You can use Directories Management to configure a high availability Active Directory connection in vRealize Automation.

About this task

Each vRealize Automation appliance includes a connector that supports user authentication, although only one connector is typically configured to perform directory synchronization. It does not matter which connector you choose to serve as the sync connector. To support Directories Management high availability, you must configure a second connector that corresponds to your second vRealize Automation appliance, which connects to your Identity Provider and points to the same Active Directory. With this configuration, if one appliance fails, the other takes over management of user authentication.

In a high availability environment, all nodes must serve the same set of Active Directories, users, authentication methods, etc. The most direct method to accomplish this is to promote the Identity Provider to the cluster by setting the load balancer host as the Identity Provider host. With this configuration, all authentication requests are directed to the load balancer, which forwards the request to either connector as appropriate.

Prerequisites

  • Configure your vRealize Automation deployment with at least two instance of the vRealize Automation appliance.

  • Install vRealize Automation in Enterprise mode operating in a single domain with two instances of thevRealize Automation appliance.

  • Install and configure an appropriate load balancer to work with your vRealize Automation deployment.

  • Configure tenants and Directories Management using one of the connectors supplied with the installed instances of the vRealize Automation appliance. For information about tenant configuration, see Configuring Tenant Settings.

Procedure

  1. Log in to the load balancer for your vRealize Automation deployment as a tenant administrator.

    The load balancer URL is <load balancer address>/vcac/org/tenant_name.

  2. Select Administration > Directories Management > Identity Providers.
  3. Click the Identity Provider that is currently in use for your system.

    The existing directory and connector that provide basic identity management for your system appears.

  4. On the Identity Provider properties page, click the Add a Connector drop-down list, and select the connector that corresponds to your secondary vRealize Automation appliance.
  5. Enter the appropriate password in the Bind DN Password text box that appears when you select the connector.
  6. Click Add Connector.
  7. The main connector appears in the IdP Hostnametext box by default. Change the host name to point to the load balancer.