vSphere Supervisor

VCF 9.1 - Configuring vSphere Supervisor to use VCF Identity Broker (IDB) for External Identity Federation

06.08.2026 by William Lam // Leave a Comment

The majority of VMware Cloud Foundation 9.1 components can automatically be configured when enabling VCF Single Sign-On (SSO), with the exception of VCF Operations HCX, Log Management (formally VCF Operations for Logs) and VCF Operations for Networks.

These additional VCF components can still be configured to use VCF SSO, however users must first create a new OIDC Client Application from the VCF Identity Broker before completing the VCF SSO configuration for those respective components.

This ability to create custom OIDC Client Application from the VCF Identity Broker brings up an interesting capability for those using vSphere Supervisor and have not deployed VCF Automation (VCFA). vSphere Supervisor can support external identity federation and you would typically create an OIDC Client from your identity provider (e.g. Keycloak). For simplicity purposes, especially for lab or PoC purposes, you could take advantage of the VCF Identity Broker to simply use it as the IdP for vSphere Supervisor and get the benefit of having a single OIDC Client from your IdP.

Note: When VCFA is deployed and configured to use your vSphere Supervisor, it actually becomes the IdP interface where you would then configure your external IdP within VCFA Tenant Portals and VCF Identity Broker is not involved at all to cleanly separate infrastructure configuration from tenant configurations.

[Read more...]

VCF 9.1 - Unable to fetch plugin metadata for VCF Consumption CLI

05.13.2026 by William Lam // Leave a Comment

I recently came across an issue while syncing the VCF Consumption CLI plugins, it would always show the following attempting to fetch 9.0.1 plugin even though my VMware Cloud Foundation (VCF environment was already at 9.1.

> vcf plugin sync

[i] The vcf cli essential plugins have not been installed and are being installed now. The install may take a few seconds.
[i] Installing plugins from plugin group 'vmware-vcfcli/essentials:v9.0.1'
[x] Failed to install plugin 'telemetry:v9.0.1'
[!] unable to install plugin 'telemetry': unable to fetch the plugin metadata for plugin "telemetry": unable fetch plugin binary: Collecting images: GET https://projects.packages.broadcom.com/v2/vcf/vcf-cli-plugins/ga/vmware/vcfcli/darwin/amd64/telemetry/manifests/v9.0.1: MANIFEST_UNKNOWN: The named manifest is not known to the registry.; map[manifest:vcf/vcf-cli-plugins/ga/vmware/vcfcli/darwin/amd64/telemetry]

[!] No active contexts available to perform plugin sync

After reaching out to Engineering, I came to learn that the behavior of the VCF Consumption CLI in 9.1 has changed and no longer pulls from the Broadcom public repository. Users can either download the VCF Consumption Plugins and relocate the OCI images into their own container registry or for an air-gapped environment, the plugins can also be installed locally.

I opted for second option for simplicity sake even though I do have Harbor Container Registry running.

[Read more...]

Creating Custom Virtual Machine Classes using vSphere API

03.24.2026 by William Lam // Leave a Comment

Back in 2020, the vSphere UI was the only way to create your own custom Virtual Machine Classes, there was not a vSphere API and while you can directly connect to vSphere Supervisor Control Plane, it was not officially supported 🙂

With the release of vSphere 7.0 Update 2, the vSphere Automation REST API has been enhanced to include APIs for managing VM Classes.

A question recently came up about automating custom VM Classes. While the user referenced my earlier blog post, I realized I had not revisited this topic using the updated vSphere REST API. This was a great opportunity to provide a working example and timely, as I had just got access to Cursor.

[Read more...]