Access on-prem install

A quick and dirty install overview for VMware Access / Identity Manager, this will be a single node and is intended for the home lab environment to enable testing and understanding of the base technology, for production we would need greater care to be taken for pre req's and sizing for example Reverse DNS and a true Access Cluster.

Database

This is done via a script run in SQL management studio please see VMware official documentation for the latest version:

- Launch SQL Management Studio and open New Query 


- Copy the script from VMware and paste them in the query window (there are multiple options available based on required authentication type)
- The copied information then needs to be edited in line with the instructions included with it
- Execute

Appliance

- Head over to the VMware resource portal and download the OVA
- using your vSphere client use the deploy OVF Template action
- When selecting template browse to the downloaded OVA
- Add name and location to continue through the template guide
- For this I am using Thin Provisioning 
- Network I am sitting this behind my PFsense Appliance
- You should now be presented with additional networking properties for this homelab install I will only set the hostname and leave everything else blank and will commit DNS setting on the PFsense side of the house as I will also need to set the HAProxy details on it anyway.
- Finish

Once it's build, power it on and give it some time

Head on over to the URL indicated please be aware this does need to be accessed via name and not IP else the remaining steps will fail.

- Set passwords for the Admin, Root and SSH accounts
- Now we connect to our DB so toggle to External Database
- Depending on the DB query used to create your connection string might differ here but refer to VMware documentation for further details
- (my lab used string example) jdbc:sqlserver://DBIPADDRESS;DatabaseName=saasdb
- Username and password outlined in the original query 
- Note if DB authentication fails check the created user > perhaps reset password and password enforced options etc.
- If the connection is successful continue and wait for DB setup / initialization to complete

Success 

You now have an Access node up and running you can log into if you have followed the mess of steps above you should see the health status complains about reverse lookup not being found for me I added a host override on PFsense in the DNSResolver Service explicitly for this Access node and a HAproxy entry to finalize my install so it is externally available.

Additional note regarding Certs: if using CertifyTheWeb certificate tool outlined in another post the certificate might fail here as it does not chain to root, to resolve this open MMC and add certificate snap in, export your wild card cert with full chain option this will then allow a successful import of the certificate into Access

This article was updated on March 31, 2021