Consider your entire deployment, including how you integrate resources, when you make decisions about hardware, resources, and network requirements.

The following versions of vSphere and ESX server are supported:

5.0 U2 and later

5.1 and later

5.5 and later

6.0 and later

Ensure that the resources allocated to the virtual appliance meet the minimum requirements.

Component

Minimum Requirement

CPU

2

Random-access memory

6GB

Disk space

36GB

Database

A PostgreSQL database is included in the VMware Identity Manager virtual appliance, and you can use an external database server. For information about specific database versions and service pack configurations supported with VMware Identity Manager, see the VMware Product Interoperability Matrix at http://www.vmware.com/resources/compatibility/sim/interop_matrix.php.

External database sizing information: 64GB for first 100,000 users. Add 20GB for each additional 10,000 users.

Storage: 32GB

Component

Minimum Requirement

DNS record and IP address

IP address and DNS record

Firewall port

Ensure that the inbound firewall port 443 is open for users outside the network to the VMware Identity Manager instance or the load balancer.

Reverse Proxy

Access Point 2.6 supports reverse proxy functionality to allow users to securely access VMware Identity Manager unified catalog remotely. Access Point can be deployed in the DMZ behind the load balancers front-ending the VMware Identity Manager appliance.

Ports used in the server configuration are described below. Your deployment might include only a subset of these. Here are two potential scenarios:

To sync users and groups, VMware Identity Manager must connect to Active Directory.

To sync with ThinApp, the VMware Identity Manager must join the Active Directory domain and connect to the ThinApp Repository share.

Port

Source

Target

Description

443

Load Balancer

VMware Identity Manager virtual appliance

HTTPS

88

Load Balancer

VMware Identity Manager virtual appliance

TCP

Port used for Kerberos traffic from iOS devices to the Built-in KDC.

443

VMware Identity Manager virtual appliance

VMware Identity Manager virtual appliance

HTTPS

443

Browsers

VMware Identity Manager virtual appliance

HTTPS

443

VMware Identity Manager virtual appliance

vapp-updates.vmware.com

Access to the upgrade server.

8443

Browsers

VMware Identity Manager virtual appliance

Administrator Port

HTTPS

25

VMware Identity Manager virtual appliance

SMTP

TCP port to relay outbound mail

389, 636, 3268, 3269

VMware Identity Manager virtual appliance

Active Directory

Default values are shown. These ports are configurable.

445

VMware Identity Manager virtual appliance

VMware ThinApp repository

Access to ThinApp repository

5500

VMware Identity Manager virtual appliance

RSA SecurID system

Default value is shown. This port is configurable

53

VMware Identity Manager virtual appliance

DNS server

TCP/UDP

Every virtual appliance must have access to the DNS server on port 53 and allow incoming SSH traffic on port 22

88, 464, 135

VMware Identity Manager virtual appliance

Domain controller

TCP/UDP

TCP: 9300-9400

UDP: 54328

VMware Identity Manager virtual appliance

VMware Identity Manager virtual appliance

Audit needs

5432

VMware Identity Manager virtual appliance

Database

The PostgreSQL default port is 5432. The Oracle default port is 1521

389, 443

VMware Identity Manager virtual appliance

View server

Access to View server

Ensure that the environment for the host and the vSphere instance that runs the VMware Identity Manager virtual appliance meets the minimum hardware requirements. Storage requirements vary per deployment based on the number of users.

Note

You must turn on time sync at the ESX host level using an NTP server. Otherwise, a time drift will occur between the virtual appliances.

If you deploy multiple virtual appliances on different hosts, consider disabling the Sync to Host option for time synchronization and configuring the NTP server in each virtual appliance directly to ensure that there is no time drift between the virtual appliances.

Component

Minimum Requirement

Processor

2 Intel Quad Cores, 3.0GHz, 4MB Cache

RAM

16GB DDR2 1066 MHz, ECC and registered

On-board LAN

One 10/100/1000Base-TX port

Storage

500GB

VMware Identity Manager supports Active Directory on Windows 2008, 2008 R2, 2012, and 2012 R2, with a Domain functional level and Forest functional level of Windows 2003 and later.

The VMware Identity Manager administration console is a Web-based application you use to manage your tenant. You can access the administration console from the following browsers.

Internet Explorer 11 for Windows systems

Google Chrome 42.0 or later for Windows and Mac systems

Mozilla Firefox 40 or later for Windows and Mac systems

Safari 6.2.8 and later for Mac systems

Note

In Internet Explorer 11, JavaScript must be enabled and cookies allowed to authenticate through VMware Identity Manager.

End users can access the user apps portal from the following browsers.

Mozilla Firefox (latest)

Google Chrome (latest)

Safari (latest)

Internet Explorer 11

Microsoft Edge browser

Native browser and Google Chrome on Android devices

Safari on iOS devices

Note

In Internet Explorer 11, JavaScript must be enabled and cookies allowed to authenticate through VMware Identity Manager.