VMware Identity Manager is integrated into the vRealize Automation appliance, and provides tenant identity management.

The VMware Identity Manager synchronizes with the Rainpole Active Directory domain. Important users and groups are synchronized with VMware Identity Manager. Authentication uses the Active Directory domain, but searches are made against the local Active Directory mirror on the vRealize Automation appliance.

Table 1. Active Directory Authentication Decision

Decision ID

Design Decision

Design Justification

Design Implication

CSDDC-CMP-035

Choose Active Directory with Integrated Windows Authentication as the Directory Service connection option.

Rainpole uses a single-forest, multiple-domain Active Directory environment. Integrated Windows Authentication supports establishing trust relationships in a multi-domain or multi-forest Active Directory environment.

Requires that the vRealize Automation appliances are joined to the Active Directory domain.

By default, the vRealize Automation appliance is configured with 18 GB of memory, which is enough to support a small Active Directory environment. An Active Directory environment is considered small if it fewer than 25,000 users in the organizational unit (OU) have to be synchronized. An Active Directory environment with more than 25,000 users is considered large and needs additional memory and CPU. For more information on sizing your vRealize Automation deployment, see the vRealize Automation documentation.

The connector is a component of the vRealize Automation service and performs the synchronization of users and groups between Active Directory and the vRealize Automation service. In addition, the connector is the default identity provider and authenticates users to the service.