vIDM: HA for a Small Number of Users

Someone approached me recently with the following question:

I am in the process of integrating vIDM with Log Insight and have a business requirement that vIDM be highly available. Currently, the conceptual design is looking like a 2-node cluster behind a NSX based LB. I will not have more than 15 – 20 admins using vRLI, and I’m therefore wondering if the design requires an external SQL database or not?

What is my recommendation? Read on to learn more!

Preface: I am no vIDM expert, but I have used the product and gone through the documentation. The following information is based on my understanding.

  • My understanding is that vIDM sizing is based on the number of users you sync to vIDM plus how specific you are in specifying the DNs (see documentation here). If you only plan to sync 20 or so users and can specify a user/group DN that is narrowed in scope then I do not believe an external database is required.
  • The next question is can you provide HA/cluster with an internal database? Per the documentation, the answer is yes, though you need to follow a KB.
  • Finally, we get into best practices. Per the documentation, use of an external database is recommended for production environments (it says internal is supported for small environments and other documentation states this is based on the number of users/groups you sync so you should be good).

While not part of the original question, please note that the best practice for VIDM is 3-node minimum for clusters so I would not recommend deploying a 2-node cluster.

© 2017, Steve Flanders. All rights reserved.

Leave a Reply