To provide identity and access management services to the cross-region SDDC components, you create a cross-region environment in vRealize Suite Lifecycle Manager in which you deploy the three nodes of the cross-region Workspace ONE Access cluster.
During the deployment by using vRealize Suite Lifecycle Manager, you configure the cross-region Workspace ONE Access instance to synchronize group members to the directory when adding a group.
Procedure
- In a Web browser, log in to vRealize Suite Lifecycle Manager by using the administration interface.
Setting Value URL https://vrslcm01svr01.rainpole.local User name admin@local Password vrslcm_admin_password - On the My services page, click Lifecycle operations.
- On the Dashboard page, click Create environment.
- Configure these settings and click Next.
Setting
Value
Environment name
globalenvironment
Administrator email
wsa01svr01_configadmin_email
Default password
global-env-admin
Data center
cross-region-dc
JSON configuration
Deselected
Join the VMware customer experience improvement program
Selected
- On the Select product page, select the check box for VMware Identity Manager, configure these settings, and click Next.
Setting
Value
Installation type
New Install
Version
3.3.2
Deployment type
Cluster
- On the Accept license agreements page, accept the license agreement and click Next.
- On the Certificate page, from the Select certificate drop-down menu, select wsa01svr01-certificate, and click Next.
- On the Infrastructure page, configure these settings and click Next.
Setting
Value
vCenter Server
sfo01m01vc01.sfo01.rainpole.local
Cluster
sfo01-m01dc#sfo01-m01-mgmt01
Folder
sfo01-m01fd-wsa
Resource pool
sfo01-m01-sddc-mgmt
Network
Distributed port group that ends with Mgmt-xRegion01-VXLAN
Datastore
sfo01-m01-vsan01
Disk mode
Thin
Use content library
Deselected
- On the Network page, configure these settings and Next.
Setting
Value
Default gateway
192.168.11.1
Netmask
255.255.255.0
Domain name
rainpole.local
Domain Search Path
rainpole.local
DNS Servers
Click Edit server selection, select 172.16.11.4 and 172.16.11.5, and click Next and Finish.
Time Sync Mode
Use NTP Server
NTP Servers
Click Edit server selection, select ntp.sfo01.rainpole.local, click Next and Finish.
- On the Products page, configure the deployment properties for the cross-region Workspace ONE Access instance and click Next.
- In the Product properties section, configure the following.
Setting
Value
Certificate
wsa01svr01-certificate
Admin password
wsa01svr01-admin
Default configuration admin user name
configadmin
Default configuration admin password
wsa01svr01-configadmin
Sync group members
Selected
- In the Cluster VIP FQDN section, configure these settings.
Setting
Value
FQDN
wsa01svr01.rainpole.local
Database IP Address
192.168.11.64
- In the Components section, configure the primary cluster node.
Setting
Value
VM Name
wsa01svr01a
FQDN
wsa01svr01a.rainpole.local
IP Address
192.168.11.61
- In the Components section, configure the second cluster node.
Setting
Value
VM name
wsa01svr01b
FQDN
wsa01svr01b.rainpole.local
IP address
192.168.11.62
- In the Components section, configure the third cluster node.
Setting
Value
VM name
wsa01svr01c
FQDN
wsa01svr01c.rainpole.local
IP address
192.168.11.63
- In the Product properties section, configure the following.
- On the Manual validation page, review the manual checks, select I have taken care of the manual steps above and ready to proceed, and click Run precheck.
- Review the validation report and, after a successful validation, click Next.
- On the Summary page, review the deployment specification, disable Run prechecks on submit, and click Submit.
