After you upgrade to VMware Identity Manager 3.3, you might need to configure certain settings.

Log4j Configuration Files

If any log4j configuration files in a VMware Identity Manager instance were edited, new versions of the files are not automatically installed during the upgrade. However, after the upgrade, the logs controlled by those files do not work.

To resolve this issue:

  1. Log in to the virtual appliance.
  2. Search for log4j files with the .rpmnew suffix.

    find / -name "*log4j.properties.rpmnew"

  3. For each file found, copy the new file to the corresponding old log4j file without the .rpmnew suffix.

Cluster ID in Secondary Data Center

Beginning with VMware Identity Manager 3.3, cluster IDs are used to identify the nodes in a cluster.

If your VMware Identity Manager deployment includes a secondary data center, you must change the cluster ID of the secondary data center after upgrade. Before changing the cluster ID, verify that each node has the Elasticsearch discovery-idm plugin installed.

  1. Verify that each node has the Elasticsearch discovery-idm plugin.
    1. Log in to the virtual appliance.
    2. Use the following command to check if the plugin is installed.

      /opt/vmware/elasticsearch/bin/plugin list

    3. If the plugin does not exist, use the following command to add it.

      /opt/vmware/elasticsearch/bin/plugin install file:///opt/vmware/elasticsearch/jars/discovery-idm-1.0.jar

  2. Log in to the VMware Identity Manager console.
  3. Select the Dashboard > System Diagnostics Dashboard tab.
  4. In the top panel, locate the cluster information for the secondary data center cluster.
  5. Update the cluster ID of all the nodes in the secondary data center to a different number than the one used in the first data center.

    For example, set all the nodes in the secondary data center to 3, if the first data center is not using 3.


    cluster information

  6. Verify that the clusters in both the primary and secondary data centers are formed correctly.

    Follow these steps for each node in the primary and secondary data centers.

    1. Log in to the virtual appliance.
    2. Run the following command:

      curl 'http://localhost:9200/_cluster/health?pretty'

      If the cluster is configured correctly, the command returns a result similar to the following example: 

      {
  "cluster_name" : "horizon",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 3,
  "number_of_data_nodes" : 3,
  "active_primary_shards" : 20,
  "active_shards" : 40,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0
}

Cache Service Setting in Secondary Data Center Appliances

If you set up a secondary data center, VMware Identity Manager instances in the secondary data center are configured for read-only access with the "read.only.service=true" entry in the /usr/local/horizon/conf/runtime-config.properties file. After you upgrade such an appliance, the service fails to start.

To resolve this issue, perform the steps that follow. The steps include an example scenario of a secondary data center containing the following three nodes.
sva1.example.com
sva2.example.com
sva3.example.com
  1. Log in to a virtual appliance in the secondary data center as the root user.

    For this example, log in to sva1.example.com.

  2. Edit the /usr/local/horizon/conf/runtime-config.properties file as indicated in the substeps that follow.

    You might be able to edit an existing entry, or you can add a new entry. If applicable, uncomment entries that are commented out.

    1. Set the value of the cache.service.type entry to ehcache.
      cache.service.type=ehcache
    2. Set the value of the ehcache.replication.rmi.servers entry to the fully qualified domain names (FQDN) of the other nodes in the secondary data center. Use a colon : as the separator.

    For this example, configure the entry as follows.

    ehcache.replication.rmi.servers=sva2.example.com:sva3.example.com
  3. Restart the service.

    service horizon-workspace restart

  4. Repeat the preceding steps on the remaining nodes in the secondary data center.

    For this example, the remaining nodes to configure are sva2.example.com and sva3.example.com.

Citrix Integration

For Citrix integration in VMware Identity Manager 3.3, all external connectors must be version 2018.8.1.0 (the connector version in the 3.3 release) or later.

You must also use Integration Broker 3.3. Upgrade is not available for Integration Broker. Uninstall the old version, then install the new version.