vIDM 3.3.5 deployment using vRSLCM 8.5 REST API in VCF (4.3.1) Aware Mode

Some time ago I described the installation process of VMware Identity Manager 3.3.0 with vRealize Lifecycle Manager 2.1 using Ansible (link here). That time the only possible option to install vIDM with vRSLCM was a single node with internal PostgresSQL database. vRSLCM 2.x does not perform cluster-based installations of VMware Identity Manager.

Fortunately it has changed and now vIDM cluster with three nodes can be deployed with vRSLCM.

Additionally starting from VCF 4.1, vRSLCM is deployed in a ‘VCF Mode’ which enables the integration with the SDDC Manager inventory for product deployment and life cycle management of vRealize Suite components and it we can handle binary downloads directly from the SDDC Manager UI.

Another benefit is that vRSLCM, in VCF Aware mode, will deploy vRealize Suite components according to VVD.

And one more important thing: load balancer preparation and configuration are no longer a prerequisite when you use vRealize Suite Lifecycle Manager to deploy or perform a cluster expansion on vIDM, vROps, or vRA. Load balancer preparation and configuration take place as part of the deploy or expand operation.

Anyway, when ‘Create Environment’ is requested, the request payload should contain property key, “vcfProperties” inside Infrastructure properties. “vcfProperties” identifies if the environment is VCF enabled or not.



"vcfProperties": "{\"vcfEnabled\":true,\"sddcManagerDetails\":[{\"sddcManagerHostName\":\"gre26sdm001.domain.com\",\"sddcManagerName\":\"default\",\"sddcManagerVmid\":\"default\"}]}"
    }

So the cURL request should look like below:

dataCenterVmid : VMID which you will get as a response of the datacenter GET request;

locker Items: Locker items such as passwords and certificates should be created OR provide plane text password.

cURL request:

$ curl 'https://vrlscm_fqdn/lcm/lcops/api/v2/environments' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Authorization: Basic <The Base64 encoded value of username:password>' \
    -d 
'{
  "environmentId": "globalenvironment",
  "environmentName": "globalenvironment",
  "infrastructure": {
    "properties": {
      "dataCenterVmid": "4ec46533-4472-4df5-944f-be7f6ae544e7",
      "regionName": "",
      "zoneName": "",
      "vCenterName": "gre28vcs001",
      "vCenterHost": "gre28vcs001.domain.com",
      "vcUsername": "administrator@vsphere.local",
      "vcPassword": "locker:password:17572db1-d149-4a4c-ac20-9f04f96bed33:vidm_root",
      "acceptEULA": "true",
      "enableTelemetry": "true",
      "defaultPassword": "locker:password:17572db1-d149-4a4c-ac20-9f04f96bed33:vidm_root",
      "certificate": "locker:certificate:5290b759-d193-4beb-8bcd-ee582284848c:vidm_cluster",
      "cluster": "gre28-m01-dc#gre28-m01-cluster01",
      "storage": "gre28-m01-vsan01",
      "folderName": "",
      "resourcePool": "gre28-m01-sddc-mgmt",
      "diskMode": "thin",
      "network": "xreg-m01-seg01",
      "masterVidmEnabled": "false",
      "dns": "192.168.10.24,192.168.10.25",
      "domain": "domain.com",
      "gateway": "192.168.20.1",
      "netmask": "255.255.255.0",
      "searchpath": "domain.com",
      "timeSyncMode": "ntp",
      "ntp": "",
      "isDhcp": "false",
      "vcfProperties": "{\"vcfEnabled\":true,\"sddcManagerDetails\":[{\"sddcManagerHostName\":\"gre28sdm001.domain.com\",\"sddcManagerName\":\"default\",\"sddcManagerVmid\":\"default\"}]}"
    }
  },
  "products": [
    {
      "id": "vidm",
      "version": "3.3.5",
      "properties": {
        "vidmAdminPassword": "locker:password:17572db1-d149-4a4c-ac20-9f04f96bed33:vidm_root",
        "syncGroupMembers": true,
        "nodeSize": "large",
        "defaultConfigurationEmail": "admin@domain.com",
        "defaultConfigurationUsername": "administrator",
        "defaultConfigurationPassword": "locker:password:17572db1-d149-4a4c-ac20-9f04f96bed33:vidm_root",
        "defaultTenantAlias": "",
        "vidmDomainName": "",
        "certificate": "locker:certificate:5290b759-d193-4beb-8bcd-ee582284848c:vidm_cluster",
        "contentLibraryItemId": "",
        "fipsMode": "false"
      },
      "clusterVIP": {
        "clusterVips": [
          {
            "type": "vidm-lb",
            "properties": {
              "hostName": "gre28idm001.domain.com",
              "lockerCertificate": "locker:certificate:5290b759-d193-4beb-8bcd-ee582284848c:vidm_cluster"
            }
          },
          {
            "type": "vidm-delegate",
            "properties": {
              "ip": "192.168.20.115"
            }
          }
        ]
      },
      "nodes": [
        {
          "type": "vidm-primary",
          "properties": {
            "vmName": "gre28idm002",
            "hostName": "gre28idm002.domain.com",
            "ip": "192.168.20.112"
          }
        },
        {
          "type": "vidm-secondary",
          "properties": {
            "vmName": "gre28idm003",
            "hostName": "gre28idm003.domain.com",
            "ip": "192.168.20.113"
          }
        },
        {
          "type": "vidm-secondary",
          "properties": {
            "vmName": "gre28idm004",
            "hostName": "gre28idm004.domain.com",
            "ip": "192.168.20.114"
          }
        }
      ]
    }
  ]
}

vIDM is deployed so lets switch to NSX-T and check how .

And now log in to vIDM cluster.

That’s it 🙂 If you have any questions just ping me 🙂