New Simplified Disaster Recovery Architecture for Workspace ONE Access (formerly known as VMware Identity Manager)
(And in case you haven’t heard, Workspace ONE Access is the new name for what used to be called VMware Identity Manager. See Why we renamed VMware Identity Manager to Workspace ONE Access and VMware Identity Manager is now Workspace ONE Access for the inside scoop on the name change!)
Disaster recovery is a critical part of any security plan to protect you from any negative events that might happen. In an ideal plan, your system continues to maintain – or very quickly resumes – all vital operations no matter when, or if, disaster strikes.
But effective disaster recovery plans can be costly and complex. VMware Site Recovery Manager is a much simpler way of achieving disaster recovery using a secondary datacenter.
How does VMware Site Recovery Manager work?
As before, Workspace ONE Access achieves High Availability by using a 3-node cluster in a primary datacenter. VMware Site Recovery Manager automatically orchestrates failover and fail-back procedures to a secondary datacenter, all to minimize downtime.
VMware Site Recovery Manager is supported by Workspace ONE Access (aka VMware Identity Manager) version 3.3 and later.
VMware Site Recovery Manager supports both a 3-node cluster and a single node Workspace ONE Access implementation. The single node implementation is mostly targeting use cases where NSX-T and other SDDC components are utilizing Workspace ONE Access for login.
The first implementation of this support requires a spanned layer 2 network between the two datacenters. The same IP-addresses are used by the Workspace ONE Access machines in both datacenters.
What are the benefits?
Benefits are many. For one thing, Workspace ONE Access Disaster Recovery is now simpler to set up, because you don’t need to set up the secondary data center. It is also simpler to maintain, because there are no manual steps after failover and read/write mode. And it is simpler to fail over and to fail back, because SRM has those capabilities built in as well.
In addition, Site Recovery Manager protects all components, such as the external MS SQL database, and Workspace ONE Access nodes, as well as the Workspace ONE Access Connectors.
You can still use the older methods of achieving multi-site Disaster Recovery. These tried-and-true methods are still supported and fully described in VMware Workspace ONE and VMware Horizon Reference Architecture, available on Tech Zone.
Support for vSphere High Availability
I’m also excited to introduce the support for vSphere High Availability (HA). vSphere HA can be used to simplify the support of the 3-node cluster.
If you want to learn more, check out my VMworld session: DEE1020BU How to Architect VMware Identity Manager. Or go all the way and Become a Workspace ONE Access Hero!