WilliamLam.com

Quick Tip - Correlating VCF Component to Bundle ID/Name

by // Leave a Comment

A VMware Cloud Foundation (VCF) release consists of a collection of VCF components that is categorized as either an installation or patch/upgrade file. In VCF 4.x/5.x, a VCF component would contain two different identifiers, a UUID as well as something called a Bundle ID (e.g. bundle-XXX where XXX is some numeric number). In VCF 9.x, the old Bundle ID format is no longer used and simply converges with using the UUID, uniquely identifying a given VCF component.

When a customer downloads a VCF release, they only need to deal with the VCF release version (e.g. 5.2.1.0 or 9.0.1.0) and not the individual bundle IDs. With that said, if you need to download a specific VCF component, especially when using the VCF Download Tool (VCFDT), then it would helpful to understand the specific VCF component ID whether this is for VCF 4.x/5.x or VCF 9.x

[Read more...]

TLS Chain of Trust when using SSL Inspection with VCF Download Tool (VCFDT)

by // Leave a Comment

SSL traffic inspection is commonly deployed by Enterprises to ensure that they have visibility into encrypted connections, enabling their organization to reduce security risks and enforce acceptable use policies.

When using the VCF Download Tool (VCFDT), the connection must first terminate at your SSL inspection system and you may come across the following error: Unable to connect to the Depot Server


Taking a closer look at the VCFDT log file, we can quickly identify the problem which is due to validating the certificate chain from the SSL inspection system as you can see from this snippet:

Error checking certificate chain CN=depot.vcf.lab, OU=R&D, O=WilliamLam, L=Palo Alto, ST=CA, C=US, SerialNumber=91513477326140466830150858710326987151105506009,CN=WilliamLam-RootCA, OU=R&D, O=WilliamLam, L=Palo Alto, ST=CA, C=US, SerialNumber=659677038159141611554120742063414354480349425756 for validity.
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

To resolve this problem, we need to add the Root CA signing certificate into Java keystore that VCFDT can use to establish the chain of trust.

[Read more...]

Quick Tip - Reset vCenter Server from previously managed VCF Operations for VCF Single Sign-On (SSO)

by // Leave a Comment

Over the holidays, I was testing some new VMware Cloud Foundation (VCF) upgrade flows in my lab environment, where I ended up bricking SDDC Manager, which was completely my fault! While I had backups for the majority of the VCF components, I realized I did NOT have any backups for SDDC Manager itself 😢

With VCF 9.0, I realized I could simply leverage the built-in VCF Converge/Convert workflow that can take my existing vSphere-based deployment and turn it into a new VCF Fleet!


After a couple of hours, a new VCF Operations instance was deployed along with a new SDDC Manager that is now managing my existing vCenter Server. Since this was a new VCF Operations instance, I needed to reconfigure VCF SSO, so that I could have common authentication across all VCF Components.

Note: Make sure you have uninstalled both the old SDDC Manager and VCF Operations vSphere UI plugin as well as unregistering the SDDC Manager extension using the vSphere MOB.

However, when I attempted to setup VCF SSO, I ran into the following message: The identity source configuration is managed by another VCF Operations console.


The new VCF Operations instance would not allow me to configure VCF SSO as it knew the vCenter Server was managed by a different VCF Operations ... which I thought would be resolved with the re-deployment.

[Read more...]