Install the VMware Identity Manager Service

In this exercise, we are going to run the VMware Identity Manager service application installer to install the VMware Identity Manager service. As discussed in the introduction, we have a dedicated server, vidm-01a.corp.local, setup to host the VMware Identity Manager service and will be installing the service on that server.

1. Connect to VIDM-01 RPD

From the Desktop, click the vidm-01a.rdp shortcut.

2. Run the VMware Identity Manager Service Installer

  1. Click the File Explorer icon from the taskbar on the vidm-01a.corp.local server.
  2. Click Documents.
  3. Click HOL.
  4. Right-click the VMware_Identity_Manager_3.2.0.1_Full_Install.exe file.
  5. Click Run as administrator.

3. Complete the VMware Identity Manager Service Install

Click Next.

NOTE: It might take a couple of minutes for the installer to load.

3.1. Accept License Agreement

  1. Check the I accept the terms in the license agreement button.
  2. Click Next.

3.2. Continue Without Participating in the CEIP

  1. Select No.
  2. Click Next.

The Customer Experience Improvement Program (CEIP) uses non-personally identifiable information to improve products and services.  For the purposes of this exercise, you will opt-out of the program.

3.3. Installation Wizard Prerequisites

Click Next.

The installation wizard will automatically install the missing software prerequisites.  For the purposes of this exercise, the prerequisites have already been installed for you to reduce the installation time.

NOTE: It is not recommended to pre-install Java 8 and to instead allow the installer to install the recommended Java 8 version.

3.4. Destination Folder

We will install this on the default destination folder C:\VMware\.

Click Next

3.5. Continue Without Configuring Existing Cluster Details

Click Next to continue without joining an existing VMware Identity Manager cluster.

NOTE: If you were configuring an additional VMware Identity Manager instance to provide high availability or to load balance existing traffic, you would provide your cluster configuration package at this step.

3.6. Provide the Hostname

  1. Enter vidm-01a.corp.local for the Hostname.
    NOTE: The Hostname should always be provided as the fully qualified domain name (FQDN).
    NOTE: The provided hostname is the hostname of the vidm-01a server that you are currently connected to.
  2. Click Next.

3.7. VMware Identity Manager Database Server

  1. Enter sql-01a.corp.local as the VMware Identity Manager Database server.
  2. Select SQL Server authentication using Login ID and password below.
  3. Enter vidmuser as the Login ID.
  4. Enter VMware1! as the Password.
  5. Click on Browse.

Remember that during our vidmdb database setup earlier, our script created the vidmuser user with the VMware1! password for use with the vidmdb database.  This is why we choose to use these credentials here in order to authenticate to the vidmdb in the following steps.

NOTE: After clicking Browse, it may take 30 - 60 seconds to populate the list of databases.

3.8. Select VIDMDB

  1. Select the vidmdb database.
  2. Click OK.

3.9. Click Next

Click Next.

3.10. VMware Identity Manager Service Account Information

  1. Uncheck the option for Would you like to run the VMware Identity Manager server as a domain user account.
  2. Click Next.

As mentioned in the introduction, this setup will not utilize a domain user account for the VMware Identity Manager service since the server is not domain joined.  Instead, you will configure the VMware Identity Manager Connector in a later step to use a domain user account for Active Directory user sync and authentication.

3.11. Confirm User Account Question

Click Yes.

As noted, Integrated Windows Authentication (IWA) and Kerberos authentication require a domain user account for authentication.  In this setup, you are electing that these authentication methods will be unavailable to your VMware Identity Manager service.  However, you will configure the setup to authenticate users with the VMware Identity Manager Connector rather than the VMware Identity Manager service in later steps.

If you wished to authenticate your users using IWA or Kerberos from your VMware Identity Manager service without using the VMware Identity Manager Connector or without running the VMware Identity Manager Connector with a domain user account, you would need to supply a domain user account for the VMware Identity Manager service instead.

3.12. Begin the Installation

Click Install to begin the installation of the VMware Identity Manager service.

NOTE: The installation may take around 8 - 10 minutes to fully complete, please be patient while the installer finishes.

3.13. Install Completed

Click Finish to close the install wizard.

3.14. Open the VMware Identity Manager Setup Wizard

When prompted, click Yes to open the VMware Identity Manager Setup Wizard at https://vidm-01a.corp.local:8443/cfg.  

4. Complete the VMware Identity Manager Setup Wizard

  1. Click Advanced.
  2. Click Proceed to vidm-01a.corp.local (unsafe).

Why are you seeing an invalid certificate error?  If you recall, we do not provide a SSL certificate as part of the VMware Identity Manager Service installer.  You will be uploading the SSL certificate after the Setup Wizard, which you are accessing now.

4.1. Setup the Appliance Administrator Password

  1. Enter VMware1! for the password.
  2. Enter VMware1! to confirm the password.
  3. Click Continue.

4.2. Setup the Database Connection

  1. Enter VMware1! for the database password.  This is the password for the vidmuser connecting to our vidmdb database.
  2. Click Continue.

4.3. Confirm Setup Completed Successfully

After a few minutes, you should see the Setup is Complete screen.  Click Log in to the administration console.

NOTE: DO NOT manually refresh or navigate away from the page during the final setup.  You will be automatically re-directed to the page when the setup is completed.

5. Perform Initial Configuration in the Administration Console

  1. Enter admin for the username.
  2. Enter VMware1! for the password.
  3. Click Sign in.

These credentials are for the Appliance Administrator you configured in the previous steps during the Setup Wizard.

5.1. Open System Configuration

  1. Click Appliance Settings.
  2. Click Manage Configuration.

5.2. Open the Certificate Chain Text File

  1. Click the File Explorer icon from the taskbar of the vidm-01a.corp.local server.
  2. Click Documents.
  3. Click HOL.
  4. Double-click the wildcard_corp_local.txt file to open it in Notepad.

5.2.1. Copy the Certificate Chain

Copy the full Certificate Chain text.  This will be used to paste into the VMware Identity Manager system configuration.

  1. Click Edit.
  2. Click Select All.
  3. Click Edit.
  4. Click Copy.

5.3. Update the SSL Certificate Chain for the VMware Identity Manager Server Certificate

Return to the System Configuration page for VMware Identity Manager in Google Chrome.

  1. Click the Install SSL Certificate tab.
  2. Click the Server Certificate tab.
  3. Select Custom Certificate for the SSL Certificate.
  4. Right-click inside the SSL Certificate Chain textbox and click Select All.
  5. Right-click inside the SSL Certificate Chain textbox and click Paste.

This will replace the existing SSL Certificate Chain with the one you copied in the previous step.  The SSL Certificate Chain you copied is comprised of a wildcard corp.local certificate and the root certificate used for this exercise.

5.4. Open the Private Key Text File

  1. Click the File Explorer icon from the taskbar of the vidm-01a.corp.local server.
  2. Click Documents.
  3. Click HOL.
  4. Double-click the wildcard_corp_local_key.txt file to open it in Notepad.

5.4.1. Copy the Private Key

Copy the full Private Key text.  This will be used to paste into the VMware Identity Manager system configuration.

  1. Click Edit.
  2. Click Select All.
  3. Click Edit.
  4. Click Copy.

5.5. Update the Private Key

Return to the System Configuration page for VMware Identity Manager in Google Chrome.

  1. Scroll down to find the Private Key textbox.
  2. Right-click inside the Private Key textbox and click Select All.
  3. Right-click inside the Private Key textbox and click Paste.
  4. Click Add.

This will replace the existing Private Key with the one you copied in the previous step.  The Private Key you copied is comprised of a wildcard corp.local private key paired with the SSL Certificate used in this exercise.

5.6. Confirm Identity Manager Service Restart

Click OK to confirm that updating the certificate will cause the Identity Manager Service to restart.

5.7. Wait for the Server to Restart

You will see a loading screen while the certificate installs and the server restarts.  Please wait until this has completed before continuing.

NOTE: This process may take 10 - 12 minutes to complete.

Once the server has restarted, you will have provided your own SSL certificate chain and private key.  This concludes the initial configuration of your newly installed VMware Identity Manager service, additional steps will be taken from the Main Console where you will validate that the certificate error is no longer shown.

NOTE: When the process finishes, you will return to the Server Certificate tab of the System Configuration screen.

6. Return to the Main Console

You will return to the Main Console to complete additional exercises.  Click the Close (X) button on the Remote Desktop Connection bar at the top of your screen.

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.