Two main types of deployment models are available for deploying VMware Identity Manager in the DMZ, one that integrates with a Workspace ONE UEM deployment, and one that does not require Workspace ONE UEM and uses the VMware Identity Manager connector.

You can also combine deployment models if you require functionality that is not supported in one of the models.

  • Deployment Model using AirWatch Cloud Connector

    If you have an existing Workspace ONE UEM deployment, you can integrate VMware Identity Manager with it quickly. In this model, user and group sync from your enterprise directory and user authentication are handled by Workspace ONE UEM. You deploy VMware Identity Manager in the DMZ.

    Note that integrating VMware Identity Manager with resources such as Horizon 7 and Citrix-published resources is not supported in this model. Only integration with Web applications and native mobile applications is supported.

    See On Premises Deployment Model Using AirWatch Cloud Connector.

  • Deployment Model using VMware Identity Manager Connector in outbound-only connection mode

    In scenarios that do not require a Workspace ONE UEM deployment, you can install the VMware Identity Manager server virtual appliance in the DMZ and a VMware Identity Manager connector virtual appliance in the enterprise network. The connector connects the server with on-premises services such as Active Directory. The connector is installed in outbound-only connection mode and does not require inbound firewall port 443 to be opened. In this model, user and group sync from your enterprise directory and user authentication are handled by the VMware Identity Manager connector.

    See On Premises Deployment Model Using VMware Identity Manager Connector in Outbound-Only Connection Mode.

    • Adding Kerberos authentication support to your VMware Identity Manager Connector deployment

      You can add Kerberos authentication for internal users (which requires inbound connection mode) to your deployment based on outbound-only connection mode connectors.

      See Adding Kerberos Authentication Support to Your Deployment.