Consider your entire deployment, including how you integrate resources, when you make decisions about hardware, resources, and network requirements.

The following versions of vSphere and ESX server are supported:

5.0 U2 and later

5.1 and later

5.5 and later

6.0 and later

Ensure that the resources allocated to the virtual appliance meet the minimum requirements.

Component

Minimum Requirement

CPU

2

Random-access memory

6GB

Disk space

36GB

Database

A PostgreSQL database is included in the VMware Identity Manager virtual appliance, and you can use an external database server. For information about specific database versions and service pack configurations supported with VMware Identity Manager, see the VMware Product Interoperability Matrix at http://www.vmware.com/resources/compatibility/sim/interop_matrix.php.

External database sizing information: 64GB for first 100,000 users. Add 20GB for each additional 10,000 users.

Storage: 32GB

Component

Minimum Requirement

DNS record and IP address

IP address and DNS record

Firewall port

Ensure that the inbound firewall port 443 is open for users outside the network to the VMware Identity Manager instance or the load balancer.

Reverse Proxy

Deploy a reverse proxy such as F5 Access Policy Manager in the DMZ to allow users to securely access the VMware Identity Manager user portal remotely.

Ports used in the server configuration are described below. Your deployment might include only a subset of these. Here are two potential scenarios:

To sync users and groups from Active Directory, VMware Identity Manager must connect to Active Directory.

To sync with ThinApp, the VMware Identity Manager must join the Active Directory domain and connect to the ThinApp Repository share.

Port

Source

Target

Description

443

Load Balancer

VMware Identity Manager virtual appliance

HTTPS

443

VMware Identity Manager virtual appliance

VMware Identity Manager virtual appliance

HTTPS

443

Browsers

VMware Identity Manager virtual appliance

HTTPS

443

VMware Identity Manager virtual appliance

vapp-updates.vmware.com

Access to the upgrade server

8443

Browsers

VMware Identity Manager virtual appliance

Administrator Port

HTTPS

25

VMware Identity Manager virtual appliance

SMTP

TCP port to relay outbound mail

389, 636, 3268, 3269

VMware Identity Manager virtual appliance

Active Directory

Default values are shown. These ports are configurable.

445

VMware Identity Manager virtual appliance

VMware ThinApp repository

Access to ThinApp repository

5500

VMware Identity Manager virtual appliance

RSA SecurID system

Default value is shown. This port is configurable.

53

VMware Identity Manager virtual appliance

DNS server

TCP/UDP

Every virtual appliance must have access to the DNS server on port 53 and allow incoming SSH traffic on port 22.

88, 464, 135

VMware Identity Manager virtual appliance

Domain controller

TCP/UDP

TCP: 9300-9400

UDP: 54328

VMware Identity Manager virtual appliance

VMware Identity Manager virtual appliance

Audit needs

5432

VMware Identity Manager virtual appliance

Database

The PostgreSQL default port is 5432. The Oracle default port is 1521

389, 443

VMware Identity Manager virtual appliance

View server

Access to View server

443

VMware Identity Manager virtual appliance

AirWatch REST API

HTTPS

For device compliance checking and for the ACC Password authentication method, if that is used.

Ensure that the environment for the host and the vSphere instance that runs the VMware Identity Manager virtual appliance meets the minimum hardware requirements. Storage requirements vary per deployment based on the number of users.

Note

You must turn on time sync at the ESX host level using an NTP server. Otherwise, a time drift will occur between the virtual appliances.

If you deploy multiple virtual appliances on different hosts, consider disabling the Sync to Host option for time synchronization and configuring the NTP server in each virtual appliance directly to ensure that there is no time drift between the virtual appliances.

Component

Minimum Requirement

Processor

2 Intel Quad Cores, 3.0GHz, 4MB Cache

RAM

16GB DDR2 1066 MHz, ECC and registered

On-board LAN

One 10/100/1000Base-TX port

Storage

500GB

VMware Identity Manager supports Active Directory on Windows 2008, 2008 R2, 2012, and 2012 R2, with a Domain functional level and Forest functional level of Windows 2003 and later.

The VMware Identity Manager administration console is a Web-based application you use to manage your tenant. You can access the administration console from the following browsers.

Internet Explorer 11 for Windows systems

Google Chrome 42.0 or later for Windows and Mac systems

Mozilla Firefox 40 or later for Windows and Mac systems

Safari 6.2.8 and later for Mac systems

Note

In Internet Explorer 11, JavaScript must be enabled and cookies allowed to authenticate through VMware Identity Manager.

End users can access the user apps portal from the following browsers.

Mozilla Firefox (latest)

Google Chrome (latest)

Safari (latest)

Internet Explorer 11

Microsoft Edge browser

Native browser and Google Chrome on Android devices

Safari on iOS devices

Note

In Internet Explorer 11, JavaScript must be enabled and cookies allowed to authenticate through VMware Identity Manager.