You can increase the HA option in VMware Identity Manager by having one or three nodes to manage VMware Identity Manager.
- Ensure to take snapshots of VMware Identity Manager nodes before you perform scale-out operations. VMware Identity Manager cluster is always three node including an existing node.
- Verify that there is a certificate already added in the locker and also perform the replace certificate on the standalone VMware Identity Manager node. The certificate should also have SAN entries of all the three nodes or wild-card certificate. For information on replacing certificate, see Replace Certificate for vRealize Suite Lifecycle Manager Products.
- Scale-In is not supported when you deploy VMware Identity Manager cluster through vRealize Suite Lifecycle Manager.
Note: If you apply
KB 87185 patch on a single node appliance, and then perform scale-out to cluster operations, follow KB 87185 to apply the patch on the scaled out nodes.
Prerequisites
For a VMware Identity Manager cluster and replace certificate actions, ensure to take a snapshot of the VMware Identity Manager nodes.
Procedure
- Navigate to Environments, on the environment page, click Add Component .
- Enter the Infrastructure details and click Next.
- Enter the Network details and click Next.
Verify that the primary node and the additional components use the same default gateway and they are connected with each other.
- On the Product Properties, the certificate details are auto-populated.
- On the Components tab, you have two options, so you can select Take product snapshot and Retain product snapshot taken. If the Take product snapshot is set to true, the snapshot is taken prior to starting scale-out, and can be rolled back to its initial state during a scale-out failure, the snapshot is taken with the prefix LCM_AUTOGENERATED. If the Retain product snapshot taken is set to true, it can be retained.
Note: Snapshot Rollback action is available for the failed scale-out request in the Requests page.
- Enter the load balancer Host name.
- Enter a delegate IP address.
Note: The delegate IP address is used internally as a proxy to postgres master (primary) and it should be free or an available IP address. This is not same as the one used to load-balance the application.
Note: You can add two components of type secondary and provide FQDN, and IP address. It is recommended for a
VMware Identity Manager cluster to contain of three nodes behind a load balancer.
- Click and run the pre-check.
- Click Submit.
Note: It is very important to reboot the appliance, otherwise the scale-out procedure fails with
unable to find root certificate error. The errors occurs because of an existing product issue after you replace the certificates to reboot the appliance.