After you upgrade to VMware Identity Manager 19.03.0.0, you might need to configure certain settings.

Configuring VMware Identity Manager Connector Instances

Only the external Windows-based connector is available with VMware Identity Manager 19.03.0.0 and later. The embedded connector is no longer included. The external Linux-based connector is deprecated. Existing instances of the external Linux-based connector continue to be supported for a limited amount of time. To experience full functionality of the external connector, both Windows-based and Linux-based versions, upgrade all connector instances to the newest version of the external Windows-based connector.

  • Installing External Windows-based Connectors. Perform the corresponding procedure depending on the type of connector you are upgrading from.
    Note:
    • Embedded Connector. If you used the embedded connector for a version of VMware Identity Manager earlier than 19.03.0.0 and are now upgrading to version 19.03.0.0 or later, you must install the VMware Identity Manager connector on a Windows system. To decrease the amount of information you provide manually, you can perform the following migration-related procedures.
      1. Locate the cluster...enc file automatically created for you when you upgraded the service.
      2. Copy the cluster...enc file to the Windows system on which you plan to install a respective Windows-based connector instance.
      3. During the installation of the external Windows-based connector and afterwards, perform specific migration-related steps. Use information in Perform Migration-Related Steps When Configuring the External Windows-Based Connector to supplement the instructions in the corresponding version of the Installing and Configuring VMware Identity Manager Connector (Windows) guide.
    • External Linux-Based Connector. If you used one or more external Linux-based connector instances for a version of VMware Identity Manager earlier than 19.03.0.0 and are now upgrading to version 19.03.0.0 or later, you can continue to use the existing connector instances. However, the external Linux-based connector is deprecated and does not include the newest functionality. To experience full functionality, install the respective number of instances of the VMware Identity Manager connector on Windows systems. To decrease the amount of information you need to provide manually, you can perform the following migration-related procedures.
      1. To save external Linux-based-connector configuration information to a cluster...enc file, on each external Linux-based connector instance, run the cluster-migration package (cluster-support.tgz). See Saving External Linux-Based Connector-Configuration Information.
      2. To transfer the external Linux-based-connector-configuration information stored in cluster...enc file instances to instances of the external Windows-based connector, copy each cluster...enc file instance to a respective Windows host before you install the VMware Identity Manager connector on the Windows system. Use information in Perform Migration-Related Steps When Configuring the External Windows-Based Connector to supplement the instructions in the corresponding version of the Installing and Configuring VMware Identity Manager Connector (Windows) guide.
      3. During the installation of the external Windows-based connector and afterwards, perform specific migration-related steps. See Perform Migration-Related Steps When Configuring the External Windows-Based Connector.
    • External Windows-Based Connector. If you used one or more external Windows-based connector instances for a version of VMware Identity Manager earlier than 19.03.0.0 and are now upgrading to version 19.03.0.0 or later, you can continue to use the existing connector instances. However, to ensure full functionality of existing external Windows-based connectors, update the connector instances to version 19.03.0.0 or later.

Log4j Configuration Files

If any log4j configuration files in a VMware Identity Manager instance were edited, new versions of the files are not automatically installed during the upgrade. However, after the upgrade, the logs controlled by those files will not work.

To resolve this issue:

  1. Log in to the virtual appliance.
  2. Search for log4j files with the .rpmnew suffix.

    find / -name "**log4j.properties.rpmnew"

  3. For each file found, copy the new file to the corresponding old log4j file without the .rpmnew suffix.

Cluster ID in Secondary Data Center

Beginning with VMware Identity Manager 3.3, cluster IDs are used to identify the nodes in a cluster.

If your VMware Identity Manager deployment includes a secondary data center, you must change the cluster ID of the secondary data center after upgrade. Before changing the cluster ID, verify that each node has the Elasticsearch discovery-idm plugin installed.

  1. Verify that each node has the Elasticsearch discovery-idm plugin.
    1. Log in to the virtual appliance.
    2. Use the following command to check if the plugin is installed.

      /opt/vmware/elasticsearch/bin/plugin list

    3. If the plugin does not exist, use the following command to add it.

      /opt/vmware/elasticsearch/bin/plugin install file:///opt/vmware/elasticsearch/jars/discovery-idm-1.0.jar

  2. Log in to the VMware Identity Manager console.
  3. Select the Dashboard > System Diagnostics Dashboard tab.
  4. In the top panel, locate the cluster information for the secondary data center cluster.
  5. Update the cluster ID of all the nodes in the secondary data center to a different number than the one used in the first data center.

    For example, set all the nodes in the secondary data center to 3, if the first data center is not using 3.


    cluster information

  6. Verify that the clusters in both the primary and secondary data centers are formed correctly.

    Follow these steps for each node in the primary and secondary data centers.

    1. Log in to the virtual appliance.
    2. Run the following command:

      curl 'http://localhost:9200/_cluster/health?pretty'

      If the cluster is configured correctly, the command returns a result similar to the following example:

      {
        "cluster_name" : "horizon",
        "status" : "green",
        "timed_out" : false,
        "number_of_nodes" : 3,
        "number_of_data_nodes" : 3,
        "active_primary_shards" : 20,
        "active_shards" : 40,
        "relocating_shards" : 0,
        "initializing_shards" : 0,
        "unassigned_shards" : 0,
        "delayed_unassigned_shards" : 0,
        "number_of_pending_tasks" : 0,
        "number_of_in_flight_fetch" : 0
      }

Cache Service Setting in Secondary Data Center Appliances

If you set up a secondary data center, VMware Identity Manger instances in the secondary data center are configured for read-only access with the "read.only.service = true" entry in the /usr/local/horizon/conf/runtime-config.properties file. After you upgrade such an appliance, the service fails to start.

To resolve this issue:

  1. Log in to the virtual appliance.
  2. Add the following line to the /usr/local/horizon/conf/runtime-config.properties file:

    cache.service.type = ehcache

  3. Restart the service.

    service horizon-workspace restart

Citrix Integration

For Citrix integration in VMware Identity Manager 3.3, all external connectors must be version 2018.8.1.0 (the connector version in the 3.3 release) or later.

You must also use Integration Broker 3.3. Upgrade is not available for Integration Broker. Uninstall the old version, then install the new version.

Changes in Past Releases

For changes in past releases, see Upgrading to VMware Identity Manager 3.3 (Linux).