to configure KEMP load balancer for VMware Workspace One Access (old Name VMware Identity manager vIDM)):
- You need the below certificates :
- KEMP Load balancer Root Certificate (if you configured Kemp to use your Public certificate as Wild card it will be your root certificate of the public certificate )
- All the Intermediate Certificate
- VMware Workspace One Access root certificate (you can get it from appliance Configuration, Install SSL Certificate )
- Be sure to have it in PEM format
in my case im using vIDM self-sign certificate and in vIDM ,be sure to import the KEMP load balancer root certificate under trusted CA, however you can use certificate generated from your local CA but you need to generate CSR file from vIDM then generate certificate and install it with the full chain in vIDM prior these step )
- Import all of the above certificates :
- under “Certificate and Security” Intermediate Certificates
- import all of the above certificates
- Configure Virtual Servers
The following are the steps involved and the recommended settings to configure the VMware Identity Manager Virtual
1. In the main menu of the LoadMaster Web User Interface (WUI), go to Virtual Services > Add New.
2. Type a valid Virtual Address.
3. Type 443 as the Port.
4. Enter a recognizable Service Name, such as VMware Identity Mgr.
5. Click Add this Virtual Service.
6. Configure the settings as recommended in the following table:
| Section | Option | Value | Comments |
| SSL Properties | SSL Acceleration | Enabled | |
| Reencrypt | Enabled | ||
| Supported Protocols | TLS1.0; TLS1.1; TLS1.2; TLS1.3 | While this workload may not support TLS1.3 yet, Kemp recommend enabling it for future proofing. | |
| Cipher Set | Best Practices | ||
| Standard Options | Persistence Mode | Active Cookie | |
| Timeout | 1 Hour | ||
| Cookie name | JSESSIONID | ||
| Scheduling Method | least connection | ||
| Advanced Properties | Add a Port 80 redirector VS | https://%h%s | Click the Add HTTP Redirector button. This automatically creates a redirect on port 80. |
| Real Servers | URL | / | |
| HTTP Method | GET | ||
| Real Server Check Method | ICMP |
7. Add the Real Servers:
a) Expand the Real Servers section.
b) Click Add New.
c) Type the address of the relevant Real Server.
d) Type 443 as the Port.
e) Complete the other fields as required.
f) Click Add this Real Server then click OK to the pop-up message.
g) Repeat the steps above to add more Real Servers as needed, based on your environment.
Create a HTTPS – Connection Server HTTPS HTTP Redirect Virtual Service
Clicking the Add HTTP Redirector button automatically creates a port 80 redirect Virtual Service. This is optional, but the purpose of this Virtual Service is to redirect any clients who have connected using HTTP to the HTTPS Virtual Service. Kemp also recommends changing the Persistence Mode and Real Server Check Method to None.
[…] vHussam’s blog for Kemp LB configuration for VMware Workspace One access […]