WilliamLam.com

Quick Tip - Easily host VMware Cloud Foundation (VCF) Offline Depot using Python SimpleHTTPServer with Authentication

by // Leave a Comment

In IT, you never know when you need to quickly spin up a web server for hosting files ... One of my favorite and super easy way to do this is by leveraging Python's SimpleHTTPServer which can immediately serve files within a directory with this 1-liner:

python -m http.server 9000

This certainly beats standing up a full blown web server if you just need GET and HEAD operations.

If you do not require authentication for serving your files, then this solution fits the bill perfectly! However, if you require authentication, then I typically resort to deploying a full blown web server and use .htaccess to manage users and passwords.

For customers that have a need to host a VMware Cloud Foundation (VCF) offline depot or any VMware-based offline depot, the solution will typically require a web server due to the authentication requirements. With that said, I have recently been using an alternative method, especially if you just need to quickly host some files for say an upgrade or deployment.

[Read more...]

Passwordless login to vCenter Server or VMware Cloud Foundation (VCF) using Apple Face ID or Yubico YubiKey

by // Leave a Comment

After spending some time playing with a couple of self-hosted Identity Providers solutions like Authentik and Keycloak for use with vCenter Server Identity Federation, I was curious about their Multi-Factor Authentication (MFA) support. Specifically, I was interested in their WebAuthn capabilities, which should allow me to use the popular Yubico YubiKey for passwordless authentication into my VMware environment. 😊


It is also important to mention, today vCenter Server Identity Federation officially supports the following IdPs listed below, all of which have support for the YubiKey (linked below is the official Yubico documentation for each IdP from Yubico's website):

If you are already consuming one of these IdPs, you already have the ability to to use a YubiKey or other supported WebAuthn device for passwordless login! For VMware Cloud Foundation (VCF) customers, Identity Federation is also supported with the same IdPs as it relies on the VCF Management Domain vCenter Server, so this would allow you to login to SDDC Manager using YubiKey as an example.

I have never used a YubiKey before, so this was going to be a new adventure for me as well as playing with the WebAuthn protocol which is also new for me. I really like the UX of Authentik, which provides a seamless experience and with built-in support for SCIM, the choice was easy for the IdP I would choose for this experiment.

[Read more...]

vSAN ESA HCL hardware mock VIB for Nested ESXi

by // 1 Comment

Whether you are configuring vSAN Express Storage Architecture (ESA) directly from vCenter Server or from VMware Cloud Foundation (VCF), the underlying ESXi hardware is automatically validated against the vSAN ESA Hardware Compatibility List (HCL) to ensure that you are using supported vSAN hardware.

In the case of vCenter Server, you can simply ignore the HCL warnings and accept the risks and proceed with the configuration but when using VCF, the operation is blocked to ensure customers have a good experience when selecting vSAN ESA when deploying a VCF Management or Workload  Domain.


With that said, there is workaround where you can create your own custom vSAN ESA HCL JSON based on the hardware that you have and then upload that to either Cloud Builder for setting up a new VCF Management Domain or to SDDC Manager for deploying a new VCF Workload Domain, which I have blogged about HERE and HERE.

The use of Nested ESXi is a very popular way to deploy VCF, especially if you are new to solution and allows you to easily experiment and learn. More recently, I have noticed an uptick in the interests for deploying VCF with vSAN ESA and while you can certainly generate a custom vSAN ESA HCL as mentioned earlier, the process still requires some effort and in some situations the vSAN ESA HCL could get overwritten leading some frustration in debugging.

After helping some folks debug their VCF environments recently, I was thinking about a better experience and leveraging another technique that may not be very well known externally ...

UPDATE (02/03/25) - This solution can also be used for a physical ESXi deployment for use with vSAN ESA and VCF.

[Read more...]