vSphere

Quick Tip - Multi-Factor Authentication (MFA), IP Address Range & Source Domain restrictions available for all VMware Cloud Services

02.28.2023 by William Lam // Leave a Comment

A lesser known capability of the VMware Cloud Console is that we support a number of different authentication policies that can be configured to provide more secure access and/or restrict who can access the different VMware Cloud Services like VMware Cloud on AWS, vSphere+, vSAN+, VMware Cloud Foundation+ or ANY other VMware Cloud Service for that matter within your VMware Cloud Organizations(s)!

To configure the authentication policies, you will need to have the Organization Admin role and then click on "View Organization" under your user name and then navigate to Organization->Authentication Policy. In addition to configuring Multi-Factor Authentication (MFA), users also have the option of configuring IP Address Range (allow/deny rules) and Source Domain (allow) restriction policies as shown in the screenshots below.

For more details, please refer to the official VMware Cloud Services documentation on configuring these different authentication policies.

Lastly, you can also configure Enterprise Federation which allows you to login to the VMware Cloud Console using your desired identity provider, which is another frequently asked question.

Logging into vCenter when vCenter Cloud Gateway (VCGW) is disconnected from vSphere+ Cloud Service

02.22.2023 by William Lam // 2 Comments

As part of setting up access to the vSphere+ / vSAN+ Cloud Service, a vCenter Cloud Gateway (VCGW) is deployed into your on-premises infrastructure and serves as a gateway between your vCenter Server(s) and the VMware Cloud Console.

If the VCGW has connectivity issues to the VMware Cloud Console for whatever reason, your infrastructure and workloads continue to run but you will not be able to perform any operations through the VMware Cloud Console until connectivity is restored.

However, if you attempt to login into your on-premises vCenter Server(s) using the vSphere UI, you may be surprised to find the following error message.

The message may looking alarming at first about not being able to login, but can still login even if connectivity between the VCGW and VMware Cloud Console has been lost.

While I will agree the user experience may not very intuitive, the hint is in the URL link below where it says "Still having connection problems?"

[Read more...]

VMware Cloud Foundation with a single ESXi host for Management Domain?

02.21.2023 by William Lam // 2 Comments

By default, VMware Cloud Foundation (VCF) requires a minimum of 4 ESXi hosts to construct the Management Domain which is fine for a production environment, but it can be a challenge for those interested in explore VCF in a homelab setting.

I recently came to learn about a really cool tidbit from one of our VCF Engineers on how you can actually deploy a VCF Management Domain using just a single ESXi host, ideal for a homelab setup! 😍

Not only could this benefit users in deploying a physical VCF setup but it would also benefit anyone using my Automated Lab Deployment Script for VCF, which makes it super easy by leveraging my Nested ESXi Virtual Appliance VMs.

In fact, that was how I quickly verified this trick works using my VCF automation script 😀

The way that this work is a configuration change to Cloud Builder to tell it to allow a single ESXi host to be used and it will simply setup a single node vSAN Cluster, which is typically how you would bootstrap if you were doing a greenfield deployment. The only difference here is that instead of adding additional 3 x ESXi hosts to provide redundancy for Management Domain, it simply is relaxing that requirement and thus allowing for a single ESXi host. vSAN is still a requirement for VCF Management Domain, so ensure you can meet those requirements still.

[Read more...]