WilliamLam.com

VCF 9.1 - Configuring vSphere Supervisor to use VCF Identity Broker (IDB) for External Identity Federation

by // Leave a Comment

The majority of VMware Cloud Foundation 9.1 components can automatically be configured when enabling VCF Single Sign-On (SSO), with the exception of VCF Operations HCX, Log Management (formally VCF Operations for Logs) and VCF Operations for Networks.

These additional VCF components can still be configured to use VCF SSO, however users must first create a new OIDC Client Application from the VCF Identity Broker before completing the VCF SSO configuration for those respective components.

This ability to create custom OIDC Client Application from the VCF Identity Broker brings up an interesting capability for those using vSphere Supervisor and have not deployed VCF Automation (VCFA). vSphere Supervisor can support external identity federation and you would typically create an OIDC Client from your identity provider (e.g. Keycloak). For simplicity purposes, especially for lab or PoC purposes, you could take advantage of the VCF Identity Broker to simply use it as the IdP for vSphere Supervisor and get the benefit of having a single OIDC Client from your IdP.

Note: When VCFA is deployed and configured to use your vSphere Supervisor, it actually becomes the IdP interface where you would then configure your external IdP within VCFA Tenant Portals and VCF Identity Broker is not involved at all to cleanly separate infrastructure configuration from tenant configurations.

[Read more...]

VCF 9.1 - Quick Tip: Understanding VCF Installer Default Behavior for VCF Patch Releases

by // 1 Comment

With the first Expression Patch (9.1.0.0100) now available for VMware Cloud Foundation (VCF) 9.1, I was wondering about version selection behavior (UI and API/JSON) within the VCF Installer.

The VCF Installer UI will automatically select the latest VCF release (e.g. 9.1.0) along with the latest available patch version for each VCF component (e.g. 9.1.0.0100). As shown in the screenshot below, not every component has an EP01 release, but the VCF Installer automatically selects the most recent version, which is exactly the behavior I would expect as a user.


If you need to override a specific component version, you can select from the available drop down.

[Read more...]

VCF 9.1 - Quick Tip: Upgrading ESX Hosts with Non-Certified vSAN ESA NVMe Devices in SDDC Manager

by // Leave a Comment

I recently started rolling out the latest VMware Cloud Foundation (VCF) 9.1 Express Patch 1 (9.1.0.0100) into my lab environment, and everything had been going quite smoothly. After successfully upgrading vCenter Server and NSX earlier this morning, I moved on to my ESX hosts. Since I always run the pre-checks before kicking off an upgrade, I immediately noticed the following error message, which prevented me from proceeding further within SDDC Manager:

vSAN health test 'NVMe device is VMware certified' reported an issue for cluster 'VCF-Mgmt-Cluster'. Detailed error message: The NVMe device is not listed in the VMware Compatibility Guide (VCG).


I immediately recognized the error message and the solution, especially having spent far too much time experimenting with NVMe devices that are NOT on the vSAN ESA BCG in my lab environment. 😅

Note: This workaround is NOT required if you are using supported NVMe devices for vSAN ESA

[Read more...]