Senior Staff Architect, End User Computing, VMware.
Peter specializes in Identity and Access Management. He's widely appreciated as a speaker at events like VMworld, VMUG and vFORUM. He is the author of two books as well as numerous white papers and blog posts. When the work day is over, Peter volunteers as a Scout leader for the local Sea Scout troop outside Stockholm, Sweden.

New Simplified Disaster Recovery Architecture for Workspace ONE Access (formerly known as VMware Identity Manager)

August 20, 2019

New Simplified Disaster Recovery Architecture for Workspace ONE Access (formerly known as VMware Identity Manager)

I’m excited to announce our new offering of VMware Site Recovery Manager (SRM), together with vSphere Replication or storage array replication for Disaster Recovery for Workspace ONE Access.

(And in case you haven’t heard, Workspace ONE Access is the new name for what used to be called VMware Identity Manager. See Why we renamed VMware Identity Manager to Workspace ONE Access and VMware Identity Manager is now Workspace ONE Access for the inside scoop on the name change!)

Disaster Recovery Architecture

Disaster recovery is a critical part of any security plan to protect you from any negative events that might happen. In an ideal plan, your system continues to maintain – or very quickly resumes – all vital operations no matter when, or if, disaster strikes.

But effective disaster recovery plans can be costly and complex. VMware Site Recovery Manager is a much simpler way of achieving disaster recovery using a secondary datacenter.

How does VMware Site Recovery Manager work?

As before, Workspace ONE Access achieves High Availability by using a 3-node cluster in a primary datacenter. VMware Site Recovery Manager automatically orchestrates failover and fail-back procedures to a secondary datacenter, all to minimize downtime.

Site Recovery Manager

VMware Site Recovery Manager is supported by Workspace ONE Access (aka VMware Identity Manager) version 3.3 and later.

VMware Site Recovery Manager supports both a 3-node cluster and a single node Workspace ONE Access implementation. The single node implementation is mostly targeting use cases where NSX-T and other SDDC components are utilizing Workspace ONE Access for login.

The first implementation of this support requires a spanned layer 2 network between the two datacenters. The same IP-addresses are used by the Workspace ONE Access machines in both datacenters.

What are the benefits?

Benefits are many. For one thing, Workspace ONE Access Disaster Recovery is now simpler to set up, because you don’t need to set up the secondary data center. It is also simpler to maintain, because there are no manual steps after failover and read/write mode. And it is simpler to fail over and to fail back, because SRM has those capabilities built in as well.

In addition, Site Recovery Manager protects all components, such as the external MS SQL database, and Workspace ONE Access nodes, as well as the Workspace ONE Access Connectors.

You can still use the older methods of achieving multi-site Disaster Recovery. These tried-and-true methods are still supported and fully described in VMware Workspace ONE and VMware Horizon Reference Architecture, available on Tech Zone.

Support for vSphere High Availability

I’m also excited to introduce the support for vSphere High Availability (HA). vSphere HA can be used to simplify the support of the 3-node cluster.

Next steps

If you want to learn more, check out my VMworld session: DEE1020BU How to Architect VMware Identity Manager. Or go all the way and Become a Workspace ONE Access Hero!

 

August 20, 2019

Senior Staff Architect, End User Computing, VMware.
Peter specializes in Identity and Access Management. He's widely appreciated as a speaker at events like VMworld, VMUG and vFORUM. He is the author of two books as well as numerous white papers and blog posts. When the work day is over, Peter volunteers as a Scout leader for the local Sea Scout troop outside Stockholm, Sweden.