Consider your entire deployment, including how you integrate resources, when you make decisions about hardware, resources, and network requirements.

Supported vSphere and ESX Versions

The following versions of vSphere and ESX server are supported:

  • 5.0 U2 and later

  • 5.1 and later

  • 5.5 and later

  • 6.0 and later

Note:

You must turn on time sync at the ESX host level using an NTP server. Otherwise, a time drift occurs between the virtual appliances.

If you deploy multiple virtual appliances on different hosts, consider disabling the Sync to Host option for time synchronization and configuring the NTP server in each virtual appliance directly to ensure that there is no time drift between the virtual appliances.

Hardware Requirements

Ensure that you meet the requirements for the number of VMware Identity Manager virtual appliances and the resources allocated to each appliance.

Number of Users

Up to 1,000

1,000-10,000

10,000-25,000

25,000-50,000

50,000-100,000

Number of VMware Identity Manager servers

1 server

3 load-balanced servers

3 load-balanced servers

3 load-balanced servers

3 load-balanced servers

CPU (per server)

2 CPU

2 CPU

4 CPU

8 CPU

8 CPU

RAM (per server)

6 GB

6 GB

8 GB

16 GB

32 GB

Disk space (per server)

60 GB

100 GB

100 GB

100 GB

100 GB

If you install additional, external connector virtual appliances, ensure that you meet the following requirements.

Number of Users

Up to 1,000

1,000-10,000

10,000-25,000

25,000-50,000

50,000-100,1000

Number of connector servers

1 server

2 load-balanced servers

2 load-balanced servers

2 load-balanced servers

2 load-balanced servers

CPU (per server)

2 CPU

4 CPU

4 CPU

4 CPU

4 CPU

RAM (per server)

6 GB

6 GB

8 GB

16 GB

16 GB

Disk space (per server)

60 GB

60 GB

60 GB

60 GB

60 GB

Database Requirements

Set up VMware Identity Manager with an external database to store and organize server data. An internal PostgreSQL database is embedded in the virtual appliance but it is not recommended for use with production deployments.

For information about the database versions and service pack configurations supported, see the VMware Product Interoperability Matrices at https://www.vmware.com/resources/compatibility/sim/interop_matrix.php.

The following requirements apply to an external SQL Server database.

Number of Users

Up to 1,000

1,000-10,000

10,000-25,000

25,000-50,000

50,000-100,000

CPU

2 CPU

2 CPU

4 CPU

8 CPU

8 CPU

RAM

4 GB

4 GB

8 GB

16 GB

32 GB

Disk space

50 GB

50 GB

50 GB

100 GB

100 GB

Network Configuration Requirements

Component

Minimum Requirement

DNS record and IP address

IP address and DNS record

Firewall port

Ensure that the inbound firewall port 443 is open for users outside the network to the VMware Identity Manager instance or the load balancer.

Reverse Proxy

Deploy a reverse proxy such as F5 Access Policy Manager in the DMZ to allow users to securely access the VMware Identity Manager user portal remotely.

Port Requirements

Ports used in the server configuration are described here. Your deployment might include only a subset of these ports. Here are two potential scenarios:

  • To sync users and groups from Active Directory, VMware Identity Manager must connect to Active Directory.

  • To sync with ThinApp, the VMware Identity Manager must join the Active Directory domain and connect to the ThinApp Repository share.

Port

Portal

Source

Target

Description

443

HTTPS

Load Balancer

VMware Identity Manager virtual appliance

443

HTTPS

VMware Identity Manager virtual appliance

VMware Identity Manager virtual appliance

443

HTTPS

Browsers

VMware Identity Manager virtual appliance

443

HTTPS

VMware Identity Manager virtual appliance

vapp-updates.vmware.com

Access to the upgrade server

8443

HTTPS

Browsers

VMware Identity Manager virtual appliance

Administrator Port

25

SMTP

VMware Identity Manager virtual appliance

SMTP

Port to relay outbound mail

389

636

3268

3269

LDAP

LDAPS

MSFT-GC

MSFT-GC-SSL

VMware Identity Manager virtual appliance

Active Directory

Default values are shown. These ports are configurable.

445

TCP

VMware Identity Manager virtual appliance

VMware ThinApp repository

Access to the ThinApp repository

5500

UDP

VMware Identity Manager virtual appliance

RSA SecurID system

Default value is shown. This port is configurable.

53

TCP/UDP

VMware Identity Manager virtual appliance

DNS server

Every virtual appliance must have access to the DNS server on port 53 and allow incoming SSH traffic on port 22.

88, 464, 135

TCP/UDP

VMware Identity Manager virtual appliance

Domain controller

9300–9400

TCP

VMware Identity Manager virtual appliance

VMware Identity Manager virtual appliance

Audit needs

54328

UDP

1433, 5432, 1521

TCP

VMware Identity Manager virtual appliance

Database

Microsoft SQL default port is 1433

The Oracle default port is 1521

443

VMware Identity Manager virtual appliance

View server

Access to View server

80, 443

TCP

VMware Identity Manager virtual appliance

Citrix Integration Broker server

Connection to the Citrix Integration Broker. Port option depends on whether a certificate is installed on the Integration Broker server

443

HTTPS

VMware Identity Manager virtual appliance

AirWatch REST API

For device compliance checking and for the AirWatch Cloud Connector password authentication method, if that is used.

88

TCP/UDP

iOS mobile device

VMware Identity Manager virtual appliance

Port used for Kerberos traffic from iOS device to the built-in KDC.

5262

TCP

Android mobile device

AirWatch HTTPS proxy service

AirWatch Tunnel client routes traffic to the HTTPS proxy for Android devices.

Active Directory

VMware Identity Manager supports Active Directory on Windows 2008, 2008 R2, 2012, and 2012 R2, with a Domain functional level and Forest functional level of Windows 2003 and later.

Supported Web Browsers to Access the Administration Console

The VMware Identity Manager administration console is a Web-based application you use to manage your tenant. You can access the administration console from the following browsers.

  • Internet Explorer 11 for Windows systems

  • Google Chrome 42.0 or later for Windows and Mac systems

  • Mozilla Firefox 40 or later for Windows and Mac systems

  • Safari 6.2.8 and later for Mac systems

Note:

In Internet Explorer 11, JavaScript must be enabled and cookies allowed to authenticate through VMware Identity Manager.

Supported Browsers to Access the Workspace ONE Portal

End users can access the Workspace ONE portal from the following browsers.

  • Mozilla Firefox (latest)

  • Google Chrome (latest)

  • Safari (latest)

  • Internet Explorer 11

  • Microsoft Edge browser

  • Native browser and Google Chrome on Android devices

  • Safari on iOS devices

Note:

In Internet Explorer 11, JavaScript must be enabled and cookies allowed to authenticate through VMware Identity Manager.