Consider your entire deployment, including the resources you plan to integrate, when you make decisions about hardware, resources, and network requirements.

Supported vSphere and ESX Versions

You install the virtual appliance in vCenter Server. The following versions of vSphere and ESX server are supported:

  • 5.5 and later

  • 6.0 and later

The VMware vSphere® Web Client is required to deploy the OVA file and access the deployed virtual appliance remotely.

VMware Identity Manager Connector Virtual Appliance Requirements

Ensure that you meet the requirements for the number of servers and the resources allocated to each server.

Number of Users

Up to 1,000

1,000-10,000

10,000-25,000

25,000-50,000

50,000-100,000

Number of connector servers

1 server

2 load-balanced servers

2 load-balanced servers

2 load-balanced servers

2 load-balanced servers

CPU (per server)

2 CPU

4 CPU

4 CPU

4 CPU

4 CPU

RAM (per server)

6 GB

6 GB

8 GB

16 GB

16 GB

Disk space (per server)

60 GB

60 GB

60 GB

60 GB

60 GB

Network Configuration Requirements

Component

Minimum Requirement

DNS record and static IP address

See Create DNS Records and IP Addresses.

Firewall port

Ensure that the outbound firewall port 443 is open from the connector instance to your VMware Identity Manager URL.

Port Requirements

Ports used in the connector server configuration are described below. Your deployment might include only a subset of these.

Port

Source

Target

Description

443

Connector virtual appliance

VMware Identity Manager service host

HTTPS

443

Connector virtual appliance

VMware Identity Manager service load balancer

HTTPS

443, 80

Connector virtual appliance

vapp-updates.vmware.com

Access to the upgrade server

8443

Browsers

Connector virtual appliance

HTTPS

Administrator Port

443

Browsers

Connector virtual appliance

HTTPS

This port is only required for a connector being used in inbound mode.

If Kerberos authentication is configured on the connector, this port is required.

389, 636, 3268, 3269

Connector virtual appliance

Active Directory

Default values are shown. These ports are configurable.

5500

Connector virtual appliance

RSA SecurID system

Default value is shown. This port is configurable

53

Connector virtual appliance

DNS server

TCP/UDP

Every virtual appliance must have access to the DNS server on port 53 and allow incoming SSH traffic on port 22

88, 464, 135, 445

Connector virtual appliance

Domain controller

TCP/UDP

389, 443

Connector virtual appliance

View Connection Server

Access to View Connection Server instances for Horizon/View integrations

445

Connector virtual appliance

VMware ThinApp repository

Access to ThinApp repository

80, 443

Connector virtual appliance

Integration Broker server

TCP

Connection to the Integration Broker server. Port option depends on whether a certificate is installed on the Integration Broker server.

514

Connector virtual appliance

syslog server

UDP

For external syslog server, if configured

Supported Directories

You integrate your enterprise directory with VMware Identity Manager and sync users and groups from your enterprise directory to the service. You can integrate the following types of directories.

  • An Active Directory environment that consists of a single Active Directory domain, multiple domains in a single Active Directory forest, or multiple domains across multiple Active Directory forests.

    VMware Identity Manager supports Active Directory on Windows 2008, 2008 R2, 2012, and 2012 R2, with a Domain functional level and Forest functional level of Windows 2003 and later.

    Note:

    A higher functional level may be required for some features. For example, to allow users to change Active Directory passwords from Workspace ONE, the Domain functional level must be Windows 2008 or later.

  • An LDAP directory

Your directory must be accessible to the connector virtual appliance.

Note:

You can also create local directories in the VMware Identity Manager service.

Supported Web Browsers to Access the Administration Console

The VMware Identity Manager administration console is a web-based application you use to manage your tenant. You can access the administration console from the latest versions of Mozilla Firefox, Google Chrome, Safari, Microsoft Edge, and Internet Explorer 11.

Note:

In Internet Explorer 11, JavaScript must be enabled and cookies allowed to authenticate through VMware Identity Manager.

Supported Browsers to Access the Workspace ONE Portal

End users can access the Workspace ONE portal from the following browsers.

  • Mozilla Firefox (latest)

  • Google Chrome (latest)

  • Safari (latest)

  • Internet Explorer 11

  • Microsoft Edge browser

  • Native browser and Google Chrome on Android devices

  • Safari on iOS devices

Note:

In Internet Explorer 11, JavaScript must be enabled and cookies allowed to authenticate through VMware Identity Manager.