WilliamLam.com

What is vc-ws1a-broker service on vCenter Server Appliance (VCSA)?

by // 2 Comments

When vSphere 8.0 Update 1 was released, I noticed an interesting message about containers being installed while deploying the vCenter Server Appliance (VCSA) ...

As shared in the Tweet/X above, it turns out this was for a service called vc-ws1a-broker, which I came to learn was for enabling the new Identity Federation Provider for the VCSA with Okta.

I ended up correctly guessing that the vc-ws1a-broker process was indeed our very own VMware Workspace One Access (WS1A) application but running as a Container workload within the VCSA. In vSphere 8.0 Update 2, support for Microsoft EntraID (formally Azure AD) is now also possible as additional identity provider option.

One important thing to be aware of the vc-ws1a-broker service is that it is configured to be able to consume up to 2GB of memory, as shown using the cloudvm-ram-size utility in the screenshot below.

[Read more...]

Workspace One Access (vIDM) Powershell Module to automate creating 3rd Party Identity Provider

by // 1 Comment

One of the projects I am currently working on involves  Workspace One Access (formally VMware Identity Manager) and configuring a 3rd Party Identity Provider for Identity Federation. As with anything, using the UI for the first time to validate the workflow is perfectly fine for me but after that, I normally prefer to automate, especially as I was rebuilding this particular setup a few times. I saw that Workspace One Access (WSO Access) had a REST API but I was surprised that there were no APIs for actually managing the configurations.


I figured before giving up, I should see at least see how the UI was performing these operations as "some API" should exists and started up one of my favorite browser tools Chrome Developer Console to inspect the HTTP requests. I came to learn there were an additional set of "Jersey" APIs (no background on the Jersey name, but its part of the API URI) that might do exactly what I was looking for. After a bit of trial/error, I was able to fully automate the creation of both a WSO Access Directory as well as 3rd Party Identity Provider.

[Read more...]