Consider your entire deployment, including the resources you plan to integrate, when you make decisions about hardware, resources, and network requirements.

Supported vSphere and ESX Versions

You install the virtual appliance in vCenter Server. The following versions of vSphere and ESX server are supported:

  • 5.5 and later
  • 6.0 and later

The VMware vSphere® Web Client is required to deploy the OVA file and access the deployed virtual appliance remotely.

VMware Identity Manager Connector Virtual Appliance Requirements

Ensure that you meet the requirements for the number of servers and the resources allocated to each server.

Number of Users Up to 1,000 1,000-10,000 10,000-25,000 25,000-50,000 50,000-100,000
Number of connector servers 1 server 2 load-balanced servers 2 load-balanced servers 2 load-balanced servers 2 load-balanced servers
CPU (per server) 2 CPU 4 CPU 4 CPU 4 CPU 4 CPU
RAM (per server) 6 GB 6 GB 8 GB 16 GB 16 GB
Disk space (per server) 60 GB 60 GB 60 GB 60 GB 60 GB

Network Configuration Requirements

Component Minimum Requirement
DNS record and static IP address

See Create DNS Records and IP Addresses.

Firewall port

Ensure that the outbound firewall port 443 is open from the connector instance to your VMware Identity Manager URL.

Port Requirements

Ports used in the connector server configuration are described below. Your deployment might include only a subset of these.

Port Source Target Description

Connector virtual appliance

VMware Identity Manager service host HTTPS
443 Connector virtual appliance VMware Identity Manager service load balancer HTTPS
443, 80

Connector virtual appliance Access to the upgrade server
8443 Browsers Connector virtual appliance HTTPS

Administrator Port

443 Browsers Connector virtual appliance HTTPS

This port is only required for a connector being used in inbound mode.

If Kerberos authentication is configured on the connector, this port is required.

389, 636, 3268, 3269

Connector virtual appliance

Active Directory Default values are shown. These ports are configurable.

Connector virtual appliance

RSA SecurID system Default value is shown. This port is configurable

Connector virtual appliance

DNS server TCP/UDP

Every virtual appliance must have access to the DNS server on port 53 and allow incoming SSH traffic on port 22

88, 464, 135, 445

Connector virtual appliance

Domain controller TCP/UDP
389, 443

Connector virtual appliance

View Connection Server

Access to View Connection Server instances for Horizon/View integrations


Connector virtual appliance

VMware ThinApp repository Access to ThinApp repository
80, 443 Connector virtual appliance Integration Broker server TCP

Connection to the Integration Broker server. Port option depends on whether a certificate is installed on the Integration Broker server.

514 Connector virtual appliance syslog server UDP

For external syslog server, if configured

Supported Directories

You integrate your enterprise directory with VMware Identity Manager and sync users and groups from your enterprise directory to the service. You can integrate the following types of directories.

  • An Active Directory environment that consists of a single Active Directory domain, multiple domains in a single Active Directory forest, or multiple domains across multiple Active Directory forests.

    VMware Identity Manager supports Active Directory on Windows 2008, 2008 R2, 2012, and 2012 R2, with a Domain functional level and Forest functional level of Windows 2003 and later.

    Note: A higher functional level may be required for some features. For example, to allow users to change Active Directory passwords from Workspace ONE, the Domain functional level must be Windows 2008 or later.
  • An LDAP directory

Your directory must be accessible to the connector virtual appliance.

Note: You can also create local directories in the VMware Identity Manager service.

Supported Web Browsers to Access the Administration Console

The VMware Identity Manager console is a web-based application you use to manage your tenant. You can access the VMware Identity Manager console from the latest versions of Mozilla Firefox, Google Chrome, Safari, Microsoft Edge, and Internet Explorer 11.

Note: In Internet Explorer 11, JavaScript must be enabled and cookies allowed to authenticate through VMware Identity Manager.

Supported Browsers to Access the Workspace ONE Portal

End users can access the Workspace ONE portal from the following browsers.

  • Mozilla Firefox (latest)
  • Google Chrome (latest)
  • Safari (latest)
  • Internet Explorer 11
  • Microsoft Edge browser
  • Native browser and Google Chrome on Android devices
  • Safari on iOS devices
Note: In Internet Explorer 11, JavaScript must be enabled and cookies allowed to authenticate through VMware Identity Manager.