During deployment, the VMware Identity Manager virtual appliance is set up inside the internal network. If you want to provide access to the service for users connecting from outside networks, you must install a load balancer, such as Apache, nginx, F5, and so on, in the DMZ.

If you do not use a load balancer, you cannot expand the number of VMware Identity Manager appliances later. You might need to add more appliances to provide redundancy and load balancing. The following diagram shows the basic deployment architecture you can use to enable external access.

External Load Balancer Proxy with Virtual Machine
This diagram shows how an external gateway proxy works with the Horizon Workspace vApp.

During the deployment of the VMware Identity Manager virtual machine, you enter the VMware Identity Manager FQDN and port number. These values must point to the host name that you want end users to access.

The VMware Identity Manager virtual machine always runs on port 443. You can use a different port number for the load balancer. If you use a different port number, you must specify it during deployment.

Load balancer settings to configure include enabling X-Forwarded-For headers, setting the load balancer timeout correctly, and enabling sticky sessions. In addition, SSL trust must be configured between the VMware Identity Manager virtual appliance and the load balancer.

X-Forwarded-For Headers. You must enable X-Forwarded-For headers on your load balancer. This determines the authentication method. See the documentation provided by your load balancer vendor for more information.

Load Balancer Timeout. For VMware Identity Manager to function correctly, you might need to increase the load balancer request timeout from the default. The value is set in minutes. If the timeout setting is too low, you might see this error, “502 error: The service is currently unavailable.”

Enabling Sticky Session on the Load Balancer to VMware Identity Manager. Ensure that you enable sticky session on the load balancer to the VMware Identity Manager appliances if your deployment uses multiple VMware Identity Manager appliances. Sticky session improves Web interface performance. If sticky session is not enabled, some functions might fail.