Migrating External Linux-Based VMware Identity Manager Connector to Windows Connector

Posted by on in , | 336 Views | Leave a response

As you all know, starting VMware identity Manager 19.03 Linux based connector is deprecated and all existing Linux connectors must be migrated to Windows based connector. This applies to all deployments cloud and On-Prem.

Reference Document: https://docs.vmware.com/en/VMware-Identity-Manager/19.03/rn/VMware-Identity-Manager-1903-Release-Notes.html

I will be explaining the steps below on how to migrate Linux based External connectors to Windows Connector. This will activate the Windows connector and enable Password auth automatically on the VMware Identity Manager console. All other authentication methods (like RADIUS, Kerberos, Certificate, Outbound Auth methods) will be disabled by default. if you are using any of the other authentication methods, same need to be enabled manually.

Before we start running the Migration, we need below pre-requisites to be completed for successful migration.

  1. Download the Cluster-support.tgz package from MY VMware – Click Here for direct link MY VMware

  2. Deploy one Windows VM for connector deployment
  3. Download the VMware Identity Manager Standalone Connector Installer for Windows Package – Click Here for 19.03 connector Link

  4. Encrypted External Linux-based connector configuration file.

Steps to Create Encrypted Connector configuration file:

  1. Copy downloaded Cluster-support.tgz package to Linux connector.

    You can use WinSCP or pscp from windows machine. I have used pscp command below.

    Command to copy file to Linux connector from Windows machine: pscp <location of cluster-support.tgz> root@hostname or ip:/tmp

  2. Validate the copied file is available in Linux connector

    Login to connector with Root user and check in /tmp location

  3. Run tar xvfz cluster-support.tgz command to un-compress the file. Once extracted, you will be able to view 2 files.

  4. Run ./generateClusterFile.sh <password> command to create an encrypted configuration file of Linux based connector. Replace <password> with your own password for encryption.

    Once you run the command it prompts you to Include Syslog & Proxy information and then creates the encrypted file.

  5. Copy the encrypted configuration file to Windows VM that is created for installing the connector.

    You can use pscp command again to copy file from Linux connector to Windows : pscp root@hostname or IP:<path of .encfile> <Destination folder path>

Steps to Install and Migrate Linux Based Connector to Windows Connector:

  1. Download the Installer in Windows Connector VM
  2. Run the Connector Installer as Administrator

  3. Click Next and proceed the Installation screen

  4. Select the Destination Folder to install the Connector

  5. If prompted to Install Latest version of JRE required for VMware Identity Manager Connector, Click Yes and Proceed the installation.

    Required JRE will be installed once you click Yes

  6. Select the Check Box “Are you migrating your Connector?” and Installer will prompt for selecting the Encrypted Connector configuration file.

    Select the Encrypted Connector configuration file and Enter Password for configuration file. Now click Next to proceed further.

  7. Validate the Connector Host name and port number and click Next.
  8. If you were using the Kerberos Authentication, Check the box that request “Would you like to un the connector service as domain user account?”

    In my lab I’m not using the Kerberos authentication and not selected the option. Click on Yes and then Next to proceed installation

  9. Click on Install to proceed Installation
  10. Once Installation is completed you will get the Confirmation on the Installation wizard. Click Finish to validate the Installation.
  11. Installer will prompt you to Launch the Confiuration page. As we are migrating the Connector from Linux-Based connector to Windows Connector, Connector will get automatically activated and No need to configure again.Cick No to Complete the Setup wiard.

  12. Check the VMware IDM Connector service appears as Running in services.msc

Steps to Validate the Connector Migration:

  1. Login to VMware Identity Manager admin console and Navigate to Identity & Access management > Setup

    You should be able to View the New connector with Version 19.03.0.0 is activated and all the Identity Providers are configured automatically on New connector.

  2. Now we have to delete the Linux-Based connector instance by clicking Delete Icon next to connector instance. Click on Confirm to delete the Connector instance

  3. Check the Directory Sync is working with New connector

    Navigate to Identity and Access Management > Manage and Click on Sync Now next to Directory

    Directory Sync must complete without any issue.

  4. Navigate to Identity Providers and Enable all applicable authentication methods this includes Built-In Auth methods.

    When we ran the migration package on the external Linux-based-connector, all authentication methods, except for the Password authentication method were disabled. Now we must re-enable the disabled authentication methods on the external Windows-based connector.

  5. In my Lab I have used Password (cloud deployment) method and same has been disabled by Migration support. Will enable the same by Checking the Domain listed in Built-in IDP.

    Then click Save to enable the authentication Method. This Procedure also applies to any other Authentication method like Certificate Auth, RADIUS Auth and so on.

This completes the Migration steps from Linux-Based Connector to Windows.

Hope you find this useful. Thanks for reading, Keep sharing.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.