As part of the security and compliance layer, this design uses Workspace ONE Access to provide identity and access management to the SDDC management components. To satisfy the requirements of the management components for availability and locality, you deploy a region-specific Workspace ONE Access instance and a cross-region Workspace ONE Access instance.
Workspace ONE Access provides these services:
-
Directory integration to authenticate users against existing directories such as Active Directory or LDAP.
-
Addition of two-factor authentication through integration with third-party software such as RSA SecurID, Entrust, and others.
For information on the account configuration in Active Directory and local accounts, see Planning and Preparation Workbook.
Region-Specific Workspace ONE Access
The region-specific Workspace ONE Access instance provides identity and access management services to regional SDDC solutions.
| Design Attribute |
Description |
|---|---|
| Deployment model |
One appliance that is connected to the Active Directory domain of the SDDC. The appliance is deployed from an OVA file. |
| Authenticated components |
|
| Network segment |
Region-specific virtual network segment. See Dynamic Routing and Virtual Network Segments. |
| Identity and access management setup |
|
Cross-Region Workspace ONE Access
The cross-region Workspace ONE Access provides identity and access management services to cross-region SDDC solutions.
| Design Attribute |
Description |
|---|---|
| Deployment model |
A cluster of three nodes behind a load balancer. The cluster is deployed by using vRealize Suite Lifecycle Manager. |
| Network segment |
Cross-region virtual network segment. See Dynamic Routing and Virtual Network Segments. |
| Authenticated components |
|
| Identity and access management setup |
|
