When you configure VMware identity Manager with an external firewall, whitelist the IP address ranges or URLs for the following VMware Identity Manager services to provide access to that service.

Use the nslookup command or another command-line tool to query the Domain Name System to obtain the IP addresses to add to your external firewall whitelist.

Table 1.

Service

Domain Name System

Description

VMware Identity Manager Catalog

catalog.vmwareidentity.com

To make sure that the content of the catalog can be accessed, add the URLs from the list to the whitelist.

That content is also delivered through AWS CloudFront CDN, which maintains its own list of public IP addresses. See http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/LocationsOfEdgeServers.html.

VMware Verify

api.authy.com

If VMware Verify is configured as an authentication method, add the URLS from the list to the whitelist.

Hybrid KDC

kdc.op.<vmwareidentity.xxx>

When hybrid KDC is configured for your VMware Identity Manager on-premises operation, select one of the following domains to look up the URLS.

  • vmwareidentity.ca

  • vmwareidentity.com

  • vmwareidentity.eu

  • vmwareidentity.co.uk

  • vmwareidentity.de

  • vmwareidentity.com.au

  • vmwareidentity.asia

Updates from VMware Identity Manager

vapp-updates.vmware.com

To receive VMware Identity Manager updates and to download patches from the VMware Update Manager, add the URLs from the list to the whitelist.