The VMware Identity Manager is integrated directly into the vRealize Automation appliance and provides tenant identity management.

The VMware Identity Manager service synchronizes directly with the Rainpole Active Directory domain. Important users and groups are synced with the Identity Manager. Authentication always takes place against the Active Directory domain, but searches are made against the local Active Directory mirror on the vRealize Automation appliance.

Table 1. Active Directory Authentication Decision

Decision ID

Design Decision

Design Justification

Design Implication

CSDDC-CMP-035

Choose Active Directory with Integrated Windows Authentication as the Directory Service connection option.

Rainpole uses a single-forest, multiple-domain Active Directory environment.

Integrated Windows Authentication supports establishing trust relationships in a multi-domain or multi-forest Active Directory environment.

Requires that the vRealize Automation appliance is joined to the Active Directory domain.

By default, the vRealize Automation appliance is initially configured with 18 GB of memory, which is enough to support a small Active Directory environment. An Active Directory environment is considered small if it fewer than 25,000 users in the organizational unit (OU) have to be synced. An Active Directory environment with more than 25,000 users is considered large and needs additional memory and CPU. See the vRealize Automation sizing guidelines for details.

The connector is a component of the vRealize Automation service and performs the synchronization of users and groups between Active Directory and the vRealize Automation service. In addition, the connector is the default identity provider and authenticates users to the service.