Does anyone have some step by step instructions on how to load balance Identity Manager 3.x with and NSX load balancer. I am struggling to get this set up, particularly with the certificate aspect.
Load-balancing for IDM with NSX is same process like another LB. I have done a 3 node setup with F5 and it works flawlessly. May I know what problem you are facing from certificate perspective ? You please go through F5 article once -> https://f5.com/Portals/1/PDF/Partners/f5-big-ip-vmware-workspaceone-integration-guide.pdf
Note : VMware recommends the use of Certificates which support Subject Alternate Names (SANs) defining each of the node FQDNs (public or internal) within the load balanced VIP FQDN. Wildcard certificates may be used, but due to wildcard certificate formats, SAN support is typically not available with wildcards from public CAs - and public CAs may complain about supplying an internal FQDN as a SAN value even if they do support SAN values. Additionally, some VMware Identity Manager features may not be usable with wildcard certificates when SAN support is not defined
If you are clear with article ,I would recommend you to configure first IDM with LB and confirm everything is working as expected and then move forward with cloning of other IDM.
Here is the latest on what I did today
So first, I have been trying to use a wildcard cert. Apparently identity manager does not like wildcard certs.
After these steps, I attempted to reconfigure the IDM FDQN for identity.mydomain.com and I did not receive an invalid URL error. But when I try to connect to https://identity.mydomain.com I get this
I also checked using this command from the IDM.
Curl -v 3 -ssl https://identity.mydomain.com
I thought maybe this was because IDM does not use TLSv1.0, so I tried this
Curl -v 3 –tlsv1.2 and get this
After all that, I tried setting the NSX load balancer to Passthrough mode. Different error, still can’t connect
IDM support wildcat cert,mine is working with the same. Can you remove IDM from LB and reconfigure the IDM FQDN once again and try the URL connection without LB ?
This issue was with the NSX load balancer. In the load balancer config under the server Pool settings, it did not like the fact that I had the VMs defined by name. It wanted them by IP address. After changing this, identity manager is working behind my load balancer.