To use your VMware Identity Manager tenant, you need an on-premises component for user authentication and directory integration. Two main types of deployment models are available, one that integrates with a VMware AirWatch® deployment, and one that does not require AirWatch and uses the VMware Identity Manager connector.

You can also combine deployment models if you require functionality that is not supported in one of the models.

  • Deployment Model using AirWatch Cloud Connector

    If you have an existing AirWatch deployment, you can integrate your VMware Identity Manager tenant with it quickly. In this model, user and group sync from your enterprise directory and user authentication are handled by AirWatch. There are no additional deployment requirements for VMware Identity Manager.

    Note that integrating VMware Identity Manager with resources such as Horizon 7 and Citrix-published resources is not supported in this model. Only integration with Web applications and native mobile applications is supported.

    See Deployment Model Using AirWatch Cloud Connector.

  • Deployment Model using VMware Identity Manager Connector (in outbound-only connection mode)

    To use your VMware Identity Manager tenant in a scenario that does not require an AirWatch deployment, you install the VMware Identity Manager connector virtual appliance on premises. The connector connects the tenant with on-premises services such as Active Directory. In this model, user and group sync from your enterprise directory and user authentication are handled by the VMware Identity Manager connector. The connector is installed in outbound-only connection mode and does not require inbound firewall port 443 to be opened.

    See Deployment Model Using VMware Identity Manager Connector in Outbound-Only Connection Mode.

    • Adding Kerberos authentication support to your deployment

      You can add Kerberos authentication for internal users (which requires inbound connection mode) to your deployment based on outbound-only connection mode connectors.

      See Adding Kerberos Authentication Support to Your Deployment.

  • VMware Identity Manager Connector Legacy Deployment Model

    The VMware Identity Manager connector can also be installed in legacy mode, which requires opening inbound firewall port 443 to the connector.

    For information about installing and configuring the connector in this model, see Installing and Configuring VMware Identity Manager Connector (Legacy Mode).