After you upgrade to VMware Identity Manager 2.9.x, configure these settings.

  • Bulk sync changes in VMware Identity Manager 2.9.1

    In version 2.8.1, bulk sync was processed with 4 threads per CPU through a global configuration parameter in the database named bulkSyncThreadLimitPerCPU=4.

    Beginning with version 2.9.1, the number of threads for bulk sync processing is not based on CPU. It is an absolute number, which is the same as the number of CPUs on a node by default.

    If you sync large numbers of users and groups and you notice that sync is slow after upgrade, you can specify the number of threads by setting the global configuration parameter called bulkSyncSharedThreadCount.

    Set the thread value in the database using the following REST API, then restart the nodes for the change to take effect.

    HTTP Request:

    Operation: PUT
    URI: bulkSyncSharedThreadCount

    HTTP Headers:

    Content-Type: application/vnd.vmware.horizon.manager.systemconfigparameter+json
    Accept: application/vnd.vmware.horizon.manager.systemconfigparameter+json
    Authorization: HZN <operator token>

    Request Body (with 8 threads as an example):

    {
        "name": "bulkSyncSharedThreadCount",
        "values": {
            "values": [
                "8"
            ]
        }
    }

  • If you have set up a VMware Identity Manager cluster for failover with two nodes, updating it to three nodes is recommended. This is because of a limitation of Elasticsearch, a search and analytics engine embedded in the VMware Identity Manager appliance. You may continue to use two nodes but you should be aware of a few limitations related to Elasticsearch. See "Configuring Failure and Redundancy" in Installing and Configuring VMware Identity Manager for more information.

  • Enable the new portal user interface.

    1. In the administration console, click the arrow on the Catalog tab and select Settings.

    2. Select New End User Portal UI in the left pane and click Enable New Portal UI.

  • Transport Layer Security (TLS) protocol 1.0 is disabled by default in VMware Identity Manager 2.9.x. TLS 1.1 and 1.2 are supported.

    External product issues are known to occur when TLS 1.0 is disabled. Updating your other product configurations to use TLS 1.1 or 1.2 is recommended. However, if these products have a dependence on TLS 1.0, you can enable TLS 1.0 in VMware Identity Manager by following the instructions in Knowledge Base article 2144805.