To provide identity and access management services to the cross-instance SDDC components, you create a global environment in VMware Aria Suite Lifecycle in which you deploy a 3-node clustered Workspace ONE Access instance.

Procedure

  1. In a web browser, log in to VMware Aria Suite Lifecycle with the vcfadmin@local user by using the user interface (https://<vrslcm_fqdn>).
  2. On the My Services page, click Lifecycle Operations.
  3. On the Dashboard page, click Create environment.
  4. On the Create environment page, configure the settings and click Next.

    Setting

    Value

    Install Identity Manager

    Selected

    Default password

    global-env-admin

    Datacenter

    Select the cross-instance datacenter.

    JSON configuration

    Deactivated

    Join the VMware customer experience improvement program

    Selected
  5. On the Select product page, select the check box for VMware Identity Manager, configure these values, and click Next.

    Setting

    Value

    Installation type

    New install

    Version

    Select a version. VMware Aria Suite Lifecycle will only display supported versions.

    Deployment type

    Cluster
  6. On the Accept license agreements page, scroll to the bottom and accept the license agreement, and then click Next.
  7. On the Certificate page, from the Select certificate drop-down menu, select the Clustered Workspace One Certificate, and click Next.
  8. On the Infrastructure page, verify and accept the default settings, and click Next.
  9. On the Network page, verify and accept the default settings, and click Next.
  10. On the Products page, configure the deployment properties of clustered Workspace ONE Access and click Next.
    1. In the Product properties section, configure the settings.

      Setting

      Value

      Certificate

      Workspace One Access

      Node size

      Medium (VMware Aria Automation recommended size)

      Admin password

      Select the xint-wsa-admin

      Default configuration admin email

      Enter a default email.

      Default configuration admin user name

      configadmin

      Default configuration admin password

      Select the xint-wsa-configadmin

      Sync group members

      Selected
    2. In the Cluster Virtual IP section, click Add Load Balancer and configure its settings.
      Setting Value
      Controller Type

      VMware Cloud Foundation managed NSX-T
      Load Balancer IP Use the IP address from your VMware Cloud Foundation Planning and Preparation Workbook.
      Load Balancer FQDN Use the FQDN from your VMware Cloud Foundation Planning and Preparation Workbook.
    3. In the Cluster VIP FQDN section, configure the settings.

      Setting

      Value
      Controller Type Select VMware Cloud Foundation managed NSX-T from the drop-down menu.

      FQDN

      Select the Load Balancer FQDN from the drop-down menu.

      Locker certificate

      Clustered Workspace ONE Access Certificate

      Database IP address
      Enter the IP address for the embedded Postgres database.
      Note: The IP address must be a valid IP address for the cross-instance NSX segment.
    4. In the Components section, configure the three cluster node.

      Setting

      Value for vidm-primary

      Value for vidm-secondary-1

      Value for vidm-secondary-2

      VM Name

      Enter a VM Name for vidm-primary.

      Enter a VM Name for vidm-secondary-1.

      Enter a VM Name for vidm-secondary-2.

      FQDN

      Enter the FQDN for vidm-primary

      Enter the FQDN for vidm-secondary-1.

      Enter the FQDN for vidm-secondary-2.

      IP address

      Enter the IP Address for vidm-primary.

      Enter the IP Address for vidm-secondary-1.

      Enter the IP Address for vidm-secondary-2.
    5. For each node, click advanced configuration and click Select Root Password.
      Select xint-wsa-root and click Save.
  11. On the Precheck page, click Run precheck.
  12. On the Manual validations page, select the I took care of the manual steps above and am ready to proceed check box and click Run precheck.
  13. Review the validation report, remediate any errors, and click Re-run precheck.
  14. Wait for all prechecks to complete with Passed messages and click Next.
  15. On the Summary page, review the configuration details. To back up the deployment configuration, click Export configuration.
  16. To start the deployment, click Submit.

    The Request details page displays the progress of deployment.

  17. Monitor the steps of the deployment graph until all stages become Completed.