WilliamLam.com

VMware Cloud Enterprise Federation with Microsoft Azure Active Directory

by // Leave a Comment

As a follow-up to my recent blog post on how to configure identity federation between VMware Cloud and AWS SSO using our the new Just-in-Time (JiT) provisioning method, I was also interested to see what the process looked like with Microsoft Azure Active Directory (AD), which is another popular identity provider, which can also benefit our Azure VMware Solution (AVS) customers leveraging VMware Cloud Services. Similar to AWS SSO, I had never worked with Azure AD before and this was a good opportunity to check out their service.

Here is a quick video for those interested in the final logon experience when VMware Cloud is using Azure AD as the identity provider:

[Read more...]

VMware Cloud Enterprise Federation with AWS SSO

by // Leave a Comment

Earlier this week I came to learn about a really cool enhancement that was just added to our VMware Cloud Services Console called Connector-less Self-Service Enterprise Federation Setup, it's a bit of a mouth full, but it basically makes configuring identity federation between the VMware Cloud Services Console and other third party identity provider extremely easy.

Identity federation is not a new feature in VMware Cloud and it has been supported for some time now, but it required customers to deploy the Workspace ONE Access connector into their on-premises environment for federating with either their local or third party identity provider. The new method that was introduced is "connector-less" because it does not require any additional infrastructure to be deployed and it also leverages SAML JIT (Just-in-Time) dynamic provisioning.


While looking at the some the pre-defined identity providers, I noticed that AWS Single Sign-On (SSO) was not listed and since we have customers that use both VMware Cloud on AWS and native AWS services, this would certainly be a nice way to provide a common logon experience. Another benefit is also for customers using the new VMware Cloud with Tanzu services with Tanzu Mission Control (TMC), they can now easily manage secure access and provide their their end users the ability to provision and consume Tanzu Kubernetes Clusters (TKC) without the need of exposing them to the underlying infrastructure which is managed by the Cloud Administrators.

This was certainly a few good reasons to try out this new feature, especially as I have never worked with AWS SSO before.

Here is a quick video for those interested in the final logon experience when VMware Cloud is using AWS SSO as the identity provider:

[Read more...]

Quick demo videos of new VMware Cloud with Tanzu services

by // Leave a Comment

VMware Cloud with Tanzu services is VMware's new managed Kubernetes offering that incorporates the vSphere with Tanzu technology delivered as a managed service as part of our VMware Cloud service offering. The initial release of Tanzu services is currently available on VMware Cloud on AWS, which will require SDDC version 1.16 and a request for enablement (contact your VMware account team) prior to deploying a new SDDC and enabling Tanzu services.

Note: In future, Tanzu services will also be enabled for existing SDDC (brownfield) as well as for other VMware Cloud Infrastructure Services, stay tuned!

Using Tanzu services with VMware Cloud is literally night and day when compared to installing and configuring vSphere with Tanzu yourself, which includes a number of other components to setup! As you would expect, as a service, it is simply a click of a button or API call and users only have to provide four basic input (technically three if you leave one of the recommended defaults) 🙂


Rather than talk about how the new Tanzu service works and some of the things you can do with the service right now, I figured I would record a few quick demo videos. You can find the Youtube playlist below if you wish to watch them all and I have also included a link to a Github repo for the demo examples that were used. Hope you enjoy!

[Read more...]