BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
LAS VEGAS -- VMware Identity Manager supplies authentication and access management features so IT can make computing resources securely available to users.
Identity Manager, part of the Workspace One cloud-based management platform, provides user-based controls for cloud-based, web-based and native mobile applications, plus other types of desktops and applications. The company made two updates to Identity Manager here at VMworld 2016: VMware Verified, which adds support for multifactor authentication, and new integration with Microsoft Office 365 and Active Directory.
Identity Manager now gives IT the ability to connect users to Office 365 based on their current Active Directory membership. For instance, if a user leaves the company and is removed from Active Directory, his or her access to Office 365 is immediately revoked. In previous versions, users could maintain access to Office 365 resources for hours or days, a VMware spokesperson said.
VMworld attendees learned more about how to deploy VMware Identity Manager in a session with Kevin Sheehan, end-user computing architect at the company, who presented the following information:
Organizations can deploy VMware Identity Manager on-premises or as a service based on vCloud Air. The cloud version requires a connector to link vCloud with the organization's data center infrastructure. IT shops that use the cloud service receive more frequent feature updates to the product because VMware delivers updates quarterly in the cloud and typically twice a year for the on-premises version.
Deploy VMware Identity Manager on-premises
The on-premises Identity Manager software is a virtual appliance based on SUSE Linux. If an organization plans to use Identity Manager with ThinApp, a Windows agent is required for each client. And an integration broker is available for IT administrators who want to use Citrix desktops and apps with Identity Manager.
Prerequisites include basics such as Active Directory, a domain name system and the Network Time Protocol, plus a back-end database to support Identity Manager data. VMware's vPostgres database is built into Identity Manager, but organizations may choose to use another existing database that they already manage.
"For ease of installation, you can use the internal database that we ship with the product, and within a couple of hours have Identity Manager up and running," Sheehan said. "For larger deployments, we recommend using SQL."
IT should also have a load balancer for high availability of Identity Manager.
"This is to make sure you can scale and make sure you have a means of egress from outside the environment if you need to get back in," Sheehan said.
To actually install Identity Manager, IT starts by downloading the appliance, and then goes through a deployment wizard, which helps configure administrator accounts and collects licensing information.
IT can set user attributes (usually an email address or user principal name, or a Microsoft attribute such as an object GUID) via Active Directory. Identity Manager uses those attributes to match users to the application and data access permissions IT assigns to them. For instance, IT can set what types of apps users can access with certain levels of authentication, and how users authenticate against those resources.
VMware Identity Manager as a service
To deploy VMware Identity Manager in the cloud, IT goes through these same steps after they sign up for the service. Admins receive a URL to start the initial configuration. They log into and download the connector to link into vCloud Air, and then continue through the wizard to set up the database, load balancing and end-user configurations.
To work with Identity Manager in the cloud, admins can use a service dashboard that provides information about users, what types of apps the system supports and which apps which users can access. It also provides other utilization statistics and user data.
IT can choose which apps to make available to certain users through the Workspace One app catalog. And to keep tabs on the vCloud Air service, the status.vmwareidentity.com website shows in real time if there are any issues or outages happening on VMware's end that might affect an organization's cloud-based Identity Manager deployment.
Check out all the news from the VMworld conference in Las Vegas
What is ID management?
Follow these mobile ID management best practices