vRealize Suite Lifecycle Manager migrates VMware Identity Manager data for vRealize Automation 7.5, 7.6, 8.0 to Global Environment of VMware Identity Manager 3.3.3 and later.

vRealize Suite Lifecycle Manager migrates:

  • Tenants
  • Directories
  • Custom groups
  • Roles and rule set
  • User attributes
  • Access policies
  • Network ranges
  • Third-party IDP configurations

Prerequisites

  • The SMTP information of the source tenant must be configured on the Global Environment of VMware Identity Manager. This information is required to receive email instructions to reset the password for all local users. All local users in the source tenant must have valid email IDs before migrating tenants.
  • For migration, you must enable remote connection from the Global Environment of VMware Identity Manager to the vRealize Automation 7.x database. Refer to KB 81219 for more information on enabling remote connection.
  • Ensure that you have DNS configured in vRealize Automation and VMware Identity Manager. For more information on DNS and certificate requirements, refer to DNS and Certificate Requirement in the vRealize Suite Lifecycle Manager documentation.
  • Ensure that the source vRealize Automation 7.x environment is in a healthy state and directories are synced before tenant migration.

Procedure

  1. On the My Services dashboard of vRealize Suite Lifecycle Manager, click Identity and Tenant Management.
  2. Select Tenant Management, and then click Tenant Migrations.
  3. Read the information on VMware Identity Manager Tenant Migration and vRealize Automation Tenant Mapping, and then click Continue.
  4. On the Environment Selection tab, select the Source Environment and Target Environment. Based on your source and the target environment selection, you can view a tabular representation of the available tenants on the source vRealize Automation. You can also view the status of the migrated or merged tenants on vRealize Automation 8.x.
  5. Click Next.
  6. On the Tenant Migration Workflow page, you can view the workflow of Tenant Migration and Tenant Merge, and understand the correlation between the two operations.
    In Tenant migration, the specific data of VMware Identity Manager is migrated to the destination tenant of Global Environment using vRealize Suite Lifecycle Manager. vRealize Suite Lifecycle Manager also creates 7.x endpoint when adding a new tenant on vRealize Automation 8.x. In Tenant Merge, the directories and tenants are already created on the source vRealize Automation 8.x. vRealize Suite Lifecycle Manager creates the 7.x endpoint to the existing tenants on vRealize Automation 8.x, so that you can migrate the business groups, infrastructure, and other specific tenants on vRealize Automation.
  7. Click SAVE AND NEXT and read the list of manual steps which must be performed to proceed with the migration. Select the check box to confirm that you have read and verified the prerequisites and limitations.
  8. To specify the Tenant Migration Workflow, enter these details on the Tenant Details tab.
    1. Select the Source Tenant.
      Note: The source tenants which are listed are not the migrated or merged tenants.
    2. Enter the Tenant Name.
    3. Under Target Tenant administrator details, enter the Target Tenant Username, First Name, Last Name, valid Email ID, and Password.
    4. Click SAVE AND NEXT. To specify a directory that must be migrated from the source vRealize Automation 7.x to vRealize Automation 8.x tenant, select one of these directories on the Directory Migration tab.
      • System Directory: Connector selection and password creation are not required.
      • JIT directory: Connector selection and password creation are not required.
      • Active Directory over LDAP: Select a Windows or Linux target Connector and enter the BindPassword.
      • OpenLDAP: Select a Windows or Linux target Connector and enter the BindPassword.
      • Active Directory with IWA: You can only select a Windows target Connector for the VMware Identity Manager 3.3.3 version. Enter the Bind Password and Domain Admin Password that is required for migration.
        Note: To migrate a directory is a one-time operation, select all the directories which must be migrated. If the required directories are not selected during migration, you have to perform this operation manually.
  9. Click Validate. After a successful validation, click SAVE AND NEXT.
  10. Click Run Precheck to validate the tenant details and certificate details. Click SAVE AND NEXT.
  11. On the Summary Step tab, you can view the summary of your selections.
  12. Click SUBMIT if your validations are successful.
    If the validations are not successful and you want to make changes, and then resume the tenant migration operation, click SAVE AND EXIT. The same wizard can be opened anytime to rerun the precheck to complete and proceed.

Results

You can view the tenant migration details under the Request Details page. Both VMware Identity Manager and vRealize Automation tenants can be accessed through its tenant FQDNs.