WilliamLam.com

  • About
    • About
    • Privacy
  • VMware Cloud Foundation
  • VKS
  • Homelab
    • Resources
    • Nested Virtualization
  • VMware Nostalgia
  • Apple

Exploring the new vSphere Privilege Recorder in vSphere 8.0 Update 1

09.13.2023 by William Lam // 3 Comments

Determining the minimum vSphere privileges that is required to perform a given vSphere operation (UI/API) has been a huge customer challenge to say the least. Strategies have included guessing along with trial and error by creating a custom vSphere Role and slowly removing privileges until you have identified the minimum required privileges. If you are familiar with the vSphere API and know exactly which API methods and properties are consumed, then you can use the vSphere API Reference since every method and property includes the specific privilege required in the documentation, but this method is pretty tedious and time consuming.

If only we had a way to record all the vSphere privilege that was used for a specific set of operation(s) in vCenter Server ... 🤔

Apparently I missed the initial news, but this was actually one of the new features that was introduced in vSphere 8.0 Update 1 called the vSphere Privilege Recorder! 😆

UPDATE (07/25/24) - Looks like the PowerCLI team has productized this capability with a new cmdlet introduced in PowerCLI 13.3 called Get-VIPrivilegeReport

[Read more...]

Categories // Automation, PowerCLI, vSphere 8.0 Tags // permission, PowerCLI, privilege, vSphere 8.0 Update 1

What is vc-ws1a-broker service on vCenter Server Appliance (VCSA)?

09.07.2023 by William Lam // 2 Comments

When vSphere 8.0 Update 1 was released, I noticed an interesting message about containers being installed while deploying the vCenter Server Appliance (VCSA) ...

Interesting ... while runc has been part of the VCSA for a few releases, it looks like it now launches ws1a-broker container in #vSphere80U1 by default ... ws1a-broker = Workspace One Broker? pic.twitter.com/cNVwx2vwFA

— William Lam (@lamw.bsky.social | @*protected email*) (@lamw) April 18, 2023

As shared in the Tweet/X above, it turns out this was for a service called vc-ws1a-broker, which I came to learn was for enabling the new Identity Federation Provider for the VCSA with Okta.

I ended up correctly guessing that the vc-ws1a-broker process was indeed our very own VMware Workspace One Access (WS1A) application but running as a Container workload within the VCSA. In vSphere 8.0 Update 2, support for Microsoft EntraID (formally Azure AD) is now also possible as additional identity provider option.

One important thing to be aware of the vc-ws1a-broker service is that it is configured to be able to consume up to 2GB of memory, as shown using the cloudvm-ram-size utility in the screenshot below.

[Read more...]

Categories // Not Supported Tags // vc-ws1a-broker, vSphere 8.0 Update 1, Workspace One Access

Building custom Tanzu Kubernetes Releases (TKR) for vSphere with Tanzu

07.13.2023 by William Lam // 1 Comment

Right before going on PTO, I caught this really interesting tweet from my buddy Robert Guske that we now support building your own custom Tanzu Kubernetes Releases (TKR), the Kubernetes software distributions that is signed and supported by VMware, which is typically provided by VMware through the online TKR Content Library.

Dear vSphere with Tanzu (TKGS) users - do you know that building your own TKG node image is now supported with our latest #vSphere 8 U1 update? 🙂#VMware #vExperthttps://t.co/pxVbPJzmYh

— Robert Guske (@vmw_rguske) June 29, 2023

While there are already a number of existing customizations that can be applied when deploying a Tanzu Kubernetes Workload Cluster (TKC), there may still be certain VM configurations that you would like to add, which is simply not possible today. In some of the customer requests, it can be as simple as changing the default size of the primary disk for a TKR, which is statically configured today as 20GB.

With this and many other use cases, it is nice to see that we now finally provide customers with a supported method to build their own custom TKR that might include additional customizations that is required by their organization for use with vSphere with Tanzu.

I recently got a chance to play with the new vSphere Tanzu Kubernetes Grid Image Builder tool, which is also an open source project from VMware and leverages the existing Kubernetes Image Builder, which I have also used before (see this blog post HERE for more details). While getting started, it took me a few tries but I eventually got it working after speaking with the Developers as I ran into a few issues.

[Read more...]

Categories // Automation, Kubernetes, VMware Tanzu, vSphere 8.0 Tags // TKR, vSphere 8.0 Update 1, vSphere Kubernetes Service

  • 1
  • 2
  • 3
  • Next Page »

Search

Thank Author

Author

William is Distinguished Platform Engineering Architect in the VMware Cloud Foundation (VCF) Division at Broadcom. His primary focus is helping customers and partners build, run and operate a modern Private Cloud using the VMware Cloud Foundation (VCF) platform.

Connect

  • Bluesky
  • Email
  • GitHub
  • LinkedIn
  • Mastodon
  • Reddit
  • RSS
  • Twitter
  • Vimeo

Recent

  • VMware Flings is now available in Free Downloads of Broadcom Support Portal (BSP) 05/19/2025
  • VMUG Connect 2025 - Minimal VMware Cloud Foundation (VCF) 5.x in a Box  05/15/2025
  • Programmatically accessing the Broadcom Compatibility Guide (BCG) 05/06/2025
  • Quick Tip - Validating Broadcom Download Token  05/01/2025
  • Supported chipsets for the USB Network Native Driver for ESXi Fling 04/23/2025

Advertisment

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Copyright WilliamLam.com © 2025