After completing a VMware Cloud Foundation (VCF) 9.1 deployment using the VCF Installer UI, users can view and download the auto-generated passwords for all VCF components before exiting the deployment workflow and logging into VCF Operations.
What if you forgot to make a note of the passwords? 😅
The majority of VMware Cloud Foundation 9.1 components can automatically be configured when enabling VCF Single Sign-On (SSO), with the exception of VCF Operations HCX, Log Management (formally VCF Operations for Logs) and VCF Operations for Networks.
These additional VCF components can still be configured to use VCF SSO, however users must first create a new OIDC Client Application from the VCF Identity Broker before completing the VCF SSO configuration for those respective components.
This ability to create custom OIDC Client Application from the VCF Identity Broker brings up an interesting capability for those using vSphere Supervisor and have not deployed VCF Automation (VCFA). vSphere Supervisor can support external identity federation and you would typically create an OIDC Client from your identity provider (e.g. Keycloak). For simplicity purposes, especially for lab or PoC purposes, you could take advantage of the VCF Identity Broker to simply use it as the IdP for vSphere Supervisor and get the benefit of having a single OIDC Client from your IdP.
Note: When VCFA is deployed and configured to use your vSphere Supervisor, it actually becomes the IdP interface where you would then configure your external IdP within VCFA Tenant Portals and VCF Identity Broker is not involved at all to cleanly separate infrastructure configuration from tenant configurations.
With the first Expression Patch (9.1.0.0100) now available for VMware Cloud Foundation (VCF) 9.1, I was wondering about version selection behavior (UI and API/JSON) within the VCF Installer.
The VCF Installer UI will automatically select the latest VCF release (e.g. 9.1.0) along with the latest available patch version for each VCF component (e.g. 9.1.0.0100). As shown in the screenshot below, not every component has an EP01 release, but the VCF Installer automatically selects the most recent version, which is exactly the behavior I would expect as a user.
If you need to override a specific component version, you can select from the available drop down.