As a follow up on my previous post (see here) I want to focus on how to create an Identity Manager Cluster.
This is my setup:
- 1 Identity Manager (idm0)1 in DMZ, already behind a load balancer.
- FQDN is changed from idm01.domain.com to portal.domain.com
- Connectors in LAN are setup and configured for AD/Radius authentication and Horizon integration.
As you can see from the image above, everything is setup, except for the Identity Manager cluster. Identity Manager 2 and 3 are not in place yet.
To finalise the high available setup, the Identity Manager cluster in DMZ must be created. VMware recommends a 3-node cluster, because Elastic search has a known limitation with 2-node clusters. For more info, see here.
To create the cluster, follow these steps:
- Create DNS A-record and PTR (reverse lookup) for idm02.
- Create DNS A-record and PTR (reverse lookup) for idm03.
- Shutdown idm01.
- Shutdown both connectors.
- Snapshot idm01 (to be able to revert to the current situation in case anything goes wrong).
- Backup the sql database (or shutdown and snapshot sql).
- Clone idm01 to idm02.
- Clone idm01 to idm03.
- Start idm01.
- Start connector1.
- Start connector2.
- Wait until idm01 and connectors are fully booted and operational.
- Change ip address and hostname/FQDN on idm02 in the vAPP properties of the cloned appliance and power on the vm.
- Change ip address and hostname/FQDN on idm03 in the vAPP properties of the cloned applianceĀ and power on the vm.
- Check the Elasticsearch cluster by executing this command on the idm appliances: curl -XGET ‘http://localhost:9200/_cluster/health?pretty=true’.
- Verify AD and Horizon synchronization (in my case an extra reboot of the connector appliances was needed)
In case anything goes wrong and you have to revert:
Shutdown idm02 and idm03
Revert snapshot on idm01