If you use VMware vRealize® products or VMware NSX-T™ with VMware Identity Manager™ 3.3.6, you upgrade to VMware Identity Manager version 3.3.7 directly from VMware Identity Manager 3.3.6.

For more information about the VMware Identity Manager 3.3.7 release, see the 3.3.7 release notes.

Note:
  • You can also freshly install VMware Identity Manager 3.3.7.
    • For general information about performing a fresh 3.3.7 installation, see the 3.3 version of Installing and Configuring VMware Identity Manager for Linux guide, which also applies to 3.3.7.
    • In 3.3.7, you can install VMware Identity Manager in FIPS (Federal Information Processing Standard) mode. VMware Identity Manager does not support upgrading from a non-FIPS installation to a FIPS installation. To install VMware Identity Manager 3.3.7 in FIPS mode, also see Perform a Fresh Installation of VMware Identity Manager 3.3.7 in FIPS Mode.
  • If you are a VMware vRealize® Automation™ customer, follow Enable Tenant-In-Host Name Multi-Tenancy with vRealize Automation 8.x.
  • For VMware Identity Manager 3.3.7 with Active Directory over Integrated Windows Authentication (IWA) or the Kerberos authentication adapter, continue to use the external Windows connector.

Supported VMware Identity Manager Upgrade Paths

The following upgrade paths are supported:

  • From version 3.3.6, you can upgrade directly to version 3.3.7.
  • From version 3.3.3, 3.3.4, and 3.3.5, you must upgrade directly to version 3.3.6 before upgrading to 3.3.7.
  • From version 3.3.2, you must first upgrade to version 3.3.5, then upgrade from 3.3.5 to 3.3.6 and then to 3.3.7.
    Important: Perform the 3.3.2 to 3.3.5 upgrade as an offline upgrade. See Upgrading to VMware Identity Manager 3.3.5 (Linux) for more information.

Links to previous VMware Identity Manager upgrade guides.

VMware Identity Manager Connector Upgrade Paths

The following upgrade paths are supported:

  • If you installed the VMware Identity Manager Connector for Windows 3.3.1 and 3.3.2 with vRealize Suite Lifecycle Manager, you cannot upgrade to the 3.3.7 connector. You must install the new 3.3.7 version of the connector.
  • If you installed the VMware Identity Manager Connector for Windows 3.3.2, 3.3.3, 3.3.4, 3.3.5, or 3.3.6 using the .exe installer, you can upgrade your connector to 3.3.7.
Important: Migrating your IWA directory from an external Windows connector to an embedded connector is not supported.

The following upgrade paths are not supported:

  • A VMware Identity Manager Connector for Windows upgrade for connector instances installed by VMware vRealize® Suite Lifecycle Manager™.
  • A VMware Identity Manager Connector for Linux upgrade.

    The external VMware Identity Manager Linux-based connector is deprecated. New versions of the Linux connector are no longer available. You can continue to use previous versions of the Linux-based connector, but such versions do not have the newest functionality.

VMware Products That Can Upgrade to VMware Identity Manager 3.3.7

  • vRealize Products such as VMware vRealize Automation™, VMware vRealize Suite Lifecycle Manager, VMware vRealize® Operations™, VMware vRealize® Business™ for Cloud , VMware vRealize® Log Insight, and VMware vRealize® Network Insight™ for authentication and SSO.
    • vRealize products that are deployed and managed through vRealize Suite Lifecycle Manager can consume VMware Identity Manager versions 3.3.6 to 3.3.7 (versions 3.3.2 to 3.3.5 is out of support).
    • vRealize Suite Lifecycle Manager can now handle a brand-new installation of VMware Identity Manager 3.3.7 or an upgrade to 3.3.7 from VMware Identity Manager 3.3.6.
      Note: To upgrade from version 3.3.2, you must first perform an offline upgrade from version 3.3.2 to 3.3.5, upgrade from 3.3.5 to 3.3.6 and then to 3.3.7.

      To upgrade from 3.3.3, 3.3.4, or 3.3.5, you must first upgrade to 3.3.6 and then to 3.3.7.

    Caution: The following known limitations exist when you deploy VMware Identity Manager with vRealize Suite Lifecycle Manager.
    • Changing the VMware Identity Manager hostname causes several issues. Therefore, after you deploy VMware Identity Manager with vRealize Suite Lifecycle Manager, do not change the VMware Identity Manager hostname.
    • The steps to remove a node from a VMware Identity Manager cluster are not supported when you deploy VMware Identity Manager with vRealize Suite Lifecycle Manager.
  • NSX-T for Authentication and SSO
    • NSX-T can be deployed with VMware Identity Manager versions 3.3.2 to 3.3.7, or upgraded to 3.3.7 from 3.3.6.
      Note: To upgrade from version 3.3.2, you must first perform an offline upgrade from version 3.3.2 to 3.3.5, and then upgrade from 3.3.5 to 3.3.6 and then to 3.3.7.

      To upgrade from 3.3.3, 3.3.4, or 3.3.5, you must first upgrade to 3.3.6 and then to 3.3.7.

Internet Connectivity

You can upgrade VMware Identity Manager online or offline.

By default, the VMware Identity Manager appliance uses the VMware website for the upgrade procedure. This approach requires the appliance to have Internet connectivity. You must also configure proxy server settings for the appliance, if applicable.

If your virtual appliance does not have Internet connectivity, you can perform the upgrade offline. For an offline upgrade, you download the upgrade package from My VMware. You use the updateoffline.hzn script to perform the upgrade.

If you are upgrading to VMware Identity Manager 3.3.7 using vRealize Suite Lifecycle Manager, only the offline upgrade is supported.

Upgrade Scenarios

Hardware Sizing Requirements

The hardware-sizing requirements in the following table are specific to VMware Identity Manager 3.3.7. See the 3.3 version of the Installing and Configuring VMware Identity Manager for Linux guide for a broader list of hardware-sizing requirements.

Important:

For best results, implement the following sync-related practices.

  • Because the initial directory sync is an intensive, resource consuming operation, perform the initial directory sync on one tenant at a time.
  • Stagger directory syncs across tenants to avoid the resource consumption of running directory syncs on two or more tenants at the same time.

You can use the internal PostgreSQL database or an external Microsoft SQL database. Both options can provide high availability.

To achieve high availability with the internal PostgreSQL database, you must leverage vRealize Suite Lifecycle Manager. See the table that follows and see the vRealize Suite Lifecycle Installation, Upgrade, and Management Guide.

For an external Microsoft SQL database configuration, see the 3.3 version of the Installing and Configuring VMware Identity Manager for Linux guide.

Note:
  • For new deployments, the default VMware Identity Manager sizing requirements are as follows:
    • 4vCPU
    • 8 GB Memory
    • 100 GB disk space
  • If you are using VMware Identity Manager 3.3.3 or 3.3.4 with vRealize Automation 8.3, the following minimum sizing requirements apply:
    • 8vCPU
    • 16 GB Memory
    • 100 GB disk space

To upgrade to 3.3.7, confirm that the VMware Identity Manager sizing matches the guidelines in the following table.

Directory Sync of Users and Groups per Tenant* VMware Identity Manager Appliance with Internal PostgreSQL Database and Embedded Connector, per Node Requirements External Windows-Based Connector, per Connector-Instance Requirements
Maximum:
  • 3,000 users
  • 30 groups
A single node or a three-node cluster:
  • 4 vCPU
  • 8 GB memory
  • 100 GB disk space
Note: Select the Extra Small sizing option when you deploy the OVA.
  • 2 vCPU
  • 6 GB memory
  • 30 GB disk space
Maximum:
  • 5,000 users
  • 50 groups
A single node or a three-node cluster:
  • 6 vCPU
  • 10 GB memory
  • 100 GB disk space
Note: Select the Small sizing option when you deploy the OVA.
  • 2 vCPU
  • 6 GB memory
  • 30 GB disk space
Maximum:
  • 10,000 Users
  • 100 groups
Three-node cluster:
  • 8 vCPU
  • 16 GB memory
  • 100 GB disk space
Note: Select the Medium sizing option when you deploy the OVA.
  • 4 vCPU
  • 6 GB memory
  • 50 GB disk space
Maximum:
  • 25,000 users
  • 250 groups
Three-node cluster:
  • 10 vCPU
  • 16 GB memory
  • 100 GB disk space
Note: Select the Large sizing option when you deploy the OVA.
  • 4 vCPU
  • 8 GB memory
  • 50 GB disk space
Maximum:
  • 50,000 users
  • 500 groups
Three-node cluster:
  • 12 vCPU
  • 32 GB memory
  • 100 GB disk space
Note: Select the Extra Large sizing option when you deploy the OVA.
  • 4 vCPU
  • 16 GB memory
  • 60 GB disk space
Maximum:
  • 100,000 users
  • 1,000 groups
Three-node cluster:
  • 14 vCPU
  • 48 GB RAM
  • 100 GB disk space
Note: Select the Extra Extra Large sizing option when you deploy the OVA.
  • 4 vCPU
  • 16 GB memory
  • 60 GB disk space

*If either the number of users or the number of groups for a tenant exceeds the Maximum, see the next row.