Workspace ONE Access Multisite Tasks – One Pager

For the past few weeks, I have been working with my project team and my customer to help them stand up VMware Access on a secondary site. With the help of Haseeb Waseem, I have created a single spreadsheet which includes all the major steps needed to create a secondary site.

Hope this is helpful to others. Here is the direct link for the spreadsheet.

Step #NodeTaskStepsCompletedNotes      
1Primary Data Center - Original Cloned NodeAdd the load balancer FQDN of the secondary data center cluster to the /usr/local/horizon/conf/runtime-config.properties file 1. Edit the /usr/local/horizon/conf/runtime-config.properties file. -> vi /usr/local/horizon/conf/runtime-config.properties 2. Add following line to file -> analytics.replication.peers=https://LB_FQDN_of_second_cluster
3. Log in to the virtual appliance console as root and delete the /etc/udev/rules.d/70-persistent-net.rules file, if it exists. 4. Restart IDM Service on node -> service horizon-workspace restart.

2Primary Data Center - Original Cloned NodeUpdate Database1.Naviagte to the appliance configuration page (vidmfqdn:8443/cfg/login)
2. Navigate to Database Connection and change the JDBC URL: to jdbc:jtds:sqlserver:///;integratedSecurity=true;domain=;useNTLMv2=true;multiSubnetFailover=true
3. Shut down node
3Primary Data Center - Original Cloned NodeClone / Backup DBNote: Before exporting OVF ensure that no admin activity or user sync is occurring on appliance
1. Clone node to have a backup
2. Back up vIDM Database
4Primary Data Center - Original Cloned NodeExport OVF Ensure that VM has no snapshots, if so delete
1. Log into vSphere and export OVF by right clicking VM -> Template -> Export OVF Template. Ensure that advanced options checkbox is selected.
2. Once task completes turn on node
3. Ensure that elastic search is green before continuing
5Primary Data Center - Node 2Add the load balancer FQDN of the secondary data center cluster to the /usr/local/horizon/conf/runtime-config.properties file 1. Edit the /usr/local/horizon/conf/runtime-config.properties file. -> vi /usr/local/horizon/conf/runtime-config.properties 2. Add following line to file -> analytics.replication.peers=https://LB_FQDN_of_second_cluster 3. Restart IDM Service on node -> service horizon-workspace restart.

7Primary Data Center - Node 3Add the load balancer FQDN of the secondary data center cluster to the /usr/local/horizon/conf/runtime-config.properties file 1. Edit the /usr/local/horizon/conf/runtime-config.properties file. -> vi /usr/local/horizon/conf/runtime-config.properties 2. Add following line to file -> analytics.replication.peers=https://LB_FQDN_of_second_cluster 3. Restart IDM Service on node -> service horizon-workspace restart.

9Secondary Data Center - Node 1Import OVF1. Log into vSphere and right click host where VM is to be deployed. Select Deploy OVF Template
2. Ensure correct values are entered (name, compute resource, storage, IP, gateway, netmask, etc…).
3. MAKE SURE TO DISCONNECT NIC BEFORE POWERING ON VM
4. Edit the /usr/local/horizon/conf/runtime-config.properties file. -> vi /usr/local/horizon/conf/runtime-config.properties
5. Edit the line that was added earlier to analytics.replication.peers=https://LB_FQDN_of_primary_cluster
6. Restart IDM Service on node -> service horizon-workspace restart.
7. Navigate to vSphere, right click VM and reconnect NIC.
8. Log into VM cli and type reboot to reboot VM
9.Ensure VM is pointing to correct NTP server
10.Ensure forward and reverse lookup are configured correctly for the VM
10Secondary Data Center - Node 2Import OVF1. Log into vSphere and right click host where VM is to be deployed. Select Deploy OVF Template
2. Ensure correct values are entered (name, compute resource, storage, IP, gateway, netmask, etc…).
3. MAKE SURE TO DISCONNECT NIC BEFORE POWERING ON VM
4. Edit the /usr/local/horizon/conf/runtime-config.properties file. -> vi /usr/local/horizon/conf/runtime-config.properties
5. Edit the line that was added earlier to analytics.replication.peers=https://LB_FQDN_of_primary_cluster
6. Restart IDM Service on node -> service horizon-workspace restart.
7. Navigate to vSphere, right click VM and reconnect NIC.
8. Log into VM cli and type reboot to reboot VM
9.Ensure VM is pointing to correct NTP server
10.Ensure forward and reverse lookup are configured correctly for the VM
11Secondary Data Center - Node 3Import OVF1. Log into vSphere and right click host where VM is to be deployed. Select Deploy OVF Template
2. Ensure correct values are entered (name, compute resource, storage, IP, gateway, netmask, etc…).
3. MAKE SURE TO DISCONNECT NIC BEFORE POWERING ON VM
4. Edit the /usr/local/horizon/conf/runtime-config.properties file. -> vi /usr/local/horizon/conf/runtime-config.properties
5. Edit the line that was added earlier to analytics.replication.peers=https://LB_FQDN_of_primary_cluster
6. Restart IDM Service on node -> service horizon-workspace restart.
7. Navigate to vSphere, right click VM and reconnect NIC.
8. Log into VM cli and type reboot to reboot VM
9.Ensure VM is pointing to correct NTP server
10.Ensure forward and reverse lookup are configured correctly for the VM
12Secondary SiteEnsure Elastic Search functional1. Verify cluster is setup correctly -> curl 'http://localhost:9200/_cluster/health?pretty' -> make sure status is greenCluster may not be in green state, if so please proceed forward with the next step.
13vIDM Admin ConsoleEdit Cluster ID1. Log into vIDM Admin console and ensure that Cluster IDs for primary sites match. Six(6) nodes should be shown
2. Edit the Cluster ID for site 2 and set to them to a unique value, make sure it matches the value for all nodes in secondary site nodes.
14Secondary SiteEnsure Elastic Search functional1. Verify cluster is setup correctly -> curl 'http://localhost:9200/_cluster/health?pretty' -> make sure status is green
Note: If elastic search is not in green state shut down all three nodes bring up one node at a time (wait 10 minutes in between)
15vIDM Admin ConsoleCheck overall Cluster Health1. In the VMware Identity Manager console, select the Dashboard > System Diagnostics Dashboard tab
2. For each instance listed in the left pane, scroll down to the Integrated Components section and verify that the Elastic search and Ehcache cluster information is correct.
3. Ensure both cluster(s) are now in Green for Elastic search
16Secondary Data CenterInstall Connector1. Login to vIDM admin portal and navigate to Identity & Access Management>Setup and click in Add Connector
2. Enter a Connector name and click on Generate Activation Code
3. Copy and save the highlighted code which will be used for activating connector.
4. Click on Ok, you will see one connector which is in “Connector not activated“
5. Login to connector Machine which is a Windows server based VM and launch the Connector executable.
6. Navigate through install wizard which will prompt you to launch configuration page. Click yes
7. Set admin password then paste the connector Activation Code which you generated in VMware Identity Manager and click Continue
8. You will see a Setup is Complete screen once connector is successfully activated
17Secondary Data Center ConnectorConfigure ConnectorLogin to Connector (https://:8443/cfg) 
18Secondary Data CenterEnsure Connector Configured Successfully1. Login to vIDM admin portal and ensure connector is visible
18Secondary Data Center - Original Cloned NodeConvert Secondary Site to Read only mode1. Using a ssh client, log in to the VMware Identity Manager appliance as the root user.
2. Open the /usr/local/horizon/conf/runtime-config.properties file.
3. Configure the VMware Identity Manager appliance to have read-only access by adding the following line "read.only.service=true"
4. Add the Following Line "cache.service.type=ehcache
Note:cache.service.type=ehcache is required if you set read.only.service=true. If read.only.service=false, then the default is cache.service.type=rds"
5.Save the File
6. Restart the Tomcat server on the appliance -> service horizon-workspace restart
7. Ensure elastic search is green before continuing
19Secondary Data Center - Node 2Convert Secondary Site to Read only mode1. Using a ssh client, log in to the VMware Identity Manager appliance as the root user.
2. Open the /usr/local/horizon/conf/runtime-config.properties file.
3. Configure the VMware Identity Manager appliance to have read-only access by adding the following line "read.only.service=true"
4. Add the Following Line "cache.service.type=ehcache
Note:cache.service.type=ehcache is required if you set read.only.service=true. If read.only.service=false, then the default is cache.service.type=rds"
5.Save the File
6. Restart the Tomcat server on the appliance -> service horizon-workspace restart
7. Ensure elastic search is green before continuing
20Secondary Data Center - Node 3Convert Secondary Site to Read only mode1. Using a ssh client, log in to the VMware Identity Manager appliance as the root user.
2. Open the /usr/local/horizon/conf/runtime-config.properties file.
3. Configure the VMware Identity Manager appliance to have read-only access by adding the following line "read.only.service=true"
4. Add the Following Line "cache.service.type=ehcache
Note:cache.service.type=ehcache is required if you set read.only.service=true. If read.only.service=false, then the default is cache.service.type=rds"
5.Save the File
6. Restart the Tomcat server on the appliance -> service horizon-workspace restart
7. Ensure elastic search is green before continuing

 

You might be interested in …

NTP configuration on multiple ESXi hosts via PowerCLI

VMware

As you might know, keeping our ESXi hosts’ date and time accurate is very critical. To prevent having an inaccurate time configuration we can use the NTP server in our environment.A few days ago, I faced a question about NTP configuration in the vSphere environment and how to set NTP configuration on many ESXi hosts. […]

Read More

Workspace ONE Access Log Files and Location

VMware, Workspace ONE Access

Workspace ONE Access Logs and Config File location I came across many times with my customers asking about the logs file location and config file for VMware Workspace ONE Access. Below table has most useful log file location and config file that Engineers and admin should know about and will be helpful to troubleshoot WS1 […]

Read More

Install and configure VMware PowerCLI version 10

Home, VMware

VMware PowerCLI is a collection of Windows Powershell modules that are used to manage and maintain a VMware virtual environment. VMware PowerCLI contains modules of cmdlets based on Microsoft PowerShell for automating vSphere, VMware Site Recovery Manager,vSphere Automation SDK, vCloud Director, vCloud Air, vSphere Update Manager, vRealize Operations Manager, VMware Horizon, NSX-T, and VMware Cloud on AWS administration. VMware PowerCLI provides a PowerShell interface to the VMware product […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *