Load Balancing VMware Identity Manager Integration Guide is now Ready!

This will be the first in a many of articles being released on new or updated documentation for deploying F5 LTM/APM/DNS with various VMware End-User-Computing based products.  I am happy to announce that our first document “Load Balancing VMware Identity Manager” is now available to the public!

What is VMware Identity Manager?

VMware Identity Manager combines applications and desktops in a single, aggregated workspace. Employees can then access the desktops and applications regardless of where they are based. With fewer management points and flexible access, Identity Manager reduces the complexity of IT administration.

What does this Integration Guide Detail?

This documentation focuses on deploying F5 LTM with VMware Identity Manager (On-Premise) for a production deployment.  Typically, the first VMware Identity Manager node is setup/configured and placed behind the load balancer, this will be the focus of this document.  After that’s completed the first node would be shutdown then cloned to the other two nodes for a total of 3 Nodes in the cluster, there are references within the document for other VMware documentation to complete this part.

Here is an example from the document that shows how to setup the advanced monitor we use to identify if a single node within the cluster is online or not.  This monitor is an example of how F5 does more than just a simple load balancer.  Most simple load balancers just check for the HTTPS header or ICMP (Ping) responses to identify if a node is online.  F5 worked together with VMware to identify the best way to identify if a node within a cluster is in maintenance mode or offline due to other issues.

Create Monitor
The next task is to create the Identity Manager Monitor for the BIG-IP Appliance to validate when the webserver is available. Use the following guidance to create a health monitor on the BIG-IP system.

  1. Click Local Traffic.
  2. Hover over Monitors.
  3. Click the Add button (+) to the right of Monitors to create a new health monitor.


Monitor Configuration
Create a Monitor with the following settings.
 

  1. In the Name field, type a unique name such as WorkspaceOne-Monitor.
  2. From the Type list, select HTTPS.
  3. In the Send String field, type
    GET /SAAS/API/1.0/REST/system/health/heartbeat HTTP/1.1\r\nHost: \r\nConnection: Close\r\n\r\n
  4. In the Receive String field, type ok$.
  5. In the Receive Disable String field, type 404.
  6. Click Finished.

You can now download the updated step-by-step guide for Load Balancing VMware Identity Manager.
https://f5.com/Portals/1/PDF/Partners/f5-big-ip-vmware-workspaceone-integration-guide.pdf

You can also read up on setting up a 3-Node Cluster with VMware Identity Manager.

https://communities.vmware.com/docs/DOC-33552
and
http://pubs.vmware.com/identity-manager-28/index.jsp#com.vmware.wsp-install_28/GUID-A29C51E5-6FF5-4F7F-8FC2-1A0F687F6DC5.html

Special Thanks to Dean Flaming, and the VMware Identity Management team for all of their assistance putting this together!

Published Jul 06, 2017
Version 1.0
  • ok, so I followed the steps, but now am getting the error message " Incorrect issuer in SAML AuthnRequest. "  Does anyone have recommendations for this.  Additionally, there's not the option for "terminate on load balancer" for the vIDM work space one :8443/cfg/ssl on single node, v 3.3.6.