In the previous post we talked about Deploying vRSLCM, vRA and vIDM Appliances using Easy Installer. In this post we will take you through the process of Expanding VMware Identity Manager Deployment from a Single-Node to a 3-Node Environment.
Before we start expanding VMware Identity Manager Deployment we need to generate Certificates for vRealize Automation and VMware Identity Manager Appliances. We will be generating SAN Certificates in this post using vRealize Suite Lifecycle Manager but you can also apply Custom CA Signed certificates by Importing the Certificates in vRealize Suite Lifecycle Manager.
The following steps will help in generating and applying the new Certificates with the help of vRealize Suite Lifecycle Manager:
1. We can find the existing Certificates and Generate new Certificates under Locker > Certificates section in vRLSCM:
vRealize Suite Lifecycle Manager Certificates
2. If you want to use Custom CA Certificates, you can click on Generate CSR and fill the details and send it to your CA for generating the Certificates but in this post we will be using the Generate option to Generate SSL Certificates using vRSLCM. Click on Generate and fill in the following details for vIDM Certificate:
Name: MyCloud-vIDM Certificate Common Name (CN): vidm Organization (O): MyCloud Organization Unit (OU): Delhi Country Code (C): IN Locality (L): Delhi State (ST): Delhi Key Length: 2048 Server/Domain/Hostname: vidm1.mycloud.lab, vidm2.mycloud.lab, vidm3.mycloud.lab, vidm.mycloud.lab, tenant.mycloud.lab, tenant1.mycloud.lab IP Address: 192.168.10.17, 192.168.10.18, 192.168.10.19, 192.168.10.16, 192.168.10.22
Generating new Certificate using vRSLCM
3. We need to Generate another Certificate for vRA Appliances:
Name: MyCloud-vRA Certificate Common Name (CN): vra Organization (O): MyCloud Organization Unit (OU): Delhi Country Code (C): IN Locality (L): Delhi State (ST): Delhi Key Length: 2048 Server/Domain/Hostname: vra.mycloud.lab, vra1.mycloud.lab, vra2.mycloud.lab, vra3.mycloud.lab, tenant1.vra.mycloud.lab IP Address: 192.168.10.12, 192.168.10.13, 192.168.10.14, 192.168.10.15
Note: If you are not very concerned about the certificates and would like to use a wildcard certificate, you can simply generate a wildcard certificate *.mycloud.lab
4. Once we have generated the Certificates, we will have to Import the MyCloud-vIDM Certificate in NSX-LB. We mentioned this Step as the last Step in Part-1: Configure Load Balancer for vRA 8 and vIDM of this Blog Series.
Import vIDM Certificate to NSX-LB
4. We will login to vRealize Suite Lifecycle Manager, under Lifecycle Operations section we need to go to globalenvironment & MyCloud-VRA8 Environment. Select Replace Certificate and apply the respective Certificates to each solution.
Replace vIDM and vRA Environment Certificates
5. Once we have successfully applied the newly Generated Certificates, we will proceed with the Actual Task at hand which is to expand our VMware Identity Manager Deployment from 1-Node to 3-Node which will make our environment truly Production Ready and Highly-Available. Now we need to go into globalenvironment under Environments and click on Add Components.
Adding Secondary Nodes to vIDM Environment
6. Please ensure that you have taken snapshots of your vIDM and vRA Appliances before proceeding, Trigger Inventory Sync, check the Checkbox which ensures that VMware Identity Manager cluster is Healthy and click Proceed.
Snapshot and vIDM Health Warning Screen
7. In Infrastructure section Select the Target vCenter Server, Cluster, Folder, Network and Datastore where you would like to Host the Secondary VMware Identity Manager Appliances. You can also enable Thin Disk Mode for the Storage of these Appliances.
Target Infrastructure for Secondary vIDM Nodes
8. Network Section should already have the details of Default Gateway, Netmask, Domain Name, Domain Search Path and DNS Servers.
9. Under Configuration section click on + next to Components and Select VMware Identity Manager Secondary Node. Repeat the process to add another Secondary Node to VMware Identity Manager Deployment and fill in the following details:
Cluster VIP FQDN: vidm.mycloud.lab Database IP Address: 192.168.10.20 VIDM3 VM Name: VIDM3 VIDM3 FQDN: vidm3.mycloud.lab VIDM3 IP Address: 192.168.10.19 VIDM2 VM Name: VIDM2 VIDM2 FQDN: vidm2.mycloud.lab VIDM2 IPAddress: 192.168.10.18
Cluster and Secondary Node IP Details for vIDM
10. Click on RUN PRECHECK and System will run multiple tests against the Entered Data, Infrastructure and VMware Identity Manager Configuration.
Run Precheck ScreenRe-Run Precheck and Download Report Screen
11. Once all Pre-Checks have Passed, Review all the details on Summary screen and click Submit.
Scale-Out Identity Manager Request Summary Screen
12. Once you click Submit, vRSLCM goes through Stages 1 to 16 for Expanding VMware Identity Manager Deployment from 1-Node to 3-Nodes.
vIDM Scale-Out Task Screen
The entire process of Expanding VMware Identity Manager Deployment took us around 1 hour and 45 mins on a Production Grade Hardware right from Generating new Certificates to Deploying and Configuring Secondary VMware Identity Manager Nodes. In the next and final part of this Blog series Part-4: Enable Multi-Tenancy for vRealize Automation 8 Deployment, we will discuss the process of Enabling Multi-Tenancy for your newly Deployed vRealize Automation 8 setup.
