In the previous post we talked about Deploying vRSLCM, vRA and vIDM Appliances using Easy Installer. In this post we will take you through the process of Expanding VMware Identity Manager Deployment from a Single-Node to a 3-Node Environment.

Part-1: Configure Load Balancer for vRA 8 and vIDM
Part-2: Deploy vRSLCM, vRA and vIDM Appliances using Easy Installer
Part-3: Scale-Out VMware Identity Manager Deployment
Part-4: Enable Multi-Tenancy for vRealize Automation 8 Deployment

Part-3: Scale-Out VMware Identity Manager Deployment

Before we start expanding VMware Identity Manager Deployment we need to generate Certificates for vRealize Automation and VMware Identity Manager Appliances. We will be generating SAN Certificates in this post using vRealize Suite Lifecycle Manager but you can also apply Custom CA Signed certificates by Importing the Certificates in vRealize Suite Lifecycle Manager.

The following steps will help in generating and applying the new Certificates with the help of vRealize Suite Lifecycle Manager:

1. We can find the existing Certificates and Generate new Certificates under Locker > Certificates section in vRLSCM:

2. If you want to use Custom CA Certificates, you can click on Generate CSR and fill the details and send it to your CA for generating the Certificates but in this post we will be using the Generate option to Generate SSL Certificates using vRSLCM. Click on Generate and fill in the following details for vIDM Certificate:

Name: MyCloud-vIDM Certificate
Common Name (CN): vidm
Organization (O): MyCloud
Organization Unit (OU): Delhi
Country Code (C): IN
Locality (L): Delhi
State (ST): Delhi
Key Length: 2048
Server/Domain/Hostname: vidm1.mycloud.lab, vidm2.mycloud.lab, vidm3.mycloud.lab, vidm.mycloud.lab, tenant.mycloud.lab, tenant1.mycloud.lab
IP Address: 192.168.10.17, 192.168.10.18, 192.168.10.19, 192.168.10.16, 192.168.10.22

3. We need to Generate another Certificate for vRA Appliances:

Name: MyCloud-vRA Certificate
Common Name (CN): vra
Organization (O): MyCloud
Organization Unit (OU): Delhi
Country Code (C): IN
Locality (L): Delhi
State (ST): Delhi
Key Length: 2048
Server/Domain/Hostname: vra.mycloud.lab, vra1.mycloud.lab, vra2.mycloud.lab, vra3.mycloud.lab, tenant1.vra.mycloud.lab
IP Address: 192.168.10.12, 192.168.10.13, 192.168.10.14, 192.168.10.15

Note: If you are not very concerned about the certificates and would like to use a wildcard certificate, you can simply generate a wildcard certificate *.mycloud.lab

4. Once we have generated the Certificates, we will have to Import the MyCloud-vIDM Certificate in NSX-LB. We mentioned this Step as the last Step in Part-1: Configure Load Balancer for vRA 8 and vIDM of this Blog Series.

4. We will login to vRealize Suite Lifecycle Manager, under Lifecycle Operations section we need to go to globalenvironment & MyCloud-VRA8 Environment. Select Replace Certificate and apply the respective Certificates to each solution.

5. Once we have successfully applied the newly Generated Certificates, we will proceed with the Actual Task at hand which is to expand our VMware Identity Manager Deployment from 1-Node to 3-Node which will make our environment truly Production Ready and Highly-Available. Now we need to go into globalenvironment under Environments and click on Add Components.

6. Please ensure that you have taken snapshots of your vIDM and vRA Appliances before proceeding, Trigger Inventory Sync, check the Checkbox which ensures that VMware Identity Manager cluster is Healthy and click Proceed.

7. In Infrastructure section Select the Target vCenter Server, Cluster, Folder, Network and Datastore where you would like to Host the Secondary VMware Identity Manager Appliances. You can also enable Thin Disk Mode for the Storage of these Appliances.

8. Network Section should already have the details of Default Gateway, Netmask, Domain Name, Domain Search Path and DNS Servers.

Default Gateway: 192.168.10.1
Netmask: 255.255.255.0
Domain Name: mycloud.lab
Domain Search Path: mycloud.lab
DNS1 Server: 192.168.10.50
DNS2 Server: 192.168.10.51

9. Under Configuration section click on + next to Components and Select VMware Identity Manager Secondary Node. Repeat the process to add another Secondary Node to VMware Identity Manager Deployment and fill in the following details:

Cluster VIP FQDN: vidm.mycloud.lab
Database IP Address: 192.168.10.20
VIDM3 VM Name: VIDM3
VIDM3 FQDN: vidm3.mycloud.lab
VIDM3 IP Address: 192.168.10.19
VIDM2 VM Name: VIDM2
VIDM2 FQDN: vidm2.mycloud.lab
VIDM2 IPAddress: 192.168.10.18

10. Click on RUN PRECHECK and System will run multiple tests against the Entered Data, Infrastructure and VMware Identity Manager Configuration.

11. Once all Pre-Checks have Passed, Review all the details on Summary screen and click Submit.

12. Once you click Submit, vRSLCM goes through Stages 1 to 16 for Expanding VMware Identity Manager Deployment from 1-Node to 3-Nodes.

The entire process of Expanding VMware Identity Manager Deployment took us around 1 hour and 45 mins on a Production Grade Hardware right from Generating new Certificates to Deploying and Configuring Secondary VMware Identity Manager Nodes. In the next and final part of this Blog series Part-4: Enable Multi-Tenancy for vRealize Automation 8 Deployment, we will discuss the process of Enabling Multi-Tenancy for your newly Deployed vRealize Automation 8 setup.