When you configure VMware identity Manager with an external firewall, whitelist the IP address ranges or URLs for the following VMware Identity Manager services to provide access to that service.
Use the nslookup command or another command-line tool to query the Domain Name System to obtain the IP addresses to add to your external firewall whitelist.
| Service | Domain Name System | Description |
|---|---|---|
| VMware Identity Manager Catalog | catalog.vmwareidentity.com |
To make sure that the content of the catalog can be accessed, add the URLs from the list to the whitelist. That content is also delivered through AWS CloudFront CDN, which maintains its own list of public IP addresses. See http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/LocationsOfEdgeServers.html. |
| VMware Verify | vmware.authy.com
|
If VMware Verify is configured as an authentication method, add the URLS from these lists to the whitelist. |
| Hybrid KDC | kdc.op.<vmwareidentity.xxx> |
When hybrid KDC is configured for your VMware Identity Manager on-premises operation, select one of the following domains to look up the URLS.
|
| Updates from VMware Identity Manager | vapp-updates.vmware.com |
To receive VMware Identity Manager updates and to download patches from the VMware Update Manager, add the URLs from the list to the whitelist. |
