Before you set up the secondary data center, configure the primary data center for Elasticsearch and Ehcache replication across clusters.

About this task

Elasticsearch and Ehcache are embedded in the VMware Identity Manager virtual appliance. Elasticsearch is a search and analytics engine used for auditing, reports, and directory sync logs. Ehcache provides caching capabilities.

Configure these changes in all the nodes in the primary data center cluster.

Prerequisites

You have set up a VMware Identity Manager cluster in the primary data center.

Procedure

  1. Configure Elasticsearch for replication.

    Make these changes in each node of the primary data center cluster.

    1. Set the Java path for the Elasticsearch plugin.
      vi ~/bash_profile
      JAVA_HOME=/usr/java/jre-vmware/
      export JAVA_HOME
      export PATH=$PATH:JAVA_HOME
    2. Run the following command:
      bash_profile: . ~/bash_profile
    3. List and remove the Elasticsearch plugin.
      /opt/vmware/elasticsearch/bin/plugin -l
      /opt/vmware/elasticsearch/bin/plugin -r discovery-idm
    4. Add the IP addresses of all the nodes in the primary datacenter.
      vi /opt/vmware/elasticsearch/config/elasticsearch.yml
      discovery.zen.ping.unicast.hosts:[“IPaddress1”,“IPaddress2”,“IPaddress3”]
    5. Restart the Elasticsearch service.
      service elasticsearch restart
    6. Add the load balancer FQDN of the secondary data center cluster to the /usr/local/horizon/conf/runtime-config.properties file.
      1. Edit the /usr/local/horizon/conf/runtime-config.properties file.

        vi /usr/local/horizon/conf/runtime-config.properties

      2. Add this line to the file:

        analytics.replication.peers=https://LB_FQDN_of_second_cluster

  2. Configure Ehcache for replication.

    Make these changes in each node of the primary data center cluster.

    1. vi /usr/local/horizon/conf/runtime-config.properties

    2. Add the FQDN of the other nodes in the cluster. Do not add the FQDN of the node you are editing. Separate FQDNs by a colon.

      ehcache.replication.rmi.servers=node2FQDN:node3FQDN

      For example:

      ehcache.replication.rmi.servers=server2.example.com:server3.example.com

  3. If you plan to configure Mobile SSO for iOS authentication, which uses the built-in KDC, make the following changes in each node of the primary data center cluster.
    1. Open the runtime-config.properties file for editing.
      vi /usr/local/horizon/conf/runtime-config.properties
      
    2. Add all the nodes in the cluster, delimited by a colon.
      components.kdc.servers=node1FQDN:node2FQDN:node3FQDN
    Note:

    If you are using the hybrid KDC feature, this step is not required.

  4. Restart the VMware Identity Manager service on all nodes.

    service horizon-workspace restart

  5. Verify that the cluster is set up correctly.

    Run these commands on all the nodes in the first cluster.

    1. Verify the health of Elasticsearch.

      curl 'http://localhost:9200/_cluster/health?pretty'

      The command should return a result similar to the following.

               {
        "cluster_name" : "horizon",
        "status" : "green",
        "timed_out" : false,
        "number_of_nodes" : 3,
        "number_of_data_nodes" : 3,
        "active_primary_shards" : 20,
        "active_shards" : 40,
        "relocating_shards" : 0,
        "initializing_shards" : 0,
        "unassigned_shards" : 0,
        "delayed_unassigned_shards" : 0,
        "number_of_pending_tasks" : 0,
        "number_of_in_flight_fetch" : 0
      }

      If there are problems, see Troubleshooting Elasticsearch.

    2. Verify that the /opt/vmware/horizon/workspace/logs/horizon.log file contains this line.

      Added ehcache replication peer: //node3.example.com:40002

      The host names should be those of the other nodes in the cluster.

What to do next

Create a cluster in the secondary data center. Create the nodes by exporting the OVA file of the first VMware Identity Manager virtual appliance from the primary data center cluster and using it to deploy the new virtual appliances in the secondary data center.