Configure the connector for failover and redundancy by deploying multiple connector virtual appliances in a connector cluster. If one of the appliances shuts down, the connector is still available.

To set up failover, you first install and configure the first connector virtual appliance, create a directory that uses it as the identity provider, and add the connector to the load balancer. You then deploy additional connector appliances and associate them with the Identity Provider page of the first connector, before adding them to the load balancer. As a result, you have multiple connector appliances, all associated with the same directory.

After you set up failover, the connector is highly available. Traffic is distributed to the connector virtual appliances in your cluster based on the load balancer configuration. Specifically, authentication is highly available. If one of the connector instances shuts down, authentication is still available because one of the other connector instances is used. For directory sync, however, in the event of a connector instance failure, you will need to manually select another connector instance as the sync connector. This is because directory sync can only be enabled on one connector at a time.

You have installed and configured a load balancer. See Using a Load Balancer to Enable External Access to the Connector for requirements.

1

Install the first connector virtual appliance and activate it by obtaining the activation code from the VMware Identity Manager service.

See Deploying VMware Identity Manager Connector.

2

Create a directory in the service and select the connector as the identity provider.

3

Add the connector to your load balancer and restart the load balancer.

Make sure that the load balancer port is 443. Do not use 8443 as this port number is the administrative port and is unique to each virtual appliance.

Apply the connector root certificate to the load balancer and the load balancer root certificate to the connector. See Using a Load Balancer to Enable External Access to the Connector for information.

4

Change the connector authentication URL to match the load balancer URL.

a

Log in to the VMware Identity Manager administration console.

b

Select the Identity & Access Management tab, then select the Identity Providers tab.

c

In the Identity Providers page, click the identity provider name for the connector instance.

d

In the IdP Hostname field, enter the load balancer fully qualified domain name (FQDN).

For example, mylb.mycompany.com.

e

Click Save.

5

Install a new connector virtual appliance.

6

Activate the second connector by obtaining an activation code from the same VMware Identity Manager service instance that you used for the first connector.

7

Add the second connector to the Identity Provider page of the first connector.

a

In the administration console, select the Identity & Access Management tab, then select the Identity Providers tab.

b

In the Identity Providers page, find the identity provider for the directory that is associated with the first connector and click the identity provider name.

c

In the Connector field, select the check box for the second connector.

Both connectors are now selected for the identity provider.

d

Click Save.

If prompted for a password, specify the Bind DN user password.

8

Add the second connector to your load balancer and restart the load balancer.

9

Repeat steps 5-8 for any additional connector appliances you want to add.

If you had joined an Active Directory domain in the original connector instance, then you need to join the domain in the other connector instances.

a

In the administration console, select the Identity & Access Management tab, then click Setup.

The cloned connector instances are listed in the Connectors page.

b

For each connector listed, click Join Domain and specify the domain information.

For more information about Active Directory, see Integrating with Active Directory.