Hi , I am setting up a vIDM on premises.

And I have some questions about the command for KDC.

https://docs.vmware.com/en/VMware-Identity-Manager/2.9.1/com.vmware.wsp-install_29/GUID-B5ADF0FA-7DA...

After reading from VMware Document , I am still confuse about realm and subdomain

In my environment , I have a single AD vmlan.local

my vIDM FQDN for external is , idm.ddnsfree.com , and it also the hostname for the virtual appliance.

1) . What should I enter for the command?

/etc/init.d/vmware-kdc init --realm {REALM.COM} --subdomain {sva-name.subdomain}

is it /etc/init.d/vmware-kdc init --realm IDM.DDNSFREE.COM --subdomain vmlan.local  ??

Realm

The realm is the name of an administrative entity that maintains authentication data. Selecting a descriptive name for the Kerberos authentication realm is important. The realm name must be a part of a DNS domain that the enterprise can configure.

The realm name and the fully qualified domain name (FQDN) that is used to access the VMware Identity Manager service are independent. Your enterprise must control the DNS domains for both the realm name and the FQDN. The convention is to make the realm name the same as your domain name, entered in uppercase letters. Sometimes the realm name and domain are different. For example, a realm name is EXAMPLE.NET, and idm.example.com is the VMware Identity Manager FQDN. In this case, you define DNS entries for both example.net and example.com domains.

The realm name is used by a Kerberos client to generate DNS names. For example, when the name is example.com, the Kerberos related name to contact the KDC by TCP is _kerberos._tcp.EXAMPLE.COM.

2). is it I only have to create the SRV record for idm.ddnsfree.com ? Since the vmlan.local SRV record is hosting and pointed by the Domain Controller.

Thanks you!