VMware Identity Manager 3.3.5 | May 2021 | Build 18049997
VMware Identity Manager (Windows) 3.3.5 | May 2021 | Build VMware Identity Manager Connector Installer.exe
Release date: May 2021
Updated: December 17, 2021
12/17/2021 This release has been determined to be impacted by CVE-2021-44228 and CVE-2021-45046. Fixes and workarounds are available to address this vulnerability. For more information, see VMware Security Advisory VMSA-2021-0028.
12/17/2021 This release is also impacted by CVE-2021-22056. Fixes and workarounds are available to address this vulnerability. For more information, see VMware Security Advisory VMSA-2021-0030.
What's in the Release Note
- Products that can upgrade to VMware Identity Manager 3.3.5
- What's New in 3.3.5
- Compatibility, Installation, and Upgrade
- Known Issues
VMware vRealize Products such as vRealize Automation, vRealize Suite Lifecycle Manager (vRSLCM), vRealize Operations, vRealize Business, vRealize Log insight, and vRealize Network Insight for Authentication and SSO
vRealize products that are deployed and managed through vRealize Suite Lifecycle Manager only can consume VMware Identity Manager 3.3.2, 3.3.3, 3.3.4, or 3.3.5.
vRealize Suite Lifecycle Manager can now handle a brand-new installation of VMware Identity Manager 3.3.5, or an upgrade to 3.3.5 from VMware Identity Manager 3.3.2, 3.3.3, or 3.3.4.
- VMware NSX-T Data Center for Authentication and SSO
- NSX-T can be deployed with VMware Identity Manager 3.3.4 or an upgrade to 3.3.5 from VMware Identity Manager 3.3.2, 3.3.3, or 3.3.4.
Support of FIPS Mode
VMware Identity Manager 3.3.5 can perform cryptographic operations using FIPS (Federal Information Processing Standard) 140-2 compliant algorithms. You can enable the use of these algorithms by performing a fresh installation of VMware Identity Manager 3.3.5 in FIPS mode. VMware Identity Manager does not support upgrading from a non-FIPS installation to a FIPS installation. When VMware Identity Manager 3.3.5 is deployed in FIPS mode, the appliance cannot be changed to the standard deployment mode. For installation in FIPS mode, see Perform a Fresh Installation of VMware Identity Manager 3.3.5 in FIPS Mode in the VMware Identity Manager 3.3.5 Upgrade Guide.
TCP/UDP for Syslog Connection
Now you can choose between Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) for connection to Syslog servers. To use TCP, TLS has to be enabled for data encryption. For settings, see Configure a Syslog Service for VMware Identity Manager 3.3.5.
Important functionality fixes
• RabbitMQ cluster is fixed by modifying the ownership of rabbitmq folders.
• Upgrade issues solved for Kerberos-SSO.
• Post upgrade, port connectivity is resolved and the System Diagnostics is again showing as green.
VMware Identity Manager 3.3 is available in the following languages.
- Simplified Chinese
- Traditional Chinese
- Portuguese (Brazil)
VMware vCenter™ and VMware ESXi™ Compatibility
VMware Identity Manager appliance supports the following versions of vSphere and ESXi.
- 6.5 U3, 6.7 U2, 6.7 U3, 7
Windows Server Supported
- Windows Server 2012 R2
- Windows Server 2016
Web Browser Supported
- Mozilla Firefox, latest version
- Google Chrome 42.0 or later
- Internet Explorer 11
- Safari 6.2.8 or later
- Microsoft Edge, latest version
- Postgres 9.6.19
- MS SQL 2012, 2014, and 2016
Directory Server Supported
- Active Directory on Windows Server 2012 R2, 2016, and 2019 with a Domain functional level and Forest functional level of Windows 2003 and later.
- OpenLDAP - 2.4.42
- Oracle LDAP - Directory Server Enterprise Edition 11g, Release 1 (18.104.22.168.0)
- IBM Tivoli LDAP - IBM Security Directory Server 6.3.1
Component Versions No Longer Supported
- Windows Server 2008 R2
- Windows Server 2012
This impacts Workspace ONE Access Connectors or database that might be installed on these versions of the Windows server. This impacts Active Directory if it is running on these older versions of a Windows server.
VMware Product Interoperability Matrix provides details about the compatibility of current and previous versions of VMware products and components,
For other system requirements, see the VMware Identity Manager Installation guides for 3.3 on the VMware Workspace ONE Access Documentation center.
Default Deployment Configuration
Different sizing options for CPU and memory are available to choose at the time of deployment based on the requirements
- 100 GB hard disk
- 8 GB RAM
- 4 vCPUs
- Extra Small: 4CPU/8 GB Memory
- Small: 6CPU/10 GB Memory
- Medium: 8CPU/16 GB Memory
- Large: 10CPU/16 GB Memory
- Extra Large: 12CPU/32 GB Memory
- Extra Extra Large: 14CPU/48 GB Memory
Upgrading to VMware Identity Manager 3.3.5
- To access the Appliance Settings page in the Workspace ONE Access console, make sure that you are assigned the Operator role for the default tenant.
- To configure the SMTP settings, you must be logged in as operator user of the default tenant from system domain, not as the admin tenant.
- Tenant admins of non-default tenants are not authorized to configure SMTP settings.
- Migrate VMware vRealize Automation 7.5 or 7.6 Business Groups to vRealize Version 8.4
You can upgrade VMware Identity Manager from version 3.3.2, 3.3.3, or 3.3.4 directly to 3.3.5. To upgrade from earlier versions, upgrade to 3.3.1 first, then upgrade 3.3.1 to 3.3.4 and then to 3.3.5.
To upgrade to VMware Identity Manager 3.3.5, see Upgrading VMware Identity Manager to 3.3.5 on the VMware Workspace ONE Access Documentation center. During the upgrade, all services are stopped, so if only one connector is configured plan the upgrade with the expected downtime in mind.
Note: When you upgrade to VMware Identity Manager 3.3.5 for Linux, if you see the following error message and the upgrade is aborted, follow these steps to update the certificate. After the certificate is updated, restart the upgrade.
"Certificate auth configuration update required for tenant <tenantName> prior to upgrade. Pre-update check failed, aborting upgrade."
- Log in to the VMware Identity Manager console.
- Navigate to Identity & Access Management > Setup.
- In the Connectors page, click the link in the Worker column
- Click the Auth Adapters tab, then click CertificateAuthAdapter.
- In the Uploaded CA Certificates section, click the red X next to the certificate to remove it.
- In the Root and intermediate CA Certificates section, click Select File to re-add the certificate.
- Click Save.
VMware Identity Manager Connector 3.3.5 (Windows)
If you installed the VMware Identity Manager Connector for Windows 3.3.1 and 3.3.2 with vRealize Suite Lifecycle Manager, you cannot upgrade to 3.3.5. You must install the new 3.3.5 version of the connector.
If you installed the VMware Identity Manager Connector for Windows 3.3.2, 3.3.3, or 3.3.4 using the .exe installer, you can upgrade your connector to 3.3.5.
The VMware Identity Manager 3.3 documentation is in the VMware Workspace ONE Access Documentation center. The 3.3.5 upgrade guide can be found under VMware Identity Manager 3.3 in the Installation & Architecture section.
Network might be lost after the upgrade to 3.3.4 or 3.3.5.
If any of the properties from the command
are empty or incorrect, follow KB 83587 to resolve the issue.
Inventory Sync of VMware Identity Manager Services might fail in vRealize Suite Lifecycle Manager. To resolve the issue, follow KB 83586.
The steps to remove a node from a VMware Identity Manager cluster are not supported when you deploy VMware Identity Manager with vRealize Suite Lifecycle Manager.