In VCF 9.1, access control for API-driven automation is managed through VCF Custom Roles and Role Assignments linked to API tokens. This post details how these mechanisms govern programmatic authentication and authorization. 1. API Token Permission Inheritance API token access is governed directly by its associated security principal. This principal is an SSO user when …
VCF 9.1 API Access (6): Scoping Permissions for the VCF 9.1 Fleet Management API
As private cloud environments grow, manual administration becomes a significant reliability risk and a barrier to scaling. Adopting an API-driven model for VCF Fleet Management is essential for achieving operational excellence; it enables standardized operations, automated lifecycle management, and centralized governance across all VCF instances. By utilizing APIs or workflow automation through VCF Operations, organizations …
Continue reading VCF 9.1 API Access (6): Scoping Permissions for the VCF 9.1 Fleet Management API
VCF 9.1 API Access (4): vCenter Authentication
In this post, we will walk through how to leverage your centralized VCF VIDB API token to get access to VCF SSO-enabled vCenter. By utilizing this secure token-exchange architecture, you can execute programmatic tasks against vCenter APIs without ever needing hardcoded local vCenter credentials. Step 1: Exchange your VIDB API token for VIDB Access Token …
Continue reading VCF 9.1 API Access (4): vCenter Authentication
VCF 9.1 API Access (3): Using API Access Token for NSX and Operations API
Once you have exchanged your initial credentials for a functional VCF Bearer Access Token (via the Identity Broker), that single token can be used to authorize programmatic operations directly across various VCF component APIs. Below are two practical examples that demonstrate how to use your active bearer access token to authenticate requests to both the …
Continue reading VCF 9.1 API Access (3): Using API Access Token for NSX and Operations API
VCF 9.1 API Access (2): Balancing Operational Simplicity with IdP Governance
In VMware Cloud Foundation (VCF) 9.1, the platform offers flexible methods for programmatic access. This blog post explores how to exchange the IdP Access token for the Identity Broker access token. The Default Path: VIDB Token Exchange By default, VCF 9.1 supports using a VIDB token to exchange for an access token. The Mechanism: The …
Continue reading VCF 9.1 API Access (2): Balancing Operational Simplicity with IdP Governance
VCF 9.1 API Access (1): Basic
Unlocking the power of automation in VMware Cloud Foundation (VCF) 9.1 requires a solid understanding of how to manage programmatic access. By transitioning from manual administration to an API-first approach, you can ensure consistency, scalability, and security across your entire VCF fleet. This blog post helps you understand identity types in the context of VCF …
Build and Run a Custom Build Terraform Provider on Windows
Since I have been working on the Terraform VCF Provider, I use it as an example. Build On my Mac, I built the Terraform provider for Windows. GOOS=windows GOARCH=amd64 go build -o terraform-provider-vcf.exe Install Terraform Step 1: From the download, extract the executable to a directory, for example c:\terraform Step 2: Add the folder to …
Continue reading Build and Run a Custom Build Terraform Provider on Windows
VCF Password Management Automation with the VCF Terraform Provider and HashiCorp Vault
Introduction In today's complex IT environments, managing passwords manually can be time-consuming, error-prone, and a significant security risk. This blog post will demonstrate how to automate VMware Cloud Foundation (aka VCF) password management using the VCF Terraform Provider and HashiCorp Vault. By leveraging these powerful tools, you can significantly simplify your password management operations, especially …
Setting up SSO with Okta in VCF5.1
SummaryPre-ReqOkta requirementsvCenter Server and Other RequirementsConfiguring SCIM 2.0 Application in OktaCreate the SCIM 2.0 Test App (OAuth Bearer Token) ApplicationSCIM 2.0 API IntegrationHAProxy ConfigConfigure the User and Group Provisioning to VCFConfiguring OIDC Application in OktaCreate OIDC ApplicationGenerate the Client SecretAssign users and groups to the OpenID Connect application.SDDC Manager IdP ConfigStep 1: OverviewStep 2: Select …
Using IPerf3 for Network Performance Testing
Iperf3 OverviewCommon Used Parameters for both TCP and UDPTCP Network Performance TestingUDP Network Performance Testing Iperf3 Overview Iperf3 is a tool for performing network performance testing. It allows you to test the bandwidth, latency, and packet loss across network links by sending and receiving streams of data between two hosts. iperf3 operates in a client-server …
Continue reading Using IPerf3 for Network Performance Testing
davidwzhang.com 