Just as you can set rate limits on the VMware Identity Manager service, you can set rate limits on the VMware Identity Manager connector.
For the connector, you can set a limit on the number of login requests that are allowed per minute. When the limit is reached, subsequent requests are denied. Setting rate limits helps prevent overload of the system.
For example, if you set the rate limit for login requests to 100, the first 100 login requests per minute are accepted but requests 101-n are denied.
For a VMware Identity Manager connector cluster, the limit applies to each node in the cluster. For example, if you set the login request rate limit to 100 for a cluster that has NodeA, NodeB, and NodeC, NodeA can process 100 login requests per minute, NodeB can process 100 login requests per minute, and NodeC can process 100 login requests per minute. You cannot set separate login limits per node.
No rate limits are set by default.
You set rate limits using a REST API. Use a REST client such as Postman to make the calls to the VMware Identity Manager service.
Changes take effect after about an hour. Restart the connector if you want the changes to take effect immediately.
To restart the Linux-based connector virtual appliance, log in to the virtual appliance and run the following command:
service horizon-workspace restart
To restart the Windows connector, run the following script:
install_dir\usr\local\horizon\scripts\horizonService.bat restart
Setting Rate Limits
Use this API to set rate limits for the VMware Identity Manager connector.
Endpoint: https://hostname/SAAS/jersey/manager/api/system/tuning/resiliency/tenant/orgResiliencyConnectorConfiguration?tenantId=tenantId
Method: PUT
Description: Sets the maximum number of login requests allowed per minute by the VMware Identity Manager connector.
Headers:
Content-Type | application/vnd.vmware.horizon.manager.system.tuning.resiliency.config+json;charset=UTF-8 |
Accept | application/vnd.vmware.horizon.manager.system.tuning.resiliency.config+json |
Authorization | HZN cookie_value To get the |
Path Parameters:
hostname |
The fully-qualified domain name of the VMware Identity Manager service or load balancer. |
tenantId |
The tenant ID of the VMware Identity Manager service. The tenant ID is the tenant name that appears in the top-right corner of the VMware Identity Manager console. |
Request Body:
{ "config": { "rateLimitingDisabled": false, "rateLimits": { "login": { "requestsPerMinute": n } } } }
Request Body Parameters
login requestsPerMinute | Specifiy the maximum number of login requests allowed per minute.
Note: Take into account that multiple API requests might be needed for a login request to complete and each API call counts towards the rate limits. For example, password authentication involves two API calls, one to render the login page and the second to submit credentials.
|
Viewing Rate Limits
Use this API to view the rate limits that are set currently on the VMware Identity Manager connector.
Endpoint: https://hostname/SAAS/jersey/manager/api/system/tuning/resiliency/tenant/orgResiliencyConnectorConfiguration?tenantId=tenantId
Method: GET
Description: Retrieves the rate limits that are currently set for login requests for the VMware Identity Manager connector.
Headers:
Authorization | HZN cookie_value To get the |
Path Parameters:
hostname |
The fully-qualified domain name of the VMware Identity Manager service or load balancer. |
tenantId |
The tenant Id of the VMware Identity Manager service. The tenant ID is the tenant name that appears in the top-right corner of the VMware Identity Manager console. |
Sample Output:
{ "config": { "rateLimitingDisabled": false, "rateLimits": { "login": { "requestsPerMinute": 100 } } } }
login requestsPerMinute | The maximum number of login requests allowed per minute. |