Verifying F5 Load Balancer Configuration Before Upgrade

Before you upgrade to the latest VMware Identity Manger service from version 3.2, verify that the F5 load balancing server is configured correctly.

Beginning with VMware Identity Manager 3.3, the host header cannot be null for health checks. Make sure that the F5 health check monitor created for VMware Identity Manager load balancing integration is configured to send the following string.

GET /SAAS/API/1.0/REST/system/health/heartbeat HTTP/1.1\r\nHost: your_workspace_url\r\nConnection: Close\r\n\r\n

Beginning with VMware Identity Manager version 3.3, the VMware Identity Manager server and connector are configured to use only the following cipher suites. Make sure that your F5 server is configured with at least one of these cipher suites.

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA