Author: Shahrouz

VCF Upgrade Precheck Error “vSphere SHA-1 validation failed”

Shahrouz

Before upgrading VMware Cloud Foundation (VCF) to a newer release, you should first run an upgrade pre-check to ensure there are no issues that could arise during the upgrade. Recently, I helped one of our customers plan and execute the VCF upgrade from VCF 5.2.2 to 9.0.2, and we completed the Upgrade Precheck to ensure everything was in order! There are some expected errors, such as updating the vSAN HCL and the VCF LCM Manifest file, which are straightforward to resolve.

Besides the usual errors, we also faced “ERROR vSphere SHA-1 validation failed” and without addressing this issue, we shouldn’t continue the upgrade. This issue came up because the SHA-1 hashing algorithm was used to sign vCenter Server SSL certificates. VCF requires stronger algorithms, like SHA-256, for certificate signing.

Continue reading “VCF Upgrade Precheck Error “vSphere SHA-1 validation failed””

VCF 9.0 Bringup Error: Failed to retrieve compatibility matrix

Shahrouz

During the bring-up of VMware Cloud Foundation (VCF) 9.0 with the VCF installer, in the validation phase, you may encounter errors related to retrieving the compatibility matrix for VCF components. This issue occurs when using an online depot on the VCF installer to download the binaries required for VCF bring-up. First, ensure the VCF installer can download the vLCM compatibility data bundle from Broadcom’s VVS endpoint at vvs.broadcom.com. In our case, the VCF Installer can access the required URLs, but we still got the errors! Keep reading if you are in the same situation.

You can use a workaround on the VCF installer to solve this issue and continue the VCF bring-up.

Continue reading “VCF 9.0 Bringup Error: Failed to retrieve compatibility matrix”

Reset VCF 9 Installer Admin Password

Shahrouz

During the deployment of the VMware Cloud Foundation 9 installer, you configure the password for both the root user and the local user. Usually, the wizard asks for specific users like root, admin, or audit, but in this case, it only asks for the “local user” password. When you look more closely at the description of the local user password, you will realize that the password will be set for the admin@local and vcf users. After installing the VCF Installer, the admin@local account will be used to log in to the web interface, and the vcf account will be used for SSH access to the VCF Installer.

.

In this blog post, I explain how to reset the password of the admin@local user account on the VCF 9.0 Installer.

Continue reading “Reset VCF 9 Installer Admin Password”

VCF Operations Fleet Management: What You Need to Know

Shahrouz

In my previous blog post, we explored VCF Operations and its key components, a foundational topic for understanding the future of VMware Cloud Foundation (VCF). Now, as we continue preparing for the upcoming VCF release, let’s dive into VCF Operations Fleet Management—a new concept that many are still getting familiar with, as it was introduced only a few months ago!

.

Continue reading “VCF Operations Fleet Management: What You Need to Know”

Introduction to VMware Cloud Foundation (VCF) Operations

Shahrouz

VMware Cloud Foundation Operations is the next generation of Aria Operations and tightly integrated with VMware VCF-based private cloud infrastructure. At its core, VCF Operations is an Ops Management tool, but with the next release of VMware Cloud Foundation, VCF Operations will be the focal point for managing and operating the VMware VCF environment. VCF Operations will integrate single sign-on, certificate, password, and lifecycle management(LCM) capabilities. Simply put, it will be the centralized point for configuring the VCF private cloud and will be mainly used, but not limited to, for VCF day-2 operations. In this blog post, we’ll go through the components and architecture of VCF Operations.

If you have experience working with Aria Operations or Aria Operations, then understanding the components and architecture of VCF Operations won’t be hard for you! But don’t worry if you don’t have experience with vROps or Aria Ops! Keep reading this blog post, and you’ll get a better idea.

Continue reading “Introduction to VMware Cloud Foundation (VCF) Operations”

Configure a Microsoft Certificate Authority in SDDC Manager

Shahrouz

In the previous two blog posts, we installed and configured the Microsoft Certificate Service, prepared a certificate template, and configured a service account to follow the least privilege policy. In this blog post, we will bring everything together by integrating the Microsoft CA with VCF’s SDDC Manager and requesting a certificate from the CA for the VCF components.

Connect to the SDDC Manager UI, log in with a privileged user account, and choose the Certificate Authority option on the left panel. Then click on Edit to open the configuration page.

Continue reading “Configure a Microsoft Certificate Authority in SDDC Manager”

Prepare Certificate Authority for VCF Certificate Replacement

Shahrouz

In the previous blog post, we discussed the installation and initial configuration of Microsoft Certificate Service on a Windows Server and enabled Certificate Web Enrollment on that server. The second step to replacing the default self-signed certificate in VCF is to prepare the Certificate Authority with a new certificate template and assign a service account so that an alternative user can request the certificates instead of the default administrative accounts. With that said, let’s move forward with creating the customized certificate template.

When you request a certificate from a Certificate Authority(CA), the CA lets you choose from its templates store. We must create a template and publish it in the certificate store to create a customized certificate. Open the Certificate Authority snap-in from the CA server’s Administrative Tools to create the customized certificate. If you click Certificate Templates under your CA, you’ll see all the valid certificates in the certificate store.

Continue reading “Prepare Certificate Authority for VCF Certificate Replacement”

Installing and Configuring Active Directory Certificate Services (AD CS)

Shahrouz

One standard method of issuing valid certificates to infrastructure software solutions like VMware Cloud Foundation(VCF) is through an internal Microsoft Certificate Authority(CA). Most organizations that use Active Directory(AD) as a directory service also use AD Certificate Services to issue certificates when replacing the self-signed, auto-generated certificates. Even though this service might be installed and running in your infrastructure, this blog post explains how to install and configure it on a Windows Server machine to integrate with VCF infrastructure. After installing and configuring Certificate Authority, we should create a Certificates Template, integrate VCF with this CA, and finally request certificates and replace them through SDDC Manager,

In this post, we will install AD CS on a Windows Server 2022 joined to an Active Directory domain and configure Web Enrollment to allow users to request and retrieve certificates via a web interface.

Continue reading “Installing and Configuring Active Directory Certificate Services (AD CS)”

Setup SFTP on Ubuntu Server

Shahrouz

Secure File Transfer Protocol (SFTP) is a secure method for transferring files over a network. Unlike traditional FTP, which sends data in plain text, SFTP utilizes the Secure Shell (SSH) protocol to encrypt both the authentication information and the data being transferred. This encryption ensures that sensitive data remains protected during transit, making SFTP a preferred choice for secure file transfers in various environments.

Having an SFTP server is important in a VMware environment for secure and reliable file-based backups. Components like vCenter server, NSX manager, and SDDC manager use SFTP for file-based backups. SFTP also enables centralized backup management and remote storage, enhancing disaster recovery by safeguarding data off-site and enabling quick restoration.

In this blog post, I’ll explain step-by-step how to setup SFTP service on an Ubuntu server.

Continue reading “Setup SFTP on Ubuntu Server”

NSX SSL Certificate Replacement – Part 2

Shahrouz

In Part 1 of NSX SSL Certificate Replacement, the process of certificate template preparation and request has been explained. This blog post will teach you how to import and replace the generated certificate into NSX Manager. It is essential to verify the imported certificate before replacing it. I want to point out that if you are using a Virtual IP for your NSX management cluster, you should have generated the SSL certificate for the management cluster’s Virtual IP address.

https://miro.medium.com/max/1200/1*3Ntz8MAEObg_dW10I9-RfQ.png
Continue reading “NSX SSL Certificate Replacement – Part 2”