VIDM  – Change IP address

Last modified date

Since I am reorganizing my homenetwork, I wanted to move the Aria Products in their own network and created an extra VLAN with another IP subnet. After describing my experience with changing the IP address for Aria Automation in a [previous blog], in this blog I will share my experience with changing the IP address of my VIDM appliance. In most newer documentation VIDM is referred to as Workspace One Access (WSOA), but for me this is still VMware Identity Manager. The starting situation is as follows:

  • Single Node, non-clustered VIDM 3.3.7 with CSP-97727 applied.
    • Initial deployment started with 3.3.7
  • DNS Name : vidm.infrajedi.local (and some more I had setup from a previous multi-tenancy setup)
  • IP Addresses : 192.168.1.214
  • Certificate : I am using a wildcard certificate (not a best practice), so no changes are needed.
  • Firewall : VIDM is deployed in the same network as vCenter and the rest of the Aria products, no firewall rules configured.

The new IP will be 172.16.2.214. Firewall is opened (for now) to allow traffic between vCenter and Aria Products so no changed needed for me.

In a large / enterprise environment you may need to:

  • Plan time to work together with the team that manages DNS.
  • update and replace Certificates (if you have IP addresses in the SAN)
  • update firewall rules for the new VIDM IP address.

Changing the IP address of the VIDM appliance has a different procedure as the Aria Automation appliances. The VIDM network configuration relies on the vApp Options and Properties configured on the VM in vCenter.

If you don’t see any vApp Options configured, have a look at my Powershell script VIDM-Set-vAPPOptions.ps1 on [github] to restore these options (use at your own risk).

From Aria Suite Lifecycle Manager (ASLCM aka vRSLCM)

  • Run an Inventory Sync on VIDM and make sure everything is healthy.
  • Power Off the VIDM appliance.
  • Create a snapshot of the VIDM appliance (can be done manual as well).

Change the following VIDM vApp Options:

vami.ip0.IdentityManager
vami.netmask0.IdentityManager
vami.gateway.IdentityManager

… by selecting a property and click Set Value

Change the DNS entry to the new IP address (In Infoblox, Active Directory, whatever you use).

Note1: Pay special attention if you are using a multi-tenancy setup!
Note2: Be sure to update PTR records accordingly!

Change the VIDM VM portgroup in vCenter.
Power On the VIDM appliance in vCenter.

If you try to Power On VIDM through Aria Suite Lifecycle Manager it will throw errorcode LCMVSPHERECONFIG1000084, as it is not able to find the VM by it’s IP address.


The next step is to update the Horizon database with the new IP address:

SSH to the VIDM appliance

Lookup the database password with the cat command against the db.pwd file:

root@vidm [ ~ ]# cat /usr/local/horizon/conf/db.pwd
WMDbJHOYyN9hqf2pxr7s43Jj1cxOjUnH

Connect to the database with psql and use the password retrieved in the previous step:

root@vidm [ ~ ]# /opt/vmware/vpostgres/current/bin/psql -U horizon saas
Password for user horizon:
psql.bin (9.6.24 (VMware Postgres 9.6.24.0-20408176 release))
Type "help" for help.
saas=>

Update the IP address in the database by running this query:

update "ServiceInstance" set "IPAddress" = '<newIPAddress>' where "IPAddress" = '<oldIPAddress>’;

saas=> update "ServiceInstance" set "IPAddress" = '172.16.2.214' where "IPAddress" = '192.168.1.214';
UPDATE 0

As you can see, in my case the update command returned 0 where 1 was expected.

Perhaps something new was introduced somewhere, so I checked the value with another psql query:

saas=> select * from "ServiceInstance";
id |                 uuid                 |  IPAddress   |       hostName       |        version         | status | action |       createdDate       |      timestamp      | dataCenterId

----+--------------------------------------+--------------+----------------------+------------------------+--------+--------+-------------------------+---------------------+---

-----------

  2 | 64c2321e-04df-39f5-8fae-b7658531ee9d | 172.16.2.214 | vidm.infrajedi.local | 3.3.7.0 Build 23103647 |      0 |        | 2024-01-19 19:43:47.522 | 1737916877147922846 |         1

(1 row)

saas=> select "IPAddress" from "ServiceInstance";                                                                                                                                 IPAddress

--------------

 172.16.2.214

(1 row)

 Looks like the new IP address is in place.

Close psql with command \q

Restart the horizon service:

/etc/init.d/horizon-workspace restart

Start a browser and login to the VMware Identity Manager to check for errors (It may take some time for the service to be available).

Finally check the VIDM status in Aria Suite Lifecycle.

Login and go to the Global Environment (where VIDM) is deployed. As you can see it still shows the old IP address.

I ran an Inventory Sync which threw another error ASLCM error: LCMCOMMON800014 caused by ASLCM still looking for the old ip address. Simply press Retry and use the Skip Task option to continue.

This can simply be resolved by running an inventory sync after which the new IP address is shown:

That it for this blog. Hope it was useful.


References: https://techdocs.broadcom.com/us/en/vmware-cis/other/vmware-identity-manager/3-3/upgrading-vmware-identity-manager-3-3/changing-the-ip-address-of-an-vmware-identity-manager-3-3-x-appliance.html

Henk Engelsman

1 Response