WilliamLam.com

VCF 9.0 Single Sign-On (SSO) with Keycloak IdP

by // Leave a Comment

As part of VMware Cloud Foundation (VCF) 9.0, users can now enable the new VCF Single Sign-On (SSO) capability, allowing true single sign-on across all components within the VCF solution. While modern IdPs such as Okta, PingFederate, Microsoft Entra ID and Microsoft ADFS continue to be supported for Production deployments, users might want to play with the new VCF SSO capability within their lab environment that may not have external access or you may want to use an IdP that is self-hosted for learning purposes.


In addition to the IdPs listed above, you can also play with the new VCF SSO using a generic OIDC provider. Keycloak is an IdP that can be self-hosted within your own environment and works perfectly out of the box with VCF SSO and this blog post will show you how that set it up without relying on a hosted IdP solution!

[Read more...]

Is my NIC supported with Enhanced Data Path (EDP) with VCF 9.0

by // Leave a Comment

By default, VMware Cloud Foundation (VCF) 9.0 will use the optimized Enhanced Data Path (EDP) Standard switch mode when configuring NSX, which will require you to have an EDP capable network adaptor. One way to check whether your network adaptor supports EDP is by using the Broadcom Compatibility Guide (BCG) and ensuring "Enhanced Data Path - Interrupt mode" feature

Alternatively, if you already have ESXi running, you can quickly check by running the following command: esxcfg-nics -e

[Read more...]

PowerCLI remediation script for running NSX Edge on AMD Ryzen for VCF 9.0

by // 1 Comment

If you are planning to deploy VMware Cloud Foundation (VCF) 9.0 on an AMD Ryzen processor (consumer CPU), make sure you are aware of the required workaround to get the NSX Edge node to function properly, which I had shared the solution back in 2020.

Fortunately or unfortunately, the workaround is still applicable with VCF 9.0 due to lack of support for Data Plane Development Kit (DPDK) with Ryzen processors. One of the challenges you could face depending on where you deploy the NSX Edge, since there is a new workflow that is built right into vCenter Server 9.0 and SSH is not enabled by default, which means you would need to go to VM Console of the NSX Edge VM to apply the workaround.


To make this even less fun, during this time the NSX Edge is going through its initialization process and because it fails to detect DPDK support, the required NSX services can not start and keeps re-trying which is not a bad thing. The reason the looping is a problem is because the workaround requires editing a configuration file and depending on how fast you can type, the initialization process will restart and cause your session to end and you now need to log back in, thus causing a less than ideal experience.

As you can probably guess, I got hit by this re-initialization loop and I just got tired of trying to be faster than the computer 😅

[Read more...]