VSAN

Quick Tip - Multi-Factor Authentication (MFA), IP Address Range & Source Domain restrictions available for all VMware Cloud Services

02.28.2023 by William Lam // Leave a Comment

A lesser known capability of the VMware Cloud Console is that we support a number of different authentication policies that can be configured to provide more secure access and/or restrict who can access the different VMware Cloud Services like VMware Cloud on AWS, vSphere+, vSAN+, VMware Cloud Foundation+ or ANY other VMware Cloud Service for that matter within your VMware Cloud Organizations(s)!

To configure the authentication policies, you will need to have the Organization Admin role and then click on "View Organization" under your user name and then navigate to Organization->Authentication Policy. In addition to configuring Multi-Factor Authentication (MFA), users also have the option of configuring IP Address Range (allow/deny rules) and Source Domain (allow) restriction policies as shown in the screenshots below.

For more details, please refer to the official VMware Cloud Services documentation on configuring these different authentication policies.

Lastly, you can also configure Enterprise Federation which allows you to login to the VMware Cloud Console using your desired identity provider, which is another frequently asked question.

VMware Cloud Foundation with a single ESXi host for Management Domain?

02.21.2023 by William Lam // 2 Comments

By default, VMware Cloud Foundation (VCF) requires a minimum of 4 ESXi hosts to construct the Management Domain which is fine for a production environment, but it can be a challenge for those interested in explore VCF in a homelab setting.

I recently came to learn about a really cool tidbit from one of our VCF Engineers on how you can actually deploy a VCF Management Domain using just a single ESXi host, ideal for a homelab setup! 😍

Not only could this benefit users in deploying a physical VCF setup but it would also benefit anyone using my Automated Lab Deployment Script for VCF, which makes it super easy by leveraging my Nested ESXi Virtual Appliance VMs.

In fact, that was how I quickly verified this trick works using my VCF automation script 😀

The way that this work is a configuration change to Cloud Builder to tell it to allow a single ESXi host to be used and it will simply setup a single node vSAN Cluster, which is typically how you would bootstrap if you were doing a greenfield deployment. The only difference here is that instead of adding additional 3 x ESXi hosts to provide redundancy for Management Domain, it simply is relaxing that requirement and thus allowing for a single ESXi host. vSAN is still a requirement for VCF Management Domain, so ensure you can meet those requirements still.

[Read more...]

How to check if your vCenter Server is using vSphere+ / vSAN+ Subscription?

02.14.2023 by William Lam // Leave a Comment

Once a vCenter Server has been converted to a vSphere+ and/or vSAN+ subscription, entitlements and usage for both vCenter Server and their respective ESXi hosts is all managed through the use of VMware Cloud Console as shared in this recent blog post.

If you are logged into your vCenter Server, how do you check whether it is using a vSphere+ / vSAN+ subscription or not?

Using the vSphere UI, you will see a new Subscription entry on the left hand side when selecting the vCenter Server inventory under Configure->Settings->Subscription which will indicate that this vCenter Server is using vSphere+ / vSAN+ subscription. You will also find a similiar UI entry for each ESXi host that is managed by that vCenter Server, but this is actually irrelevant because all ESXi hosts are automatically subscribed once you have converted your vCenter Server to subscription.

How about checking whether a vCenter Server is using a subscription via Automation?

[Read more...]