VMware Cloud Community
kbragdon85
Contributor
Contributor
‎03-21-2019 12:43 PM

Deploying a Medium VRA deployment with full vIDM Cluster

Hello,

I am/have been tasked with redeploying our VRA deployment from a minimal to a Distributed HA deployment... Seems pretty straight forward, until I am told to deploy a full vIDM cluster to support 2FA for VRA and other applications that we are going to leverage this for.

So, I have a simple design, but I am not sure if this even works...

pastedImage_0.png

But my biggest concern is I cannot for the life of me find anyone else that has done this type of deployment. I have a reference for the VRA portion itself (The Beginner’s Guide to a vRealize Automation 7 Distributed Installation – Nuvoli Systems  ) but I don’t understand how the vIDM appliance cluster works with VRA and redirection.

Also, we are adding the ability to access the url from within the local network instead of just within the datacenter (like our old deployment). Which confuses me since i assume that the URL points to the VRA LB not vIDM LB, right?

I will be honest, I am just learning VRA. I originally managed HP SA and had a POC deployment to move away from HP SA. Please be helpful to the noob (me).

Tags (3)
0 Kudos
3 Replies
daphnissov
Immortal
Immortal
‎03-21-2019 12:50 PM

I'll be completely honest with you, if you're unfamiliar with the workings (let along inner workings) of vRA, you're about to be way in over your head with a project of this scope. A fully-distributed HA version of vRA is one thing, but integration with a vIDM cluster is quite another. My strong recommendation for you is you convince your leadership to engage a reputable VMware partner who has a track record of success with vRA deployments.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos
kbragdon85
Contributor
Contributor
‎03-21-2019 01:37 PM

Unfortunately that is not an option. This was originally deployed by (a reputable VMWare Partner) and they were supposed to deliver a full HA (similar to I described but without the vIDM cluster).

However, the bean counters signed off before we could evaluate and review the delivered deployment/product and we discovered that they actually gave us a POC Minimal deployment.

I understand VRA and have done minimal deployments myself (without Load balancers, both in my personal lab and in another datacenter).

My quandary is the vIDM cluster.

You are correct that I am in over my head, but that is how the cookie crumbles... Learn and get it done. Hence why I am posting here.

0 Kudos
daphnissov
Immortal
Immortal
‎03-21-2019 01:54 PM

Very well then. Integration with an external vIDM cluster with vRA is done via an external SAML provider. There are several pieces and parts that need to be setup both in vIDM and vRA to make this connection work. Creation of the vIDM cluster itself can be found in the relevant documentation. There's a good blog article here which shows the configuration and integration. Good luck to you.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos