onwards.

You can view which connectors were used for sync in the Sync Log tab of the directory page.

For example:


Sync log screenshot