Tag:

vsan

Deploying & Configuring the VMware LCM Bundle Utility on Photon OS: A Step-by-Step Guide

by Tommy Grot June 3, 2025

written by Tommy Grot 4 minutes read

The need for streamlined VMware appliance updates is undeniable. Managing a VMware Cloud Foundation environment and its appliances can quickly become a complex and time-consuming task, especially in an offline, disconnected VCF environment. This post provides a detailed, step-by-step guide to deploying and configuring the VMware Lifecycle Manager (LCM) Bundle Utility on Photon OS, offering a significant improvement in update management efficiency. We’ll cover everything from initial setup to verifying successful configuration, providing clear instructions and practical advice for administrators comfortable with Photon OS command-line interfaces. Let’s get started!

If you’re interested in creating an offline depot for VCF, check out Aaron Rombaut; he wrote an excellent blog post tailored for VCF offline depots.

What is Required:

Photon OS ISO (Only Supported on Photon**)
Virtual Machine with 2+ vCPUs & 4GB+ Memory & 1TB Storage
PuTTY
WinSCP

** The LCM Bundle Utility is currently not supported on other Linux distributions or Windows, particularly due to the new Broadcom Token Implementation

You will need to obtain the full ISO x86_64 image.

Download	Size	sha512 checksum
Full ISO x86_64	4.4G	6a7a258399a258da742032987c043ab25503698d35edafaf1ae000f12127da1a161d8b84caa17fd8f23d129e81e1faa7ab087c20ab9229772a643f8f9475305f

Create New Virtual Machine ->

Virtual Machine name ->

Select the compute resource ->

Select your Storage ->

Select Default ->

Select VMware Photon OS (64-bit)

Configure the virtual machine with the following specifications: 2 vCPUs, 4GB of memory, a 1TB disk, and network access. The number of CPUs and memory can be increased later if required.

Deploy!

Now, that you have deployed the virtual machine, lets connect to it via VMRC and mount the Photon OS ISO.

Install ->

EULA ->

Select the 1TB disk. I kept the partitioning on Auto, but you can manually partition it if you prefer.

Select, Photon Real Time ->

Since my Photon LCM VM is deploying on an NSX segment with DHCP, I left it on automatic, but the configuration will vary depending on your implementation.

Set Host name ->

Password ->

Start Install ->

Installing…

Lets boot up to the new Photon VM!

Connect to the Photon OS VM via Remote Console and log in.

Let’s edit the sshd_config file to allow root to connect via SSH.

vi /etc/ssh/sshd_config

Update the following config and uncomment

Port 22
AddressFamily any
ListenAddress 0.0.0.0

Change PermitRootLogin to yes from no

Restart SSH Service

systemctl restart sshd.service

Now that we have completed deploying Photon OS and preparing the virtual machine so that we can SSH into it, we needed to update the SSH configurations within the sshd_config file to allow root to SSH and allow port 22 to listen. Next, we will upload the LCM Bundle Utility via WinSCP

Connect via PuTTY, and then we will untar the lcm-tools-prod.tar.gz.

We will need to make the bin directory with lcm-bundle-transfer-util executable

chmod u+x -R bin/

Change directory to conf. Next, we will use vi to edit the application-prod.properties file and update the required fields below.”

You will need to tailor the Depot Properties to accommodate the Broadcom Download Token. More information is available here.

################### Depot properties ########################
lcm.depot.adapter.certificateCheckEnabled=false
lcm.depot.adapter.port=443
lcm.depot.adapter.host=dl.broadcom.com
lcm.depot.adapter.remote.rootDir=/<Token Here>/PROD
lcm.depot.adapter.remote.repoDir=/COMP/SDDC_MANAGER_VCF
lcm.depot.adapter.remote.index.filename=index.v3
lcm.depot.adapter.remote.offline.index.filename=index.offline
lcm.depot.adapter.local.baseDir=${lcm.bundle.download.default.dir}/tmp
lcm.depot.adapter.local.input.spec.dirname=asyncPatchSpecs
lcm.depot.adapter.local.compatibility.path=v1/products/bundles/type/vcf-lcm-bundle
lcm.depot.adapter.enableBundleSignatureValidation=true
lcm.bundle.manifest.dirname=manifests
lcm.bundle.dirname=bundles

lcm.depot.adapter.lcmManifestFile=lcmManifest.json
lcm.depot.adapter.remote.productVersionCatalog.filename=productVersionCatalog.json
lcm.depot.adapter.remote.lcmManifestDir=/COMP/SDDC_MANAGER_VCF/lcm/manifest
lcm.depot.adapter.enableBundleChecksumValidation=true

lcm.depot.adapter.enableLatestToolVersionCheck=true
lcm.depot.adapter.remote.bundletransferconfig.repoDir:/COMP/SDDC_MANAGER_VCF/obtu

Now that we have updated the applications-prod.properties file, let’s run it. I have extracted my PlannerFile and uploaded it to /root/plannerFile.json.

./lcm-bundle-transfer-util --download --plannerFile /root/plannerFile.json --depotUser <Email-Here>

It is working on Photon OS! The download process has begun.

Deploying the VMware Lifecycle Manager Bundle Utility on Photon OS is a worthwhile investment for any administrator responsible for a VMware Cloud Foundation environment. This guide has provided the foundation for simplifying your appliance updates, reducing operational overhead, and ensuring a more stable and efficient infrastructure. Embrace this approach and take control of your VCF updates!

June 3, 2025 0 comments 447 views

VMware Cloud Foundation

VMware Cloud Foundation: Don’t Forget About SSO Service Accounts

by Tommy Grot May 14, 2025

written by Tommy Grot 5 minutes read

VMware Cloud Foundation (VCF) delivers a modern, automated infrastructure. A vital, but frequently neglected, element of its operation is enabling password rotations. The svc-nsx-vc-fqdn service account within the vCenter Server SSO domain and SDDC Manager. This account is critical for NSX or LCM functionality and integration between solutions, and its failure – typically due to an expired or incorrect password – can cause significant disruption to your VCF environment. This post will highlight the importance of svc-nsx-vc-fqdn, explain the impact of a failed account, and provide proactive measures to ensure its ongoing health and prevent costly outages.

Error Message – “NSX is integrated with vLCM feature of vSphere system. Cannot disable two way authentication and service account creation functionality”

Verifying Service Account with CURL

When the SDDC Manager Password Management UI displays an invalid or outdated timestamp for the svc-nsx-vc-fqdn service account, it indicates a potential synchronization issue between SDDC Manager and the underlying vCenter SSO domain. This can lead to authentication problems and network connectivity issues within your VMware Cloud Foundation environment. As illustrated below, the ‘Last Modified Date’ is incorrectly displayed as 11/10/23 1:03PM. Let’s examine this issue in more detail.

Addressing SDDC Manager UI Timestamp Discrepancies

To troubleshoot this, administrators can use the curl command to directly query the VCF SDDC API and verify the existence and timestamp of the svc-nsx-vc-fqdn object. This bypasses the SDDC Manager UI and provides a more accurate view of the account’s state.

SSH Into SDDC Manager – ( Prepare your command using your SSO account credentials. While ‘[email protected]‘ may be a default account, you must retrieve the current, rotated password using the lookup_password utility within SDDC Manager.
Elevate to root ” su – “
Run the Bearer Token curl to retrieve a access token

TOKEN=$(curl -d '{"username" : <sso_username>, "password" : "<sso_password>"}' -H "Content-Type: application/json" -X POST http://127.0.0.1/v1/tokens | jq -r '.accessToken')

Once we have gotten the Bearer Token we are now able to execute the next CURL command with syntax below:

curl -k -X GET -H "Authorization: Bearer "$TOKEN"" --insecure 'https://localhost/v1/system/credentials/service' | json_pp

So, now that we have execute the CURL command above you will get a detailed JSON API back which has all the creation times and ensuring that the SSO Service account still exists and has not disappeared even though the SDDC Manager UI is showing — or incorrect timestamp of last time it was active / updated / modified.

{
"creationTime" : 1699646593061, #This is the timestamp representing when the object was created
"credentialType" : "SSO" #This is indicating that it is apart of the SSO Domain
"entityId" : "17bd9679-a83b-485c-9b97-ac079827224d", # Unique identifier which is stored in the VCF SDDC Database.
"entityType" : "VCENTER", #Displays that this SSO object is related to vCenter
"id" : "b69362ad-c797-4689-b763-f1fc4aed5dff",
"modificationTime" : 1699646593061, #Timestamp showing when last time this object was modified
"serviceId" : "0dd05d81-6eaa-442b-9d47-fb1134ffdbe6", #This is the ID between NSX Managers and vCenter
"serviceType" : "NSXT_MANAGER",
"targetType" : "VCENTER",
"username" : "[email protected]" # Username of service account which is integrating the two solutions
}

Now that you have executed the curl command, you should see output similar to the example JSON I’m providing above, where I’m commenting on the specific API fields of interest and explaining what they mean.

As demonstrated in the JSON outputs for other credentials, the ‘secrets’ field typically contains the encoded password within the API. However, for this specific SSO Account, this field is absent, allowing us to manually set the password on both sides of vCenter and NSX and SDDC and re-establish the connection.

Remediation of Service Account

After verifying that the SSO accounts still exist within SDDC, if you attempt to rotate them using the SDDC Password Manager UI, the initial rotation will often stall at approximately 50% and present a retry or cancel popup. Waiting the 15 minutes suggested in some KB articles and then retrying will result in the process reaching 100%, followed by a rapid failure. This is due to timing differences and synchronization processes between vCenter, NSX and SDDC.

First, lets set a basic password within vCenter SSO for the “[email protected]” Set it to VMware1!VMware1! , after you hit save wait few seconds

After the password has been updated manually via vCenter Users and Groups for the “[email protected]”.

Then log into your NSX Manager – > System -> Fabric -> Compute Managers -> Edit on vCenter Object and click edit on the FQDN | IP Address, and input your svc sso account and password.

Note: Ensure that ‘Create Service Account’ is enabled and ‘Enable Trust’ is also selected. If you encounter an error during the connection process, toggle the ‘Create Service Account’ option, enter the password, save the configuration, and then re-enable the Service Account.

Finally, lets go back into the SDDC Manager -> Password Management -> Filter based on vCenter

Enter the remediated password you previously set within vCenter and NSX. Executing this operation should result in a successful completion task within a few minutes.

Now that two-way communication between vCenter and NSX has been re-established, you can resume standard operations, including enabling vLCM for baseline-controlled patching or image-based deployments.

Beyond the technical steps, this highlights the importance of treating credential management as a proactive, ongoing process. Regular audits, automated password rotation, and diligent verification using methods like the curl command we’ve explored, aren’t merely reactive fixes—they’re essential components of a robust security posture and a resilient infrastructure. Prioritizing these practices ensures that your VMware Cloud Foundation environment remains a reliable and secure foundation for your critical applications and workloads.

May 14, 2025 0 comments 341 views

VMware Cloud Foundation

Securing Software Updates for VMware Cloud Foundation: What You Need to Know

by Tommy Grot March 24, 2025

written by Tommy Grot 2 minutes read

Starting March 24, 2025, Broadcom will implement a significant change in the distribution of VMware software binaries for key products. This update aims to enhance security and ensure compliance with industry standards for all our VMware Cloud Service Providers (VCSPs).

From this date onwards, downloading updates and patches for VMware Cloud Foundation, vCenter, ESXi, and vSAN File Services will be handled through a secure new process. This change is crucial for maintaining the integrity and confidentiality of software components, protecting against potential vulnerabilities, and ensuring reliable access to the latest features and bug fixes.

Stay tuned for more details on the implementation and any necessary steps to ensure a smooth transition. Your trusted cloud services are about to get even stronger!

Prepare for VMware Utility

Links for PowerShell Gallery

You will need to download and install PowerCLI addons for PowerVCF and VMware.Powercli for your desktop or virtual machine. As shown in the example below I needed to download both.

VMware Depot How To:

Log into Broadcom Support Portal, in the main dash board toward the bottom right you will see Quick Links -> Generate Download Token ->

Select your Site ID and click Generate Token

Once you have generated a token, you will need to download the VMwareDepotChange Script from VMware KB

Now that you have the script downloaded, you will want to execute the command below, before running the script.

The SSL connection could not be established, see inner exception.

Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false

The SSL connection could not be established, see inner exception.
See pre-requisites. Ensure you have set the PowerCLI to ignore invalid certificates or have established SSL trust.

First we will select 1. Choose deployment type and connect:

Now, the interactive prompt will ask you if it is a VCF Deployment? (Y)

After you have connected to your SDDC Manager and vCenter, next we will select Option 2. Enter your token. Below is an example of the output. (My Token is masked out)

Next we will select Option 4 Update, this will connect to the SDDC Manager and vCenter and update the depot from the old vmware depot to dl.broadcom.com/etc/…

After you have updated the depot, log back into VCF/SDDC Manager and go to Administration -> Depot Settings and Authenticate, once you have finished wait 5 minutes and you will be able to download again!

March 24, 2025 0 comments 514 views

VMware Cloud Foundation

VMware Cloud Foundation 5.2: A Guide to Simplified Upgrade with Flexible BOM

by Tommy Grot March 11, 2025

written by Tommy Grot 5 minutes read

VMware Cloud Foundation (VCF) has revolutionized the way organizations deploy, manage, and secure their on-premises infrastructure. With the recent release of VCF 5.2, VMware continues to push the boundaries of hybrid-cloud innovation, offering enhanced features, improved scalability, and streamlined management capabilities.

One of the most significant enhancements in VCF 5.2 is the introduction of Flexible Bill of Materials (BOM), a game-changing approach to infrastructure upgrades. Gone are the days of rigid, one-size-fits-all upgrade paths; with Flexible BOM, administrators can now customize their upgrade process to meet the unique needs of their organization.

In this blog post, we’ll delve into the world of VCF 5.2 and Flexible BOM, exploring the benefits, best practices, and step-by-step procedures for a successful upgrade. Whether you’re a seasoned VCF administrator or just starting your hybrid-cloud journey, this guide will provide you with the insights and expertise needed to elevate your infrastructure to the next level

Flexible BOM Process

Downloading The Bits:

The files will be downloaded with a internet connected laptop/desktop or virtual machine.

Note: I am using “03102025” as the directory structure for this process, you can use any name you like for the folder.

First, let’s open up the Offline Bundle Utility Tool (LCM) and start preparing commands to enter, you may copy below and replace to fit your system and your credentials.

(Since, I am using windows for downloading the bundles you will want to run the LCM with out the ./lcm-bundle… as executable, so it would just be “lcm-bundle… for windows” )

lcm-bundle-transfer-util --download --manifestDownload --depotUser <email> --outputDirectory C:\03102025

lcm-bundle-transfer-util --download --bundleManifests --depotUser <email> --bundleManifestsDir C:\03102025

lcm-bundle-transfer-util --download --compatibilityMatrix --depotUser <email> --outputDirectory C:\03102025

Note: If you do not have a VXRAIL Platform, you and disregard the –pdu dell_depot_email, remove it from the syntax as below in the screenshot.

lcm-bundle-transfer-util --depotUser <email> --download productVersionCatalog --outputDirectory C:\03102025

Uploading The Bits:

Once you have downloaded all the updates and manifest files, upload them to the SDDC manager appliance. Keep all the files extracted in the /home/vcf/ directory.

For actual bundles those will be uploaded to the /nfs/vmware/vcf/nfs-mount/ due to the large size and /home/vcf/ is limited on space.

File Structure Table

Note: This will provide simplified way of uploading and ingesting the VCF files and updates following the table below.

`--bundleManifests`	/home/vcf/bundleManifests	Upload the bundleManifests directory into /home/vcf/
`--compatibilityMatrix`	/home/vcf/Compatibility/	Upload the Compatibility directory into /home/vcf/
`productVersionCatalog`	/home/vcf/	`Upload the productVersionCatalog`.json in /home/vcf/ directory
`--sourceManifestDirectory`	/home/vcf/lcm/	Upload the lcm directory into /home/vcf/

bundleManifests

./lcm-bundle-transfer-util --update --sourceManifestDirectory /home/vcf --sddcMgrFqdn FQDN --sddcMgrUser [email protected]

./lcm-bundle-transfer-util --upload --bundleManifests --bundleManifestsDir /home/vcf/

./lcm-bundle-transfer-util --update --compatibilityMatrix --inputDirectory /home/vcf --sddcMgrFqdn FQDN --sddcMgrUser [email protected]

./lcm-bundle-transfer-util --upload productVersionCatalog --inputDirectory /home/vcf --sddcMgrFqdn FQDN --sddcMgrUser [email protected]

After you have completed the above steps for updating the BOM and Products, Manifests. Next we will go to the workload domain you want to patch. Select Plan Patching -> Select the Products you want to upgrade/patch.

./lcm-bundle-transfer-util –generatePlannerFile –sddcMgrFqdn <your FQDN> –sddcMgrUser [email protected] –outputDirectory /home/vcf –domainNames vcf-m01 -p 5.2.1.0

An Example of the plannerFile.json below:

[{"id":"f486b010-2441-4ee3-93a3-1cae8d375e1e","type":"VMWARE_SOFTWARE","description":"This VMware Software Upgrade bundle contains vSphere ESXI 80U3d, for more information, refer https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u3d-release-notes.html","version":"608.169.14-83637536","severity":null,"vendor":"VMware","releasedDate":"2025-02-24T12:00:00Z","isCumulative":false,"isCompliant":null,"sizeMB":606.376953125,"downloadStatus":"PENDING","components":[{"description":"ESXI bundle element","vendor":"VMware","releasedDate":"2025-02-24T12:00:00Z","toVersion":"8.0.3-24585383","fromVersion":"1.1.1-1","imageType":"PATCH","id":"54bf5dce-40e1-408b-9a1d-6ebb63b3dabe","type":"HOST"}],"applicabilityStatus":"PENDING","applicabilityOrder":2,"isPartiallyUpgraded":false},{"id":"d70ed6b4-26b7-4e40-a516-57492b7ddb72","type":"VMWARE_SOFTWARE","description":"This VMware Software Upgrade bundle contains NSX 4.2.1.3, For more information, refer https://techdocs.broadcom.com/us/en/vmware-cis/nsx/vmware-nsx/4-2/release-notes/vmware-nsx-4213-release-notes.html","version":"310.71.51-83059794","severity":null,"vendor":"VMware","releasedDate":"2025-02-03T12:00:00Z","isCumulative":false,"isCompliant":null,"sizeMB":9070.224609375,"downloadStatus":"PENDING","components":[{"description":"NSX-T Manager patch bundle element","vendor":"VMware","releasedDate":"2025-02-03T12:00:00Z","toVersion":"4.2.1.3.0-24533884","fromVersion":"1.1.1-1","imageType":"PATCH","id":"2b89cce2-b0e9-4595-964e-0df5711b0a9d","type":"NSX_T_MANAGER"}],"applicabilityStatus":"AVAILABLE","applicabilityOrder":1,"isPartiallyUpgraded":false}]

Once you have generated the file, copy it from the SDDC Manager onto your internet connected machine.

lcm-bundle-transfer-util --download --plannerFile C:\03102025\plannerFile.json --depotUser <your username for VMware Depot>

Once your bundles have been downloaded, you will want to transfer them to the system that will be upgraded. After everything is uploaded into the NFS Directory on SDDC Manager, you will want to make sure that you elevate to root by su for ingesting bundles.

Now we will go back to the SDDC Manager, upload the actual bundles into the /nfs/… share and ingest them with command below.

./lcm-bundle-transfer-util --upload --bundleDirectory /nfs/vmware/vcf/nfs-mount/03102025/

If you have a VXRAIL VCF Deployment you will want to upload the Partner Bundles with the command below:

./lcm-bundle-transfer-util --upload "uploadPartnerBundle" --bundleDirectory directory-path

Once all update bundles have been uploaded, go back to the SDDC Manager User Interface, and you should see that the Update Now button shows up and lets you proceed with the upgrade!

March 11, 2025 0 comments 701 views

VMware Cloud Foundation

VMware Cloud Foundation 5.2: Unlocking Secure Hybrid Cloud Capabilities with Microsoft Certificate Authority

by Tommy Grot February 18, 2025

written by Tommy Grot 5 minutes read

In the ever-evolving landscape of cloud computing, security remains paramount, especially as organizations strive to build robust hybrid cloud environments. VMware, a pioneer in virtualization and cloud infrastructure, has released an update that strengthens its portfolio—VMware Cloud Foundation 5.2. This new version brings a plethora of enhancements, focusing on improved security features, and integration is with Microsoft Certificate Authority or also OpenSSL but we will utilize Microsoft Certificate Authority.

The Power of Secure Certificates

Certificates play a pivotal role in establishing secure connections within cloud environments. They ensure data encryption, authenticate users and devices, and prevent man-in-the-middle attacks. With this latest release, VMware Cloud Foundation 5.2 leverages the power of MCA to provide organizations with a centralized, automated, and scalable certificate management system.

Integrating Microsoft Certificate Authority

Microsoft Certificate Authority (MCA) is a robust solution for managing digital certificates, offering advanced security features and seamless integration with various cloud platforms. By integrating MCA into VMware Cloud Foundation 5.2, organizations can:

Automate Certificate Deployment: Streamline the process of issuing and deploying certificates across multiple clouds and on-premises data centers.
Centralized Management: Gain a unified view and control over all certificates from a single location, simplifying administration.
Enhanced Security: Benefit from MCA’s advanced security features, including long-term key protection and certificate revocation, to safeguard cloud infrastructure.
Cost Efficiency: Reduce the overhead of managing certificates independently in different environments.

What’s Ahead for Hybrid Cloud Security

VMware Cloud Foundation 5.2 marks a significant step towards simplifying and strengthening security in hybrid cloud deployments. By embracing this update, organizations can future-proof their infrastructure, ensuring data and user privacy. Stay tuned for more insights into this exciting release and its impact on the cloud computing landscape.

Procedure

This walk through assumes that you have already configured a Certificate Authority server, if you did not, ensure to get that created first but in the mean time lets get started!

First, we will go connect via RDP to the Microsoft CA Server

Ensure to install the Following:

Certificate Authority
Certificate Enrollment Policy Web Service
Certificate Enrollment Web Service
Certification Authority Web Enrollment

Once all the Roles are installed, give the CA Server a reboot. Next we will Configure a Role for IIS to do the Enrollment via Web Service using Basic Authentication.

Open up server manager, add the required feature under IIS.

Basic Authentication

After you have installed all the required roles above, next we will enable Basic Authentication under IIS

Navigate to Sites -> Default Web Site -> CertSrv
Under IIS, double-click Authentication.
On the Authentication page, right-click Basic Authentication and click Enable.
In the navigation pane, select Default Web Site.
In the Actions pane, under Manage Website, click Restart for the changes to take effect.

After you have enabled the Basic Authentication, we will need to ensure that the CA Server Web Enrollment has a CA Signed Certificate with the FQDN, IP in its SANs (Subject Alternative Name). The SDDC Manager requires a secure connection between the appliance and the certificate authority.

This walk through will not cover how to create a Web Server Certificate for your CA IIS Site Binding, assuming you already have it configured.

Right Click -> Default Web Site -> https 443 Binding -> Attach the new certificate for the CA Server Web Enrollment.

After all the perquisites are done we will configure a Template for SDDC Manager to utilize.

Clone the Web Server Template and we will configure it:

Configure name for the template, I used VMware SDDC

Click Start Run, enter certtmpl.msc, and click OK.
In the Certificate Template window, under Template Display Name, right-click Web Server and select Duplicate Template.
In the Properties of New Template dialog box, click the Compatibility tab and configure the following values.

For the VMware SDDC Template – I configured 2 years, and the Template Display Name – VMware SDDC

Setting	Value
Certification Authority	Windows Server 2008 R2
Certificate recipient	Windows 7 / Server 2008 R2

In the Properties of VMware SDDC Template dialog box, click Extensions tab and configure the option below:

Click Application Policies and click Edit
Click Server Authentication, click Remove, and click OK.
Click Basic Constraints and click Edit.
Click the Enable this extension check box and click OK.
Click Key Usage and click Edit.
Click the Signature is proof of origin / nonrepudiation check box, leave the defaults for other options and OK.

Start up Run, enter certsrv.msc, and click OK
In the Certification Authority, in the left pane, right-click Certificate Templates, and select New Certificate Template to Issue.
In the Enable Certificate Templates dialog box, select VMware SDDC, and click OK.

Permissions

Before you can start using your new template that you created, next we will need to add permissions to the following VMware SDDC Template for the service account to utilize, my service account is [email protected]

Setting	Value
Full Control	Deselected
Read	Deselected
Write	Selected
Enroll	Selected
Autoenro;;	Deselected

Below we will configure the Microsoft CA and provide your FQDN that is for your Certificate Authority. I created a A record in my DNS for certs.virtualbytes.io and created a CA signed certificate for it for SDDC to accept it.

Once you have configure everything your SDDC Manager is now able to create CSRs, Certs and assign them to the products within VCF!

February 18, 2025 0 comments 362 views

VMware Cloud Foundation

VMware Cloud Director 10.6.1: Taking Cloud Management to New Heights

by Tommy Grot February 5, 2025

written by Tommy Grot 7 minutes read

VMware has just released an exciting update Cloud Director 10.6.1—to revolutionize how we manage our cloud infrastructure. This new version is packed with powerful features designed to make IT professionals’ lives easier and their cloud services more efficient.

Cloud Director 10.6.1 offers a range of improvements, from simplifying complex tasks to providing advanced analytics. It’s all about making cloud management more accessible and effective. With this release, VMware aims to help organizations handle their hybrid cloud environments like never before.

In the following blog post, we’ll break down the exciting new features and explain how they can benefit you. Get ready to discover a streamlined approach to cloud infrastructure management!

Information from VMware’s Site Below:

Cloud computing is constantly evolving, and VMware Cloud Director (VCD) keeps advancing with new updates that strengthen security, streamline resource management, and give users greater control. VMware by Broadcom is thrilled to announce that VMware Cloud Director 10.6.1 is now available as part of the VCF (VMware Cloud Foundation) offering, starting January 31st, 2025.

Smarter VM Placement with Guest OS Awareness

Now, you can easily place virtual machines (VMs) on specific hosts or clusters based on their guest operating system. With this feature, system administrators can define VM Groups for specific OS types ensuring proper placement and compliance across all tenants. This also helps organizations stay aligned with Microsoft and other vendor licensing requirements, simplifying compliance while optimizing resource management.

Use case:

Automatic enforcement ensures that VMs are always placed in their designated groups.
Seamless reconfiguration means existing VMs will adopt this placement rule the next time they undergo a reconfiguration, such as a power cycle or VM edit.

This feature enhances workload distribution and simplifies multi-tenant management, giving you greater control over VM performance and security.

Take Control of API Token Security

Security is crucial and VCD now includes the ability to force API token expiration. If a token needs to be revoked immediately—whether due to security concerns or administrative changes—administrators can now invalidate it instantly. This provides a proactive approach to managing API access and securing cloud environments.

Use case:

Instant access revocation for better security governance.
More control for administrators over authentication and access management.

Flexible IP Retention for Sub-Providers & Managed Organizations

Managing IP addresses has never been easier! VMware Cloud Director now allows custom IP retention periods at both the sub-provider and managed organization levels. This means IP addresses can be retained even when VMs are deleted or NICs are removed—regardless of whether they were assigned via Static Pool, Static Manual, or DHCP.

Use case:

Customizable IP retention ensures continuity and minimizes reallocation efforts.
Metadata-based configuration allows admins to define retention periods tailored to organizational needs.
Leverages the Manual Reservation API to preserve IPs for seamless redeployment.

No more lost IPs or unnecessary reconfigurations—just streamlined network management.

Gateway Firewall Enforcement

This update introduces the ability to explicitly activate or deactivate gateway firewall enforcement which is natively integrated within the VCF stack, with full visibility of enforcement status across T1 and T0 firewalls. Tenant and Sub-Tenant administrators both can view and override default settings, ensuring security configurations align with organizational policies.

Use case:

Full transparency into firewall enforcement status.
Administrative control to enable or disable enforcement as needed.

Stateful Firewall Access & Edge Cluster Configuration

Provider administrators now have improved control over the stateful firewall service, which is natively integrated within the VCF stack. With this update, they can restrict tenants from adding stateful firewall rules on T1, T0, and vApps unless the ANS security stack is entitled. Additionally, a new configuration option on edge clusters allows providers to enable or disable stateful firewalls as needed.

Use case:

Granular control over firewall rules ensures security compliance.
Edge cluster configuration adds another layer of flexibility in managing network security.

Custom Segment Profiles – Now Shareable!

Service providers can now share custom segment profiles with tenant organizations, making it easier to standardize networking policies across multiple tenants.

Use case:

Improved collaboration between providers and tenants.
Consistent networking configurations across multiple organizations.

IPv6 Transparent Load Balancing – It’s Back!

Support for IPv6 and VMware Avi Load Balancer Transparent Load Balancing is back! Pool members can now view the client’s source IP, enhancing visibility and network efficiency. To enable this feature, VMware Avi Load Balancer must be integrated with VMware Cloud Director.

Use case:

Seamless IPv6 support for modern networking needs.
Enhanced load balancing with transparent traffic routing.

This VMware Cloud Director update is all about greater control, improved security, and enhanced networking capabilities. Whether you’re optimizing VM placement, tightening API security, or refining firewall enforcement, these changes empower cloud providers and tenants alike.

Other Enhancements

Fixed Update Custom Task API – No more double execution issues. The API now works correctly on the first attempt.
Resolved All Virtual Data Centers View Issues – Admins can now seamlessly navigate the view without encountering errors.
Removed NSX MP API References – Say goodbye to outdated NSX MP API references for a more streamlined experience.

This VMware Cloud Director update is all about better control, improved security, and enhanced networking capabilities. Whether you’re optimizing VM placement, tightening API security, or refining firewall enforcement, these changes give more control to both cloud providers and tenants.

Reference for info above: https://blogs.vmware.com/cloudprovider/2025/02/vmware-cloud-director-10-6-1-is-here-whats-new.html

Upgrade Procedure

Before we start the upgrade, lets ensure we have the following:

Take Disk Level Snapshots of all VCD Appliances
Take Backup of VCD via VAMI
Downloaded Bits from Broadcom’s Support Portal

My Current Version:

3. Upload the VMware_Cloud_Director_10.6.1.11753-24532678_update.tar.gz into the VCD appliance.

Once the update file is uploaded, SSH into the first VCD Cell appliance.

After you will need to SSH into all appliances – and you will shutdown VMware Cloud Director by running the command below:

/opt/vmware/vcloud-director/bin/cell-management-tool -u administrator cell --shutdown

Note: It is required to upgrade the primary VCD appliance first!

4. Lets start upgrading VCD 10.6.1 on the first appliance. Below we will un tar the Update package into the /tmp/local-update-package directory.

5. Let Extract the update files into the directory we created above.

tar -zxf VMware_Cloud_Director_10.6.1.11753-24532678_update.tar.gz \-C /tmp/local-update-package/

6. Now that the update package has been unzipped we will set the local-update-package be the update directory.

vamicli	update --repo file:///tmp/local-update-package

7. Using the vamicli update –check we will check the repo for the newest upgrade of VCD.

vamicli update --check

Before we start the upgrade, it is important to take a backup of the VCD Appliances, log into each VCD Node via VAMI https://IP_Address:5480 and go to Backup and take a backup.

vamicli update --install latest

Now that the primary appliance is upgrade, repeat the steps above to the other appliances that need, steps 3 through 7.

After the other VCD appliances have the upgrade staged and updated now go back to the primary appliance and execute the upgrade utility.

/opt/vmware/vcloud-director/bin/upgrade

Follow the prompts from the upgrade utility, it will ask if you are ready for the upgrade and if you have taken a backup.

Once the first appliance is upgraded, then repeat the upgrade process above for the additional VCD appliances.

After the upgrade is complete, lets reboot the full appliance so for this option do No (N)

We have successfully upgraded VMware Cloud Director to 10.6.1!

Troubleshooting After Upgrade

I logged into my VCD, first thing I noticed is that I kept getting this error:
invoke : vmware.solution-addon-landing-zone-1.2.0-24052750-default – urn:vcloud:entity:vmware:solutions_add_on_instance:49a00e79-c73d-49be-b990-fbcfa9d8de5b.

Then i started looking into the issue and it was related to certificates that were expired or needed to be reapplied. After I added the new certificate the issue went away.

Go to Certificates Library and remove any expired certs and replace them with up-to-date ones.

Also update the Public Addresses Certificate with the same one you uploaded into the Certificates Library if you are using a Wildcard Cert or Multiple SANs within the certificate.

Once you have all the certificates updated and cleaned up, the Task will be running automatically and here it will look like this below:

Issue Fixed!

February 5, 2025 0 comments 682 views

Omnissa Horizon

Omnissa Horizon Upgrade 2406 to 2412

by Tommy Grot January 29, 2025

written by Tommy Grot 2 minutes read

Omnissa Horizon has established itself as a leading solution for Virtual Desktop Infrastructure (VDI) and Desktop-as-a-Service (DaaS) environments. Building on the success of its predecessor, the Horizon 2406, we are excited to announce the release of the Horizon 2412 upgrade. This latest iteration offers a range of enhancements designed to further improve performance, scalability, and manageability for organizations leveraging VDI and DaaS solutions. With advanced features and improved capabilities, the Omnissa Horizon 2412 is poised to deliver even greater value to users, administrators, and IT professionals alike

Lets Upgrade!

Take a Snapshot of your Horizon Connection Server

Copy the Omnissa-Horizon-Connection-Server-x86_64-2412-8.14.0-12990578933.exe to your Horizon Connection Server.

Next ->

Your preference to join the CEIP -> Next

Install!

Follow up on the New Documentation site on Omnissa’s Site

New Look! For the Admin Login, really clean and streamlined and snappy interface I must say!

Now, that the Horizon Connection server is upgraded, we will now upgrade the Agent on our Image for our Pool, if you have a non-persistent image then you will need to unpack your template and update the gold image, but for my deployment I have persistent so I updated the VM it self.

Agent Upgrade

Next ->

Depending on your Deployment I would stick with IPv4 if you do not have IPv6 Routing capabilities.

Select your features you want enable on the Image.

Install!

Now we will re-deploy my Unified Access Gateway with the same IP address and configuration as my old 2406, but before turning off and removing the old UAG I exported my json file of my configuration to re-import it into the new 2412 UAG.

Now we will Import the settings, so when you import the json file you will need to also re-import your certificate file, mine is a PFX and reapply it because after the import and reboot of the Horizon Connection and UAG I kept running into this error, and it was due to that the certificate was not imported within the json file and it needed a re-import. After reboot and all I was able to login!

Really nice and clean UI of the new Horizon 2412 Upgrade!

January 29, 2025 0 comments 1.1K views

Education

New Updates on vExpert 2025 & VMUG Advantage Programs

by Tommy Grot November 13, 2024

written by Tommy Grot 4 minutes read

VMUG Advantage and VCF Licenses: A Cost-Effective Way to Stay Updated

If you’re looking for a way to stay ahead in your VMware career, look no further than the VMUG Advantage program. For just $210 per year, you get access to a wealth of benefits that will keep your skills sharp and your resume competitive. And did we mention that you also unlock exclusive VCF licenses?!

What’s Included with VMUG Advantage?

Exam Discounts: The VMUG Advantage program includes access to discounts for the VCF exam, which covers the most recent VMware products and features. This exam is a great way to validate your skills and knowledge. Exam Info Here (VCP-VCF Administrator)
VCF Licenses: With your VCF exam pass, you’ll receive three years of VCF licenses, giving you the flexibility to install and test VMware products for personal development for your home lab!
Broadcom Account: As a VMUG Advantage member, you’ll also gain access to a Broadcom account, where you can manage your licenses and access additional resources.
vExpert: In 2025, if you are within the vExpert family you automatically get a free VMUG Advantage membership and exclusive access to vExpert-only events and resources!

What are the Requirements?

The VMUG Advantage program is designed to benefit both beginners and experienced professionals. Here are the key requirements to getting VCF Licenses

You must be an active VMUG Advantage member. This includes signing up for the annual membership fee, which is typically a small fraction of the total cost of the benefits you unlock. The cost for VMUG Advantage is $210.00 a year! Really great cost for the amount of benefits you will receive from VMUG Advantage Program.
A valid VMware Certified Professional – VMware Cloud Foundation 2024 certification is required. If you don’t currently hold a VCP-VCF, you can use the VMUG Advantage subscription to get a discount code for the exam and gain the necessary credentials for VCF License.

The vExpert program is designed to benefit influencers and bloggers and vloggers to showcase and spread knowledge within the community and be a voice!

To be eligible for vExpert status, you must: (More Info here)

Qualifications for the vExpert Award
To qualify for the vExpert award, you need to be actively sharing your VMware expertise with the community. For the 2025 award, judges will review your content from the previous year, 2024.
Here’s how you can earn the vExpert Award
Activities should be completed outside your day job and must be your original work. Ways to qualify are listed below; some categories are auto-approved, while others depend on the quality and volume of your contributions.
Here are several ways to qualify
Blogging: Write blog posts on VMware products or events like VMware Explore to educate and engage the community.
Code Sharing: Share custom code or tools via websites, apps, VMware {code}, or internal channels.
Enterprise/Internal Influencer: Lead knowledge-sharing sessions within your organization, such as webinars or workshops on VMware solutions.
Event Speaking: Present at VMUG meetings, VMware Explore, or other conferences to inspire and educate peers.
Podcasting: Host or co-host a regular podcast on VMware topics, sharing valuable insights with the community.
Video Content: Create tutorials, product demos, or how-to videos on platforms like YouTube.
Online Forums: Support the community by answering questions on VMTN and VMware-related Reddit threads.
VMUG Leadership Support: Assist your local VMUG chapter’s leadership for award consideration.
Auto-Approve Categories
Book Authors: Published book authors and co-authors from the previous year are auto-approved but must still apply.
VCDX Certification: VCDX certification holders are auto-approved but must still apply.
VMUG Leadership: Active VMUG leaders are auto-approved but must still apply.

Why Choose VMUG Advantage or vExpert?

With VMUG Advantage, you get a strong return on your investment. The combination of VCF licenses, exam preparation, exam discounts, VMware Explore Discounts, and community access can help elevate your career and keep you at the forefront of VMware innovations. Plus, with vExpert status, you’ll join a network of like-minded professionals who are passionate about sharing knowledge and pushing the boundaries of VMware technology.

So, if you’re looking for a way to stay ahead in your VMware journey, consider investing in VMUG Advantage. It’s an affordable way to gain access to valuable resources, licenses, and community connections that can benefit your professional growth.

November 13, 2024 0 comments 870 views

Events VMware Cloud Foundation

VMware Explore 2024 – General Session – Shaping The Future Of Cloud And AI Innovation

by Tommy Grot August 28, 2024

written by Tommy Grot 3 minutes read

Las Vegas, the city that never sleeps, is about to shine even brighter as we step into a new era of technology. VMware Explore 2024 has arrived, and with it, a gathering of some of the most brilliant minds from around the globe, ready to shape the future of infrastructure and innovation.

At VMware Explore 2024, the company’s CEO, Hock Tan, took the stage to present a vision for the future of the company and reassure customers about its commitment to innovation and their success. In this blog post, we’ll recap Tan’s key messages from the general session and explore how VMware is positioning itself for the future while maintaining a strong focus on its customers’ needs. Along with announcing the large community that backs VMware – VMUG and VMware vExperts.

Hock Tan said that the CEOs’ decisions to push their companies into public clouds have left their IT departments with post-traumatic stress disorder, while silos of datacenter tech have left tech teams “screwed”. Which is 100% true, organizations are not ready for the cloud and the insane costs, cloud should be utilized to provide on-demand resources when an organization requires them.

The Future of VMware:
Tan began by highlighting VMware’s rich history and its role in revolutionizing virtualization and cloud computing. He acknowledged the company’s impressive track record of innovation, including recent innovations like VCF 9 and many other updates within Private AI and business operations, which have expanded VMware’s capabilities in areas like cloud management and multi-cloud.

He then set the tone for the rest of his presentation by emphasizing that while VMware has come a long way, there is still much to be done. Hock Tan said, “We’re just getting started,” hinting at a bold and ambitious future ahead for the company. He went on to describe VMware’s strategy as one that focuses on three key pillars: cloud, modern applications, and digital infrastructure.

Cloud and Virtualization:
Tan discussed how VMware has been at the forefront of cloud computing since its early days with virtualization. He highlighted the ongoing evolution of cloud technologies and how VMware is adapting to meet the changing needs of businesses. This includes investing in hybrid cloud solutions and expanding its presence in public, private, and edge clouds. Tan also mentioned VMware’s commitment to open standards and interoperability, ensuring that their products can seamlessly integrate with various cloud environments.

In his presentation at VMware Explore 2024, Hock Tan offered a compelling vision for the future of VMware, highlighting its commitment to innovation and customer success. By focusing on cloud, modern applications, and digital infrastructure, VMware is positioning itself to meet the evolving needs of businesses. Tan’s reassurance to customers that Broadcom wants to help and continue investing in their success are likely to alleviate any concerns about the company’s future direction. As VMware continues to execute on its strategy, it will be fascinating to see how the company evolves and adapts to the ever-changing landscape of technology.

August 28, 2024 1 comment 499 views

Events

Exciting New Sessions at VMware Explore 2024!

by Tommy Grot June 18, 2024

written by Tommy Grot 4 minutes read

The VMware Explore 2024 content library is now live! Get ready for a week of insightful sessions, thought-provoking discussions, and innovative showcases from industry leaders and VMware experts. 💡

Beyond the insightful keynotes and thought-provoking discussions, VMware Explore 2024 offers an unparalleled opportunity to get your hands dirty with the latest technologies and deepen your knowledge in various domains.

Here’s what awaits you in the hands-on labs:

Practical workshops: Master new skills in areas like Kubernetes, security, networking, and more.
Solution-focused labs: Solve real-world challenges with hands-on guidance from VMware experts.
Dedicated lab environments: Ensure a focused and productive learning experience with curated lab settings.

Make sure to stop by the Hands On Labs during a break or downtime where you can test, learn and enjoy tinkering with HOL Environments that are provided to you during the event!

General sessions will cover a diverse range of topics:

Industry trends: Explore the future of technology across sectors like healthcare, finance, and sustainability.
Product updates: Get the latest news and insights on new products. Many exciting new advancements in private cloud, AI, app delivery and the edge.
Customer success stories: Learn how organizations are leveraging VMware solutions to achieve business outcomes.

Keynotes will inspire and challenge you:

Visionary leaders: Gain valuable perspectives from industry leaders who will share their insights on the most pressing challenges and opportunities in technology.
Inspiring talks: Prepare to be captivated by thought-provoking discussions covering a wide range of topics, from digital transformation to sustainability.

Session Recommendations!

Link to Session Accelerate Your Journey To Private Cloud With VMware Cloud Foundation [VCFP1362LV]

In this breakout session, William Lam and Karia Parb will talk about an exiting journey to being utilizing and modernizing your data center environments using VMware Cloud Foundation. How VCF can improve your business operations and systems! I have attended previous sessions by William Lam and they were outstanding!

Link to Session 4 Ways to Enhance the Network Experience Across Hybrid and Multi-Cloud [AODB1894LV]

This session will go into deep dive on how to enhance your Networking experience using VCF and NSX, and being able to migrate workloads from hybrid cloud to on prem, this is a great sessions for many organizations to attend due to the complexities that are involved with the unknowns of the Internet, where how things need to be configured properly to seamlessly scale and migrate workloads between the on-prem datacenter and hybrid cloud. So make sure to book this session!

Link to Session Shaping the Future of Cloud and AI Innovation [GEN2495LV]

Are you ready to shape your future of Cloud and Artificial Intelligence? Well this session is going to be a kick! With all the new advancements from Private AI on VCF and how organizations can improve and scale and operate their enterprise workloads by implementing and designing a solid VMware Cloud Foundation environment, this general session will be an awesome outlook on how AI, applications and data center computing will help the industry!

Link to Session AI Without GPUs: Using Your Existing CPU Resources To Run AI Workloads [INVB2189LV]

This is a session I want to attend my self, even for my home lab where I have a large environment to do lots of CPU workloads but when it comes to having GPUs they get very costly, so being able to run AI/ML workloads on CPU resources will be a game changer for many organizations as well, due to cost savings and also ease of use whereas GPUs require more infrastructure and also the cooling. This will be a popular session I can already see it filling up!

Don’t miss the chance to:

Network with fellow attendees and industry professionals.
Discover new ideas and innovations.
Gain practical skills and knowledge to enhance your career.

Here’s what you need to know:

Register for sessions soon: Secure your spot for the sessions you’re most interested in and receive notifications when they go live.
Bookmark your sessions using the “♡” Icon so when the catalog opens for session registration then you will be notified.

Don’t forget to:

Follow VMware Explore on social media for updates, highlights, and exclusive content. ✨
Join the #VMwareExplore hashtag conversation to connect with other attendees and share your thoughts. 💬
Ready to explore the future of technology? Head over to the VMware Explore 2024 content library and start planning your viewing experience!

June 18, 2024 0 comments 419 views

Newer Posts

Older Posts