To provide identity and access management services to the cross-instance SDDC components, you create a global environment in vRealize Suite Lifecycle Manager in which you deploy a 3-node clustered Workspace ONE Access instance.

Procedure

  1. In a web browser, log in to vRealize Suite Lifecycle Manager with the vcfadmin@local user by using the user interface (https://<vrslcm_fqdn>).
  2. On the My Services page, click Lifecycle Operations.
  3. On the Dashboard page, click Create environment.
  4. On the Create environment page, configure the settings and click Next.

    Setting

    Value

    Install Identity Manager

    Selected

    Default password

    global-env-admin

    Datacenter

    Select the cross-instance datacenter.

    JSON configuration

    Disabled

    Join the VMware customer experience improvement program

    Selected

  5. On the Select product page, select the check box for VMware Identity Manager, configure these values, and click Next.

    Setting

    Value

    Installation type

    New install

    Version

    3.3.5

    Deployment type

    Cluster

  6. On the Accept license agreements page, scroll to the bottom and accept the license agreement, and then click Next.
  7. On the Certificate page, from the Select certificate drop-down menu, select the Clustered Workspace One Certificate, and click Next.
  8. On the Infrastructure page, verify and accept the default settings, and click Next.
  9. On the Network page, verify and accept the default settings, and click Next.
  10. On the Products page, configure the deployment properties of clustered Workspace ONE Access and click Next.
    1. In the Product properties section, configure the settings.

      Setting

      Value

      Certificate

      Clustered Workspace One Certificate

      Node size

      Medium (vRealize Automation recommended size)

      Admin password

      Select the xint-wsa-admin

      Default configuration admin email

      Enter a default email.

      Default configuration admin user name

      configadmin

      Default configuration admin password

      Select the xint-wsa-configadmin

      Sync group members

      Selected

    2. In the Cluster VIP FQDN section, configure the settings.

      Setting

      Value

      FQDN

      Enter the FQDN of the NSX-T Data Center load balancer virtual server for clustered Workspace ONE Access instance.

      Locker certificate

      Clustered Workspace ONE Access Certificate

      Database IP address

      Enter the IP address for the embedded Postgres database.
      Note: The IP address must be a valid IP address for the cross-instance NSX segment.
    3. In the Components section, configure the three cluster node.

      Setting

      Value for vidm-primary

      Value for vidm-secondary-1

      Value for vidm-secondary-2

      VM Name

      Enter a VM Name for vidm-primary.

      Enter a VM Name for vidm-secondary-1.

      Enter a VM Name for vidm-secondary-2.

      FQDN

      Enter the FQDN for vidm-primary

      Enter the FQDN for vidm-secondary-1.

      Enter the FQDN for vidm-secondary-2.

      IP address

      Enter the IP Address for vidm-primary.

      Enter the IP Address for vidm-secondary-1.

      Enter the IP Address for vidm-secondary-2.

  11. On the Precheck page, click Run precheck.
  12. On the Manual validations page, select the I took care of the manual steps above and am ready to proceed check box and click Run precheck.
  13. Review the validation report, remediate any errors, and click Re-run precheck.
  14. Wait for all prechecks to complete with Passed messages and click Next.
  15. On the Summary page, review the configuration details. To back up the deployment configuration, click Export configuration.
  16. To start the deployment, click Submit.

    The Request details page displays the progress of deployment.

  17. Monitor the steps of the deployment graph until all stages become Completed.