If you use VMware vRealize® products or VMware NSX-T™ with VMware Identity Manager™ 3.3.1 or 3.3.2, you can upgrade VMware Identity Manager to version 3.3.3.

For more information about the VMware Identity Manager 3.3.3 release, see the VMware Identity Manager 3.3.3 Release Notes.

Note:
  • If you applied security patch HW-137959, make sure you follow the instructions in Security Patch Process to Follow During Upgrade before and after you perform the upgrade.
  • You can also freshly install VMware Identity Manager 3.3.3. To perform a fresh 3.3.3 installation, see the 3.3 version of Installing and Configuring VMware Identity Manager for Linux guide, which also applies to 3.3.3.
  • If you are a VMware vRealize® Automation™ customer, follow Enable Tenant-In-Host Name Multi-Tenancy with vRealize Automation 8.2 Patch 1.
  • If you have configured Active Directory over IWA or Kerberos authentication on the embedded connector, or deployed external Linux connectors, you must migrate the embedded connector and external Linux connectors to external VMware Identity Manager 3.3.3 Windows connectors after upgrading the VMware Identity Manager service to 3.3.3. See Migrating to External Windows Connectors.

VMware Identity Manager Upgrade Paths

The following upgrade path is supported:

  • From version 3.3.1 or 3.3.2 directly to version 3.3.3.

VMware Identity Manager Connector Upgrade Paths

The following upgrade paths are supported:

  • A VMware Identity Manager Connector for Windows upgrade from 3.3.1 or 3.3.2 to 3.3.3 for connector instances installed using the VMware Identity Manager Connector installer.

The following upgrade path is not supported:

  • A VMware Identity Manager Connector for Windows upgrade from 3.3.1 or 3.3.2 to 3.3.3 for connector instances installed by VMware vRealize® Suite Lifecycle Manager™.

VMware Products That Can Upgrade to VMware Identity Manager 3.3.3

  • vRealize Products such as VMware vRealize Automation™, VMware vRealize Suite Lifecycle Manager, VMware vRealize® Operations™, VMware vRealize® Business™ for Cloud , VMware vRealize® Log Insight, and VMware vRealize® Network Insight™ for authentication and SSO.
    • vRealize products that are deployed and managed through vRealize Suite Lifecycle Manager only can consume VMware Identity Manager 3.3.1, 3.3.2, or 3.3.3.
    • vRealize Suite Lifecycle Manager can now handle a brand-new installation of VMware Identity Manager 3.3.1, 3.3.2, or 3.3.3 or an upgrade to 3.3.3 from VMware Identity Manager 3.3.1 or 3.3.2.
  • NSX-T for Authentication and SSO
    • NSX-T can be deployed with VMware Identity Manager 3.3.1, 3.3.2, or 3.3.3, or upgraded to 3.3.3 from an earlier version.

Internet Connectivity

You can upgrade VMware Identity Manager online or offline.

By default, the VMware Identity Manager appliance uses the VMware website for the upgrade procedure. This approach requires the appliance to have Internet connectivity. You must also configure proxy server settings for the appliance, if applicable.

If your virtual appliance does not have Internet connectivity, you can perform the upgrade offline. For an offline upgrade, you download the upgrade package from My VMware. You use the updateoffline.hzn script to perform the upgrade.

If you are upgrading to VMware Identity Manager 3.3.3 using vRealize Suite Lifecycle Manager, only the offline upgrade is supported.

Upgrade Scenarios

Hardware Sizing Requirements

The hardware-sizing requirements in the following table are specific to VMware Identity Manager 3.3.3. See the 3.3 version of the Installing and Configuring VMware Identity Manager for Linux guide for a broader list of hardware-sizing requirements, which also apply to 3.3.3.

Important:

For best results, implement the following sync-related practices.

  • Because the initial directory sync is an intensive, resource consuming operation, perform the initial directory sync on one tenant at a time.
  • Stagger directory syncs across tenants to avoid the resource consumption of running directory syncs on two or more tenants at the same time.

You can use the internal PostgreSQL database or an external Microsoft SQL database. Both options can provide high availability.

To achieve high availability with the internal PostgreSQL database, you must leverage vRealize Suite Lifecycle Manager. See the table that follows and see the vRealize Suite Lifecycle Manager 8.2 Installation, Upgrade, and Management guide.

For an external Microsoft SQL database configuration, see the 3.3 version of the Installing and Configuring VMware Identity Manager for Linux guide.

Note:
  • For new deployments, the default VMware Identity Manager sizing requirements are as follows:
    • 4vCPU
    • 8 GB Memory
    • 100 GB disk space
  • If you are using VMware Identity Manager 3.3.3 with vRealize Automation 8.2 Patch 1, the following minimum sizing requirements apply:
    • 8vCPU
    • 16 GB Memory
    • 100 GB disk space
Important:

To upgrade to 3.3.3, confirm that the VMware Identity Manager sizing matches the guidelines in the following table.

If you used default sizing for VMware Identity Manager 3.3.2, before or after you upgrade to 3.3.3, adjust the sizing based on 3.3.3 default sizing in the preceding note.

If you used default sizing for VMware Identity Manager 3.3.2 with vRealize Automation, before or after you upgrade to 3.3.3, adjust the sizing based on 3.3.3 default vRealize Automation sizing in the preceding note.

Directory Sync of Users and Groups per Tenant* VMware Identity Manager Appliance with Internal PostgreSQL Database and Embedded Connector, per Node Requirements External Windows-Based Connector, per Connector-Instance Requirements
Maximum:
  • 3,000 users
  • 30 groups
A single node or a three-node cluster:
  • 4 vCPU
  • 8 GB memory
  • 100 GB disk space
Note: Select the Extra Small sizing option when you deploy the OVA.
  • 2 vCPU
  • 6 GB memory
  • 30 GB disk space
Maximum:
  • 5,000 users
  • 50 groups
A single node or a three-node cluster:
  • 6 vCPU
  • 10 GB memory
  • 100 GB disk space
Note: Select the Small sizing option when you deploy the OVA.
  • 2 vCPU
  • 6 GB memory
  • 30 GB disk space
Maximum:
  • 10,000 Users
  • 100 groups
Three-node cluster:
  • 8 vCPU
  • 16 GB memory
  • 100 GB disk space
Note: Select the Medium sizing option when you deploy the OVA.
  • 4 vCPU
  • 6 GB memory
  • 50 GB disk space
Maximum:
  • 25,000 users
  • 250 groups
Three-node cluster:
  • 10 vCPU
  • 16 GB memory
  • 100 GB disk space
Note: Select the Large sizing option when you deploy the OVA.
  • 4 vCPU
  • 8 GB memory
  • 50 GB disk space
Maximum:
  • 50,000 users
  • 500 groups
Three-node cluster:
  • 12 vCPU
  • 32 GB memory
  • 100 GB disk space
Note: Select the Extra Large sizing option when you deploy the OVA.
  • 4 vCPU
  • 16 GB memory
  • 60 GB disk space
Maximum:
  • 100,000 users
  • 1,000 groups
Three-node cluster:
  • 14 vCPU
  • 48 GB RAM
  • 100 GB disk space
Note: Select the Extra Extra Large sizing option when you deploy the OVA.
  • 4 vCPU
  • 16 GB memory
  • 60 GB disk space

*If either the number of users or the number of groups for a tenant exceeds the Maximum, see the next row.