You can manage the network ranges to define the IP addresses from which users can log in via an Active Directory link. You add the network ranges you create to specific identity provider instances and to access policy rules.

Before you begin

  • You have configured tenants for your vRealize Automation deployment set up an appropriate Active Directory link to support basic Active Directory user ID and password authentication.

  • Active Directory is installed and configured for use on your network.

  • Log in to the vRealize Automation console as a tenant administrator.

About this task

Define network ranges for your Directories Management deployment based on your network topology.

One network range, called ALL RANGES, is created as the default. This network range includes every IP address available on the Internet, 0.0.0.0 to 255.255.255.255. Even if your deployment has a single identity provider instance, you can change the IP address range and add other ranges to exclude or include specific IP addresses to the default network range. You can create other network ranges with specific IP addresses that you can apply for specific purpose.

Note:

The default network range, ALL RANGES, and its description, "a network for all ranges," are editable. You can edit the name and description, including changing the text to a different language, by clicking the network range name on the Network Ranges page.

Procedure

  1. Select Administration > Directories Management > Network Ranges.
  2. Edit an existing network range or add a new network range.

    Option

    Description

    Edit an existing range

    Click the network range name to edit.

    Add a range

    Click Add Network Range to add a new range.

  3. Complete the form.

    Form Item

    Description

    Name

    Enter a name for the network range.

    Description

    Enter a description for the Network Range.

    View Pods

    The View Pods option only appears when the View module is enabled.

    Client Access URL Host. Enter the correct Horizon Client access URL for the network range.

    Client Access Port. Enter the correct Horizon Client access port number for the network range.

    IP Ranges

    Edit or add IP ranges until all desired and no undesired IP addresses are included.

What to do next

  • Associate each network range with an identity provider instance.

  • Associate network ranges with access policy rule as appropriate. See Configuring Access Policy Settings.