When vSphere 8.0 Update 1 was released, I noticed an interesting message about containers being installed while deploying the vCenter Server Appliance (VCSA) ...
Interesting ... while runc has been part of the VCSA for a few releases, it looks like it now launches ws1a-broker container in #vSphere80U1 by default ... ws1a-broker = Workspace One Broker? pic.twitter.com/cNVwx2vwFA
— William Lam (@lamw.bsky.social | @*protected email*) (@lamw) April 18, 2023
As shared in the Tweet/X above, it turns out this was for a service called vc-ws1a-broker, which I came to learn was for enabling the new Identity Federation Provider for the VCSA with Okta.
I ended up correctly guessing that the vc-ws1a-broker process was indeed our very own VMware Workspace One Access (WS1A) application but running as a Container workload within the VCSA. In vSphere 8.0 Update 2, support for Microsoft EntraID (formally Azure AD) is now also possible as additional identity provider option.
One important thing to be aware of the vc-ws1a-broker service is that it is configured to be able to consume up to 2GB of memory, as shown using the cloudvm-ram-size utility in the screenshot below.