You can use Directories Management to configure a high availability Active Directory connection in vRealize Automation.
Each vRealize Automation appliance includes a connector that supports user authentication, although only one connector is typically configured to perform directory synchronization. It does not matter which connector you choose as the sync connector. To support Directories Management high availability, you must manually configure a second connector that corresponds to your second vRealize Automation appliance, which connects to your Identity Provider and points to the same Active Directory. With this configuration, if one appliance fails, the other takes over management of user authentication.
In a high availability environment, all nodes must serve the same set of Active Directories, users, authentication methods, etc. The most direct method to accomplish this is to promote the Identity Provider to the cluster by setting the load balancer host as the Identity Provider host. With this configuration, all authentication requests are directed to the load balancer, which forwards the request to either connector as appropriate.
A connector is also used for user synchronization. But only one connector is configured to perform directory synchronization. Synced users are saved to appliance database, which is readable by all clustered nodes. If the connector that is responsible for directory synchronization fails, directory synchronization will stop working. To recover, the tenant admin needs to manually prompt another connector to perform directory synchronization using the vRealize Automation UI. See Enable Directory Sync on a Secondary Connector.
For more information about working with connectors, see Managing Connectors and Connector Clusters.
Configure your vRealize Automation deployment with at least two instance of the vRealize Automation appliance.
Install vRealize Automation in Enterprise mode operating in a single domain with two instances of thevRealize Automation appliance.
Install and configure an appropriate load balancer to work with your vRealize Automation deployment.
Configure tenants and Directories Management using one of the connectors supplied with the installed instances of the vRealize Automation appliance. For information about tenant configuration, see Configuring Tenant Settings.
- Log in to the load balancer for your vRealize Automation deployment as a tenant administrator.
The load balancer URL is <load balancer address>/vcac/org/tenant_name.
- Select .
- Click the Identity Provider that is currently in use for your system.
The existing directory and connector that provide basic identity management for your system appears.
- On the Identity Provider properties page, click the Add a Connector drop-down list, and select the connector that corresponds to your secondary vRealize Automation appliance.
- Enter the appropriate password in the Bind DN Password text box that appears when you select the connector.
- Click Add Connector.
- The main connector appears in the IdP Hostnametext box by default. Change the host name to point to the load balancer.