Configure Directories Management for High Availability in Region A

Each vRealize Automation appliance includes a connector that supports user authentication, although only one connector is typically configured to perform directory synchronization.

About this task

To support Directories Management high availability, you must configure a second connector that corresponds to your second vRealize Automation appliance. That second connector connects to the same Identity Provider and, through VMware Identity Manager, points to the same Active Directory instance. With this configuration, if one appliance fails, the other can take over management of user authentication.

In a high availability environment, all nodes must serve the same set of users, authentication methods, and other Active Directory constructs. The most direct method to accomplish this is to promote the Identity Provider to the cluster by setting the load balancer host as the Identity Provider host. With this configuration, all authentication requests are directed to the load balancer, which forwards the request to either connector as appropriate.

Procedure

Open a Web browser and go to https://vra01svr01.rainpole.local/vcac/org/rainpole.

Setting	Value
User name	ITAC-LocalRainpoleAdmin
Password	`itac-localrainpoleadmin_password`
Domain	vsphere.local

Navigate to Administration > Directories Management > Identity Providers.
Click the name of the identity provider WorkspaceIDP__1 to edit its settings.

Under Connector(s), specify the following settings and click Add Connector.

Setting	Value
Add a Connector	vra01svr01b.rainpole.local
Bind DN Password	`svc-vra_password`
Domain Admin Password	`domain_admin_password`

Wait until vra01svr01b.rainpole.local shows under Connector(s) before proceeding to the next step. This might take a few minutes.

In the IdP Hostname text box, enter vra01svr01.rainpole.local, the host name of the load balancer, and click Save.
Log out of vRealize Automation portal.