Recommended Number of Nodes in VMware Identity Manager Cluster

Setting up a VMware Identity Manager cluster with three nodes is mandatory.

The VMware Identity Manager appliance includes Elasticsearch, a search and analytics engine. Elasticsearch has a known limitation with clusters of two nodes. For a description of the Elasticsearch "split brain" limitation, see the Elasticsearch documentation. Note that you do not have to configure any Elasticsearch settings.

A VMware Identity Manager cluster with two nodes provides failover capability with a few limitations related to Elasticsearch. If one of the nodes shuts down, the following limitations apply until the node is brought up again:

• The dashboard does not display data.
• Most reports are unavailable.
• Sync log information is not displayed for directories.
• The search field in the top-right corner of the administration console does not return any results.
• Auto-complete is not available for text fields.

There is no data loss during the time the node is down. Audit event and sync log data is stored and will be displayed when the node is restored.

Network Partitions

Creating a network partition between nodes in a VMware Identity Manager cluster is not recommended. If a network partition exists between VMware Identity Manager service nodes such that the nodes cannot communicate with each other, and if all the nodes are still accessible from the load balancer, letting login requests go to any of the partitioned nodes, you might encounter the following problems:

• You might see stale data across requests. For example, changes made to an access policy on one node might not apply to login requests that go to another node if there is a partition between the nodes.
• Login calls that use the outbound connector might fail.