The connector component of VMware Identity Manager is delivered as a virtual appliance that is deployed on site and integrates with your enterprise directory to sync users and groups to the VMware Identity Manager service and to provide authentication.

As you plan for your deployment, consider your organization's objectives. During the deployment, the connector is set up inside the internal network. Internal and external users who log in to the VMware Identity Manager service are redirected to the connector for authentication. You must install a load balancer in the DMZ to provide access to the connector from both inside the corporate network and from outside the firewall. You can install a load balancer, such as Apache, NGINX, or F5. See Using a Load Balancer to Enable External Access to the Connector.

Typical ConnectorDeployment with VMware Identity Manager

For redundancy and failover you add additional connector virtual appliances to form a cluster. If one appliance is unavailable, the connector is still available. All nodes in the cluster are identical and nearly stateless copies of each other. See Configuring Failover and Redundancy.

The connector is the initial identity provider to provide authentication. If your organization has specific authentication policies, you can integrate a third party identity provider to support the additional authentication methods. See the VMware Identity Manager Administration Guide.