You must assign a new IP address to each cloned virtual appliance before you power it on. The IP address must be resolvable in DNS. If the address is not in the reverse DNS, you must also assign the host name.

Procedure

  1. In the vSphere Client or the vSphere Web Client, select the cloned virtual appliance.
  2. In the Summary tab, under Commands, click Edit Settings.
  3. Select Options and in the vApp Options list, select Properties.
  4. Change the IP address in the IP Address field.
  5. If the IP address is not in the reverse DNS, add the host name in the HostName text box.
  6. Click OK.
  7. Power on the cloned appliance and wait until the blue login screen appears in the Console tab.
    Important: Before you power on the cloned appliance, ensure that the original appliance is fully powered on.

What to do next

  • Wait for a few minutes until the Elasticsearch cluster is created before adding the cloned virtual appliance to the load balancer.

    Elasticsearch, a search and analytics engine, is embedded in the virtual appliance.

    1. Log in to the cloned virtual appliance.
    2. Check the Elasticsearch cluster:

      curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'

      Verify that the result matches the number of nodes.

  • Add the cloned virtual appliance to the load balancer and configure the load balancer to distribute traffic. See your load balancer vendor documentation for information.
  • If the original service instance was joined to the domain, then you need to join the domain in the cloned service instances.
    1. Log in to the VMware Identity Manager console.
    2. Select the Identity & Access Management tab, then click Setup.

      The connector component of each of the cloned service instances is listed in the Connectors page.

    3. For each connector listed, click Join Domain and specify the domain information.

    For more information about Active Directory, see Directory Integration with VMware Identity Manager.

  • For directories of type Active Directory over Integrated Windows Authentication (IWA), you must do the following:
    1. For the cloned service instances, join the domain to which the IWA directory in the original service instance was joined.
      1. Log in to the VMware Identity Manager console.
      2. Select the Identity & Access Management tab, then click Setup.

        The connector component of each of the cloned service instances is listed in the Connectors page.

      3. For each connector listed, click Join Domain and specify the domain information.
    2. Save the IWA directory configuration.
      1. Select the Identity & Access Management tab.
      2. In the Directories page, click the IWA directory link.
      3. Click Save to save the directory configuration.
  • Enable the authentication methods configured for connector on each of the cloned instances. See the VMware Identity Manager Administration Guide for information.

The VMware Identity Manager service virtual appliance is now highly available. Traffic is distributed to the virtual appliances in your cluster based on the load balancer configuration. Authentication to the service is highly available. For the directory sync feature of the service, however, in the event of a service instance failure, you will need to manually enable directory sync on a cloned service instance. Directory sync is handled by the connector component of the service and can only be enabled on one connector at a time. See Enabling Directory Sync on Another Instance in the Event of a Failure.