Identity Manager Cluster

As a follow up on my previous post (see here) I want to focus on how to create an Identity Manager Cluster.

This is my setup:

  • 1 Identity Manager (idm0)1 in DMZ, already behind a load balancer.
  • FQDN is changed from idm01.domain.com to portal.domain.com
  • Connectors in LAN are setup and configured for AD/Radius authentication and Horizon integration.

As you can see from the image above, everything is setup, except for the Identity Manager cluster. Identity Manager 2 and 3 are not in place yet.

To finalise the high available setup, the Identity Manager cluster in DMZ must be created. VMware recommends a 3-node cluster, because Elastic search has a known limitation with 2-node clusters. For more info, see here.

To create the cluster, follow these steps:

  1. Create DNS A-record and PTR (reverse lookup) for idm02.
  2. Create DNS A-record and PTR (reverse lookup) for idm03.
  3. Shutdown idm01.
  4. Shutdown both connectors.
  5. Snapshot idm01 (to be able to revert to the current situation in case anything goes wrong).
  6. Backup the sql database (or shutdown and snapshot sql).
  7. Clone idm01 to idm02.
  8. Clone idm01 to idm03.
  9. Start idm01.
  10. Start connector1.
  11. Start connector2.
  12. Wait until idm01 and connectors are fully booted and operational.
  13. Change ip address and hostname/FQDN on idm02 in the vAPP properties of the cloned appliance and power on the vm.
  14. Change ip address and hostname/FQDN on idm03 in the vAPP properties of the cloned applianceĀ and power on the vm.
  15. Check the Elasticsearch cluster by executing this command on the idm appliances: curl -XGET ‘http://localhost:9200/_cluster/health?pretty=true’.
  16. Verify AD and Horizon synchronization (in my case an extra reboot of the connector appliances was needed)

In case anything goes wrong and you have to revert:

Shutdown idm02 and idm03
Revert snapshot on idm01

Leave a Reply

Your email address will not be published. Required fields are marked *