VCF 9.1 – Page 4

VCF 9.1 - Automating VCF Single Sign-On (SSO) with OIDC-based Identity Provider

05.19.2026 by William Lam // 1 Comment

There are a number of exciting enhancements to VMware Cloud Foundation (VCF) Single Sign-On (SSO) with the release of VCF 9.1 from Generic OIDC/SAML2 Identity Provider (IdP) support, streamline way to manage component level priviledges using VCF Roles and API Client and Token support for non-interactive logins to just name a few.

The process of connecting to an external IdP is mostly the same from earlier VCF releases, I typically use Keycloak for my lab environment for VCF SSO, which you can follow this blog post for the detailed step by step.

What has changed are some of the underlying VCF Operations and Identity Broker APIs used to configure VCF SSO in 9.1. With the introduction of VCF Roles, I also thought it would be a good to refresh the PowerShell script I had originally written for configuring VCF 9.0 SSO with an OIDC-based IdP for VCF 9.1.

[Read more...]

VCF 9.1 - Automating New License Entitlement Workflow between VCF Operations & VCF Business Service Console (BSC)

05.18.2026 by William Lam // Leave a Comment

VMware Cloud Foundation (VCF) 9.1 introduces a few new updates with the license entitlement workflow between VCF Operations and VCF Business Service Console (BSC) for users operating in an air-gapped or disconnected environment.

Below is a visual that outlines the workflow between VCF BSC (red) and VCF Operations (orange), along with the new changes in 9.1:

Whether your organization will have a single or multiple VCF Fleets, automation is essential for consistency and operating at scale.

Last year, I had created a PowerShell Module called Broadcom.Community.VCFLicensing that can help users fully automate the end-to-end licensing entitlement process and I am please to share that it has now been refreshed to support VCF 9.1!

[Read more...]

VCF 9.1 - Updated Method to Reset Identity Broker from previously managed VCF Operations for VCF Single Sign-On (SSO)

05.17.2026 by William Lam // Leave a Comment

Over the weekend, I had to re-deploy a portion of my VCF 9.1 Fleet, including VCF Operations, VCF Management Services, VCF License Server, SDDC Manager and VCF Automation, due to some workflows I was testing.

Luckily, my core SDDC components vCenter, NSX and vSAN was not touched and I could simply re-use those components by running the VCF Installer Import/Converge process to quickly rebuild my VCF 9.1 Fleet!

Prior to deleting VCF Operations, I had VCF Single Sign-On (SSO) configured and I wanted to make sure the core SDDC components were properly cleaned up. I successfully ran through the VCF SSO unjoin operation for all components and cleaned up the vCenter Server Advanced Setting (config.OPERATIONS.vcf.sso.ops.cluster.id), which was required with VCF 9.0.x before you could add it to a new VCF SSO configuration.

After my VCF 9.1 Fleet was re-deployed, the first thing I wanted to go setup was VCF SSO and I noticed the configuration button was grayed out and it had the following message:

No VCF instance available due to one of the following: no existing instance, invalid license, version below 9.0, setup in progress, already configured via another Operations or running ELM.

[Read more...]