For secure communication, vRealize Appliance relies on certificates to create the trusted relationships between components.

The specific implementation of the certificates required to achieve this trust depends on your environment.

To provide high availability and failover support, you might deploy load balanced clusters of components. In this case, you obtain a multi-use certificate that includes each component in the cluster, and then copy that multi-use certificate to each component in the cluster. You can use Subject Alternative Name (SAN) certificates, chain certificates, wildcard certificates, or any other method of multi-use certification appropriate for your environment as long as you satisfy the trust requirements. Depending on your load balancer configuration, you may need to certify the load balancer as part of the multi-use certificate for the cluster.

For example, if you have a load balancer configuration that requires a certificate on the load balancer as well as its components, you might obtain a SAN certificate to certify web-load-balancer.eng.mycompany.com, web-component-1.eng.mycompany.com, and web-component-2.eng.mycompany.com. You would copy that single multi-use certificate to the load balancer and each of the appliances and then register the certificate on the Web component machines.

The Trust Requirements diagram illustrates the required trust relationships among clusters and assumes you have configured trust as necessary between the load balancer and the nodes underneath it.

Figure 1. Trust Requirements
Trust Requirements

The Certificate Importation and Registration table summarizes the registration requirements for various imported certificates.

Table 1. Certificate Importation and Registration

Import

Register

SSO

vRealize Appliance cluster

vRealize Appliance cluster

Web components cluster

Web components cluster

  • vRealize Appliance cluster

  • Manager Service components cluster

  • DEM Orchestrators and DEM Worker components

Manager Service components cluster

  • DEM Orchestrators and DEM Worker components

  • Agents and Proxy Agents