WilliamLam.com

Retrieving vCenter Server certificate (Machine, VMCA Root, STS & Trusted Root) details using the vSphere API

09.11.2023 by William Lam // 11 Comments

In the vSphere UI, users can easily view and manage all of their vCenter Server certificates by navigating to Administration->Certificate->Certificate Management as shown in the screenshot below.

There are four types of vCenter Server certificates: Machine SSL, VMware Certificate Authority, STS Signing Certificate and the Trusted Root. On the main summary view, we can see the validity of the certificate, which is useful to quickly determine if you need to plan on replacing a specific certificate. We can also get more information about a specific certificate by clicking on the "View Details".

A question recently came up internally asking whether there is a vSphere API to retrieve all of this information programmatically, especially the validity of the certificate?

[Read more...]

Quick Tip - New remote version of ESXCLI 8.x

09.08.2023 by William Lam // 1 Comment

I was recently made aware of a nice update from our developers that we now have a new version of the remote ESXCLI utility that is much simpler to install across any operating system and is fully backwards compatibility with ESXi hosts running 6.7.x, 7.x and 8.x.

Many of you are probably familiar with the local version of ESXCLI which is available when connecting to ESXi whether that is over SSH or directly in the ESXi Console. However, a remote version of ESXCLI has been available since the introduction of ESXCLI back in vSphere 4.0, but surprisingly, I still come across users who never knew that this was possible!

In the past, the remote version of ESXCLI was platform specific and it was distributed in a number of diffrent ways from being bundled as part of the vSphere CLI (6.7) to being a standalone download (7.0) and this inconsistency brought many challenges, not just from an internal development standpoint but also operationally for users who needed to deploy this utility across their administrative systems.

[Read more...]

What is vc-ws1a-broker service on vCenter Server Appliance (VCSA)?

09.07.2023 by William Lam // 2 Comments

When vSphere 8.0 Update 1 was released, I noticed an interesting message about containers being installed while deploying the vCenter Server Appliance (VCSA) ...

Interesting ... while runc has been part of the VCSA for a few releases, it looks like it now launches ws1a-broker container in #vSphere80U1 by default ... ws1a-broker = Workspace One Broker? pic.twitter.com/cNVwx2vwFA

— William Lam (@lamw.bsky.social | @*protected email*) (@lamw) April 18, 2023

As shared in the Tweet/X above, it turns out this was for a service called vc-ws1a-broker, which I came to learn was for enabling the new Identity Federation Provider for the VCSA with Okta.

I ended up correctly guessing that the vc-ws1a-broker process was indeed our very own VMware Workspace One Access (WS1A) application but running as a Container workload within the VCSA. In vSphere 8.0 Update 2, support for Microsoft EntraID (formally Azure AD) is now also possible as additional identity provider option.

One important thing to be aware of the vc-ws1a-broker service is that it is configured to be able to consume up to 2GB of memory, as shown using the cloudvm-ram-size utility in the screenshot below.

[Read more...]