WilliamLam.com

vCenter Server Identity Federation with Pocket ID

by // Leave a Comment

Having explored various OIDC identity providers, including Authentik, KeyCloak and Synology SSO, I recently came across Pocket ID, a super basic OIDC provider. Instead of using traditional username and passwords, Pocket ID only supports passkeys authentication based on the WebAuthn standard, which means you can login to your vCenter Server or VMware Cloud Foundation (VCF) environment using a physical device like a Yubico YubiKey or Apple Face ID.


Disclaimer: Pocket ID is not an officially supported vCenter Server IdP, please use at your own risk.

[Read more...]

Quick Tip - Which vCenter Server Key Provider (KMS) is a VM using?

by // 2 Comments

vCenter Server requires a Key Management Service (KMS) for enabling VM Encryption, vTPM, or vSAN Encryption. Users have the choice of configuring the embedded Native Key Provider (NKP) built into vCenter Server and/or use an external KMS with the Standard Key Provider (SKP) option.


If you have more than one KMS configured in vCenter Server, you can specify one of the KMS key providers to be your default, which will automatically be used for any KMS-related activities. You can switch between the default KMS key provider and you can certainly specify a specific KMS key provider when using the vSphere API to provision a VM that will leverage VM encryption.

So how do you figure out which KMS key provider a VM is using?

[Read more...]

Quick Tip - VMware Cloud Foundation (VCF) Bringup fails without persistent ESX-OSData

by // 5 Comments

You will never run into this problem if you follow current recommended practices to install the ESX-OSData volume on a persistent storage device that could either be dedicated and/or co-located your ESXi installation.

For those deploying VMware Cloud Foundation (VCF) in a lab environment, you might attempt to reserve the limited number of storage devices for use with vSAN and decide to install ESXi on a USB device, which is perfectly fine but if you do not select a persistent storage device for the ESX-OSData volume, then it will default to use the ESXi ramdisk.

I recently observed that if you have such a configuration, the VCF Cloud Builder Bringup process will fail after attempting (three times) to re-deploy the vCenter Server Appliance (VCSA).


As you can see from the screenshot above,  VCF Cloud Builder UI does not provide any details and ask users to look at the vCenter Server installation logs.

[Read more...]