During deployment, the VMware Identity Manager virtual appliance is set up inside the internal network. If you want to provide access to the service for users connecting from outside networks, you must install a load balancer or a reverse proxy, such as Apache, nginx, or F5, in the DMZ.

If you do not use a load balancer or reverse proxy, you cannot expand the number of VMware Identity Manager appliances later. You might need to add more appliances to provide redundancy and load balancing. The following diagram shows the basic deployment architecture you can use to enable external access.

Figure 1. External Load Balancer Proxy with Virtual Machine
This diagram shows how an external gateway proxy works with the Horizon Workspace vApp.

Specify VMware Identity Manager FQDN during Deployment

During the deployment of the VMware Identity Manager virtual machine, you enter the VMware Identity Manager FQDN and port number. These values must point to the host name that you want end users to access.

The VMware Identity Manager virtual machine always runs on port 443. You can use a different port number for the load balancer. If you use a different port number, you must specify it during deployment.

Load Balancer Settings to Configure

Load balancer settings to configure include enabling X-Forwarded-For headers, setting the load balancer timeout correctly, and enabling sticky sessions. In addition, SSL trust must be configured between the VMware Identity Manager virtual appliance and the load balancer.

  • X-Forwarded-For Headers

    You must enable X-Forwarded-For headers on your load balancer. This determines the authentication method. See the documentation provided by your load balancer vendor for more information.

  • Load Balancer Timeout

    For VMware Identity Manager to function correctly, you might need to increase the load balancer request timeout from the default. The value is set in minutes. If the timeout setting is too low, you might see this error, “502 error: The service is currently unavailable.”

  • Enable Sticky Sessions

    You must enable the sticky session setting on the load balancer if your deployment has multiple VMware Identity Manager appliances. The load balancer will then bind a user's session to a specific instance.