VCF 9 – Identity Broker Deployment

VIDM IS DEAD!

We finally have a new authentication solution for VCF, the Identity Broker. This intended to be the central authentication point for all of the VCF components, and we have new functionality such as integration with modern identity providers like Entra/Ping

We have 2 deployment modes available:
1: Integrated with Management Domain vCenter.
This is recommended for smaller environments. The Identity broker runs as a container on the vCenter server and does not need to be separately maintained.
2: External Appliance
This mode provides a 3 node cluster with HA, hosted in the Management Domain.

First we need to deploy the cluster, then we can configure the certificates and configure SSO.

Browse to Fleet Management / Lifecycle

This will now start to look like an Aria Suite Lifecycle environment deploy – that functionality is now rolled into the “Fleet Management” appliance which is deployed during the initial build.

We’ll deploy with a self-signed certificate first, then we can replace that with CA Signed – I’ll show this process in another post.

Fill your network details on the next page:

Now configure the Broker IP Components:

We are not using additional VIPs in this deployment. We have to specify at least 4 IPs in the Cluster Node IP Pool (3 Node Cluster + 1 IP for rolling upgrades).

Once we click through, we can validate our selections and start the deployment.

Once the deployment completes we can replace the self-signed certificates with CA signed, and configure SSO in VCF.