What’s New in Private Cloud: VMware VCF 9.1 Enhancements

VMware Cloud Foundation (VCF) 9.1 is here — and it’s one of the most feature‑packed releases in years. This update isn’t just incremental; it’s a strategic modernization of compute, storage, networking, security, and operations across the entire private cloud stack.


.

Let’s break down the biggest enhancements and why they I think they matter.

Modernizing Infrastructure Economics with vSphere Foundation 9.1

VCF 9.1 brings several powerful updates to the vSphere layer, aimed at improving performance efficiency and reducing operational overhead.

Enhanced NVMe Memory Tiering

Workloads that demand high throughput and low latency benefit from smarter memory tiering. NVMe-based memory tiers now deliver improved performance and flexibility. (And yes — many are hoping Secure Boot support lands here as well.)


Parallel Processing of DRS vMotion

DRS can now process multiple vMotions in parallel, dramatically reducing cluster balancing times. This is especially impactful in large-scale environments with frequent workload mobility.

Live Patching for TPM-Enabled Hosts

Live patching now works even on hosts with TPM enabled — a huge win for security-conscious organizations that previously had to choose between uptime and compliance.

Networking Updates: Scale, Simplicity, and Smarter Automation

VCF 9.1 introduces major networking enhancements that streamline operations and expand connectivity options.

Enhanced Day-2 VM Lifecycle Management

Networking changes for VMs — including NIC updates, IP changes, and security policies — are now easier and more automated.

Existing VLAN Connectivity via Distributed Transit Gateways

You can now bridge existing VLAN-based networks into VCF environments more seamlessly, reducing migration friction and simplifying hybrid designs.

Streamlined Firewalls & Automated Inter-VPC Security

Security policies between VPCs are now automated, reducing manual rule creation and improving consistency across tenants.

Terraform Provider Enhancements

Better support for tenant-level policy and content management means more automation and cleaner IaC workflows.

Simplified Workload Connectivity & Enhanced Network Scale

EVPN-VXLAN Interoperability

VCF 9.1 now supports EVPN-VXLAN interoperability with the physicalnetwork fabric. This is a major step toward fully integrated, fabric-aware cloud networking.

Network Assessment & VPC Planning

New tools and workflows help architects plan VPC layouts, assess network readiness, and avoid misconfigurations before deployment.

Optimize, Modernize & Protect Storage with vSAN in VCF 9.1

Storage gets a significant upgrade in this release, especially for environments focused on efficiency and resilience.

Encryption for vSAN Global Deduplication

Global dedupe is now compatible with data-at-rest encryption — a long-awaited capability for secure, space-efficient storage.

Enhanced Stretched Cluster Capabilities

Improved resilience and smarter failure handling strengthen business continuity for mission-critical workloads.

Automated Storage Policy Management

Policies now adjust automatically based on cluster configuration changes, reducing manual tuning and risk of misalignment.

Strengthening Zero Trust Security & Platform Resilience

Security is a major theme in VCF 9.1, with improvements across the stack.

Data-at-Rest Encryption for Global Dedupe

This ensures encrypted storage without sacrificing dedupe efficiency — a rare combination in enterprise storage.

Quick Patching for vCenter

Faster patch cycles reduce exposure windows and simplify maintenance.

Live Patching for TPM-Enabled Hosts

As mentioned earlier, this is a major operational win for secure environments.

Continuous Compliance & Integrated Cyber Recovery

VCF 9.1 pushes deeper into automated compliance and recovery workflows.

Compliance Monitoring & Desired State Remediation

The platform now continuously checks VCF components against desired state and can automatically remediate drift.

VPC Policy-Based Connectivity

Security and connectivity policies can now be applied consistently across VPCs, improving governance and reducing misconfigurations.

VMware Data Services Manager 9.1: Modern Databases for AI & Cloud

Microsoft SQL Server 2022 Now GA

SQL Server 2022 is now fully supported and generally available through DSM 9.1, enabling automated lifecycle management for modern database workloads — including those powering AI and analytics.

Want to See It in Action?

VMware has published a full VCF 9.1 video podcast series that dives deeper into the new capabilities:

Enough to do in my Homelab Starting with Upgrade and testing the new features!!

Mitigating Secure Boot Risks in 2026: A Comprehensive Guide

In June 2026 Secure boot certs start to going to expire for physical en virtual machines Servers en Clients. PS not only Windows but also Linux!!

PS. Make sure Client en Servers all installed with latest updates!!

Made a little Risk Assessment:

The expiration and replacement of Microsoft Secure Boot certificates pose a high risk to IT environments. If not properly managed, systems may fail to boot, updates may fail, and security risks may increase. This is particularly critical in automated and virtualized environments.

Key risks:

 Systems failing to boot after updates
 Incompatibility during OS or hypervisor upgrades
 Increased security risks due to outdated certificates

Recommended actions:

1.Update firmware and Secure Boot certificates
2.Test all workloads in a lab environment
3.Update golden images and automation pipelines

A phased rollout and proper validation are essential to prevent disruptions.

1. Scope

This document describes the risks, impact, and mitigations related to the expiration of Microsoft Secure Boot certificates in enterprise environments.

2. Affected Components

 Systems with UEFI firmware (Servers, Desktops, Virtual Machines)
 Microsoft UEFI CA certificates
 Operating Systems (Servers, Clients) (Windows, Linux)
 Automation tools like (Packer, MDT, SCCM)

3. Risk Analysis

Key risks:

 Incompatibility during upgrades
 Security vulnerabilities caused by outdated trust stores
 Errors in automation pipelines
 Firmware incompatibility

4. Risk Matrix

 Upgrade Issues: High
 Security Exposure: High
 Automation Failures: Medium
 Firmware Issues: High

5. Mitigations

 Update firmware on all systems
 Apply Microsoft Secure Boot updates
 Verify Event ID 1808
 Rebuild images with updated certificates
 Perform a phased rollout

6. Validation & Testing

 Test OS boot scenarios
 Validate Secure Boot status
 Verify automation pipelines

7. Conclusion

Changes to Secure Boot certificates must be treated as critical infrastructure updates. Proper preparation, testing, and phased implementation are essential to avoid disruptions.

.Microsoft has released patch’s for the following OS.

Windows 11 (23H2/24H2/25H2)
Windows Server 2016/2019/2022/2025.

VMware is creating a “Fix or Update” for this

* I did not test versions with extended support like Windows 2012 R2 and Windows 10.

Simplified Fix Secure Boot Script for Easy VM Updates

Get your list with:
Get-VM | Where-Object { $_.ExtensionData.Config.Firmware -eq “efi” -and

$_.ExtensionData.Config.BootOptions.EfiSecureBootEnabled } | Select-Object Name,

   @{N=”OS”;E={$_.ExtensionData.Guest.GuestFullName}},  PowerState

There is a updated coming from VMware by Broadcom: Check this article:     @{N=”OS”;E={$_.ExtensionData.Guest.GuestFullName}},  PowerState

https://knowledge.broadcom.com/external/article/423893

Extra Info

Microsoft Info:

I hope that most People have Read: Windows Secure Boot certificate expiration and CA updates

and Secure Boot playbook for certificates expiring in 2026

Redhat:
Secure Boot Certificate Changes in 2026: Guidance for RHEL Environments

Broadcom:
Secure Boot Certificate Expirations and Update Failures in VMware Virtual Machines

Manual Update of the Secure Boot Platform Key in Virtual Machines





Simplified Fix Secure Boot Script for Easy VM Updates

I recently created 3 version of a FixSecureBoot script — a lightweight alternative inspired by the excellent work of haz-ard-9, the author of FixSecureBootBulk.ps1. Their script is powerful and absolutely the right choice if you rely on BitLocker or need a fully automated, safety‑first workflow.

However, at roughly 3,000 lines of code, the original script is understandably complex. It includes many checks and safeguards, which are great for production environments but made it harder for me to fully understand what was happening under the hood. I wanted something simpler, easier to read, and tailored to my own workflow.

So I took the time to study the original script, copied only the parts I needed, and built a much more compact version that gives me exactly the result I want — which show the verification step that every thing is correct updated.

What My Script Does

Here’s the full sequence of actions my simplified script performs:

1.Shuts down the VM
2.Creates a snapshot
3.Enables UEFI Setup Mode
4.Clears VMRAM (for older VMs)
5.Upgrades virtual hardware if the VM is below version 21 (vSphere 8)
6.Starts the VM and waits for VMware Tools
7.Checks that the guest OS is fully online
8.Downloads the required certificates (only once)
9.Uploads the two certificates to the VM if not exist
10.Installs the new boot certificates
11.Shuts down the VM and clears Setup Mode
12.Boots the VM and sets AvailableUpdates to 0x5944 (certs ready for install)
13.Reboots until AvailableUpdates becomes 0x4100 (may require multiple reboots)
14.Reboots and runs Secure-Boot-Update again
15.Reboots and runs Secure-Boot-Update again, then checks for Event ID 1808 (if found, everything is good)

I’ve tested this workflow successfully on:

 Windows 11 (23H2, 24H2, 25H2)
 Windows Server 2016, 2019, 2022, and 2025

Downloads
** link the links for downloading the original files from Microsoft Github page.

WindowsOEMDevicesPK.der
microsoft corporation kek 2k ca 2023.der

Rename microsoft corporation kek 2k ca 2023.der to kek2023.der

.

Current Limitation: Packer Integration

CLEAN PACKER BUILD IS NOT SAFE!! AFTER THE BUILD YOU NEED TO RUN FIX SECURE BOOT!!

I don’t yet have a complete fix for integrating this into a full Packer build. For now, I simply pre‑stage the certificates:

Build file:

provisioner “file” {

source = “./setup/SecurebootCert/”

destination = “C:/Windows/Temp”

}

I have build three versions:

Fix_Secure_Boot_Manual.ps1
Fix_Secure_Boot_Single.ps1
Fix_Secure_Boot_Multi.ps1

If you want a script that’s easier to read, easier to modify, and still gets the job done (as long as you’re not using BitLocker), this simplified version might be exactly what you need.

Let me know if you want me to share the script itself or write a follow‑up post about how it works internally.
.

.

Template Check if al ready Updated

If VM check if al ready updated

.

Run Script full from Template
.

Pages: Page 1, Page 2

Exploring Minimum 2 Node Homelab at VMUG Connect in Amsterdam

Thrilled to join the @MyVMUG community at VMUG Connect in Amstedam! I’ll be diving into Minimum 2 Node Homelab Setup and sharing practical insights you can use in your environment. Can’t wait to learn from other members too!

Afbeelding met tekst, kleding, person, Menselijk gezichtDoor AI gegenereerde inhoud is mogelijk onjuist.

Afbeelding met tekst, schermopnameDoor AI gegenereerde inhoud is mogelijk onjuist.

Config a VCF (vSAN ESA) host the Easy Way

A while ago i created: Config vSAN ESA host or VCF ESA vSAN Host the easy way with Config-VSAN-ESA-VCF-Lab-Host Script.

Sow it’s time for a new updated version.

What does the script now:

✅ Disable ipv6

✅ Set DNS domain name

✅ Rename local datastore

✅ Configure NTP

✅ Installs the vSAN ESA Hardware Mock VIB

✅ Installs the Synology NFS Plug-in for VMware VAAI

✅ Installs the Realtek Network Driver for ESXi more information here
I use the 10Gtek 1.25/2.5/5/10GBase-T SFP+ RJ-45 CAT.6a Copper Transceiver on the MS-A2

✅ Configure vSAN DOMNetworkSchedulerThrottleComponent

✅ Generate new certificate on the ESXi host (for the VCF verification check)

✅ Ask are you running Miniforum MS-A2(AMD) host & Then Disable apichv

✅ Enable Memory Tiering

You need to download the vibs separately!
For the installs put the vib’s in the same map as the script
You can download the script: HERE

Powercli Script to update From VMware.Powercli to VCF.Powercli

I made a little script that does the following:

  1. Check if VMware or VCF PowerCLI is installed and is outdated
  2. Check if VCF.Powercli is the latest installed
  3. If VMware.Powercli is installed upgrade to VCF.Powercli
  4. If VCF Powercli is installed but not the latest version upgrade to VCF to the latest version

You can download the script on my github repository: https://github.com/WardVissers/VCF-Public/blob/main/Check%20Installed%20VCF-Powercli%20Version.ps1

$installedVCFPowercli   = Get-InstalledModule VCF.PowerCLI -ErrorAction SilentlyContinue
$installedVMwarePowercli   = Get-InstalledModule VMware.PowerCLI -ErrorAction SilentlyContinue
$latestVCFPowercli    = Find-Module VCF.PowerCLI -ErrorAction SilentlyContinue
$latestVMwarePowercli =  Find-Module VMware.PowerCLI -ErrorAction SilentlyContinue
$OldModules = Get-InstalledModule VMware.* -ErrorAction SilentlyContinue
$OldModules += Get-InstalledModule VCF.* -ErrorAction SilentlyContinu | Where-Object {[version]$_.Version -lt $latestVCF.Version}

Function Uninstall-OldPowercliEditons {
$Total = $OldModules.Count
$Index = 0
foreach ($Module in $OldModules) {
    $Index++
    $Percent = ($Index / $Total) * 100

    Write-Progress `
        -Activity "Delete old PowerCLI version" `
        -Status "Uninstall version $($Module.Version) ($Index from $Total)" `
        -PercentComplete $Percent

    try {
        Uninstall-Module -Name $Module.name -AllVersions -Force  # -ErrorAction silentlycontinue -ErrorVariable +err
        Write-Host "🗑 Removed: PowerCLI $($Module.Name) with $($Module.Version)"
    }
    catch {
        Write-Error "❌ Error with deleting PowerCLI $($Module.Version): $_"
    }

    Start-Sleep -Seconds 1
  }
}

if (-not ($installedVMwarePowercli -or $installedVCFPowercli -or $OldModules )) {
    "❌ VCF.PowerCLI is not installed"
    Install-Module VCF.PowerCLI -AllowClobber  -Scope CurrentUser # -SkipPublisherCheck
}
elseif ([version]$installedVCFPowercli.Version -eq [version]$latestVCFPowercli.Version) {
    "✅ VCF PowerCLI is up-to-date ($($installed.Version))"
}
elseif ($installedVMwarePowercli) {
    "⬆ VMware Powercli is installed needed upgrade to VCF Powercli"
    Uninstall-OldPowercliEditons
    Write-Host "Uninstall is succes vol"  -ForegroundColor Yellow
    Install-Module VCF.PowerCLI -AllowClobber  -Scope CurrentUser # -SkipPublisherCheck
    Write-Host "Install VCF Powercli is succes" -ForegroundColor Green
}
else {
    "⬆ VCF Powercli Update beschikbaar $($latestVCFPowercli.Version)"
    Uninstall-OldPowercliEditons
    Write-Host "Uninstall is succes" -ForegroundColor Yellow
    Update-Module -Name VCF.PowerCLI -Force
    Write-Host "Update is succes vol" -ForegroundColor Green
}

Setting Up KubeDoom on Kubernetes: A Beginner’s Guide

I followed William Lam’s article about MS-A2 VCF 9.0 Lab: Configuring vSphere Kubernetes Service (VKS)

I don’t have much experience with Kubernetes but wanted to try some new things.

The only container that I have running is Home Assistant on Docker.

Got to try to get Kubedoom working. So I did with the following steps.
Maybe in the near future I’ll try to add more games: Retro DOS Games on Kubernetes

Finally having a Kubernetes cluster version 1.32, which was required for running KubeDoom.

Afbeelding met tekst, schermopnameDoor AI gegenereerde inhoud is mogelijk onjuist.

Download kubectl

Afbeelding met tekst, schermopname, brief, ontwerpDoor AI gegenereerde inhoud is mogelijk onjuist.

mkdir d:\kubectl

Extract the downloaded ZIP file and place both executables (kubectl.exe and kubectl-vsphere.exe) in a folder such as: d:\kubectl

.\kubectl version –client

mkdir .kube

cd .kube

New-Item config -type file

.\kubectl vsphere login –server=https://31.31.0.7 –insecure-skip-tls-verify

Afbeelding met tekst, schermopname, LettertypeDoor AI gegenereerde inhoud is mogelijk onjuist.

kubectl –kubeconfig=kubernetes-cluster-jzvx-kubeconfig.yaml get pods

kubectl –kubeconfig=kubernetes-cluster-jzvx-kubeconfig.yaml apply -f kubedoom.yaml

Afbeelding met tekst, schermopname, LettertypeDoor AI gegenereerde inhoud is mogelijk onjuist.

kubectl –kubeconfig=kubernetes-cluster-jzvx-kubeconfig.yaml -n kubedoom get svc

Afbeelding met tekst, schermopname, LettertypeDoor AI gegenereerde inhoud is mogelijk onjuist.

The password to Kubedoom is idbehold

Download VNC Viewer: https://www.realvnc.com/en/connect/download/viewer

Afbeelding met tekst, schermopname, pc-game, MultimediasoftwareDoor AI gegenereerde inhoud is mogelijk onjuist.

This is funny and cool!

Omnissa and the 100Gb Core vSAN license

When you design a new VDI vSAN you have take licensing into account

Some links about the licensing:

Broadcom describes the vSAN licensing in VVF for VDI, https://ftpdocs.broadcom.com/cadocs/0/contentimages/VVF_VDI_SPD_November2024.pdf

You can find more information also here: Omnissa Horizon combined offering with VMware vSphere Foundation for VDI – FAQ (6000381)

So for this test purpose I have 3 x 3.2TB Storage Drives for test.
Sow I have 9.7 TB storage available in a Single node vSAN Cluster

The 100GB “vSAN” Evaluation License comes from the host license! (Licensed for 50years)

Afbeelding met tekst, schermopname, LettertypeDoor AI gegenereerde inhoud is mogelijk onjuist.


With a 2 x 32 core server I have a total of 64 cores.

With 64 Cores and 100Gb/PerCore license I should not extend more then the raw of 6.4TB.

Wit current raw capacity of 9.6TB I get a error

Alarm is gone after removing 1 Disk from the 9.6 TB vSAN Storage (Left 1 Disk as spare). Storage is now 6.4 TB.

So the conclusion is DON’T go above the RAW Core capacity!!!

For design is the following handy:

Horizon Sizing: The Spreadsheet I Made So I’d Stop Yelling at My Monitor

The Hidden Delta Disk Nobody Cared About

Fixing LCMVROPCONFIG20013 in VCF 9.0.1

ERROR LCMVROPCONFIG20013 while VCF Operations update from 9.0.0 to 9.01

Afbeelding met tekst, schermopname, Lettertype, softwareDoor AI gegenereerde inhoud is mogelijk onjuist.

Afbeelding met tekst, schermopname, software, WebpaginaDoor AI gegenereerde inhoud is mogelijk onjuist.

Afbeelding met tekst, schermopname, Lettertype, nummerDoor AI gegenereerde inhoud is mogelijk onjuist.

ERROR LCMVROPCONFIG20013

Installed Tree: apt install tree # tree

Afbeelding met tekst, schermopname, software, MultimediasoftwareDoor AI gegenereerde inhoud is mogelijk onjuist.

File Exsist on the Offline Depot

File Remove from the Binary Management Afbeelding met tekst, schermopname, nummer, LettertypeDoor AI gegenereerde inhoud is mogelijk onjuist.

Download the upgrade file again

Download the file again: sudo ./vcf-download-tool binaries download –depot-download-token-file=/home/token -d /var/www/html –vcf-version=9.0.1 –type UPGRADE –component VROPS

Pre-staged the VROPS update again
Afbeelding met tekst, schermopname, nummer, LettertypeDoor AI gegenereerde inhoud is mogelijk onjuist.

Update successfully

Afbeelding met tekst, schermopname, Lettertype, softwareDoor AI gegenereerde inhoud is mogelijk onjuist.

Upgrade VCF to 9.0.1: Setting Up an Offline Depot on Ubuntu

Upgrade VMware VCF 9.0.1: Essential Setting Up an Offline Depot on Ubuntu Instructions

If you are planning to upgrade to latest release of VMware Cloud Foundation (VCF) 9.0.1 and you what to install/upgrade you need to have a offline depot.

I had some struggle with the VCF Fleet upgrades. I thought the VCF installer Offline Depot was sufficient. I seems not.

William Liam did a nice explaining about the options: VCF Software Depot Structure Deep Dive for Install & Upgrade. Which confirms my struggle.

Sow I build my own offline depot

Prerequisites

First, download the required bundle files from the Broadcom VMware portal. This includes:

  • vcf-9.0.1.0-offline-depot-metadata.zip (mandatory)
  • vcf-download-tool-9.0.1.0.24962179.tar.gz (mandatory)

On the Depot Server (Ubuntu)

Sizing for the disk is minimal 100GB I used 200GB thin Provisiond

I did a Ubuntu install on a 200GB disk (Partition without lvm)

Login

Login with the user account that you create

Sudo passwd root

Vim /etc/ssh/sshd_config

 if the following line exists, possibly commented out (with a # in front):

PermitRootLogin

Then change it to the following, uncommenting if needed (remove the # in front):

PermitRootLogin yes

sudo service ssh restart

now you can login als root

Install Apache and tools

Sudo update

sudo apt install apache2 openssl apache2-utils unzip

Create a certificate config file

nano ~/vcf-openssl.cnf

Paste the following:

[ req ]

default_bits = 2048

prompt = no

default_md = sha256

distinguished_name = dn

x509_extensions = v3_req

[ dn ]

C = US

ST = CA

L = LA

O = TS

OU = IT

CN = flt-depot.wardhomelab.nl

emailAddress = a@b.c

[ v3_req ]

basicConstraints = CA:FALSE

keyUsage = digitalSignature, keyEncipherment

extendedKeyUsage = serverAuth

subjectAltName = @alt_names

[ alt_names ]

DNS.1 = flt-depot.wardhomelab.nl

IP.1 = 192.168.150.246

Replace the values with your organization’s details.

Generate the certificate

cd /etc/apache2
sudo mkdir ssl

sudo openssl req -x509 -nodes -days 365 \

-newkey rsa:2048 \

-keyout /etc/apache2/ssl/vcf.key \

-out /etc/apache2/ssl/vcf.crt \

-config ~/vcf-openssl.cnf

Create a basic auth user

Sudo htpasswd -c /etc/apache2/.htpasswd vcfadmin

Configure Apache

sudo nano /etc/apache2/sites-available/default-ssl.conf

Paste the following:

<VirtualHost *:443>

ServerAdmin webmaster@localhost

DocumentRoot /var/www/html

SSLEngine on

SSLCertificateFile /etc/apache2/ssl/vcf.crt

SSLCertificateKeyFile /etc/apache2/ssl/vcf.key

SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1

RequestHeader unset Proxy early

<Directory /var/www/html>

Options Indexes FollowSymLinks

AllowOverride None

AuthType Basic

AuthName “VCF Depot”

AuthUserFile /etc/apache2/.htpasswd

Require valid-user

</Directory>

</VirtualHost>

Enable modules and restart Apache

sudo a2enmod ssl headers

sudo a2ensite default-ssl

sudo systemctl restart apache2

Extract the metadata ZIP

Sudo chmod 777 /home

Upload vcf-9.0.1.0-offline-depot-metadata.zip /home/ with Winscp

Sudo unzip vcf-9.0.1.0-offline-depot-metadata.zip -d /var/www/html

Make sure this file exists:

ls /var/www/html/PROD/metadata/productVersionCatalog/v1/productVersionCatalog.json

Remove Index.html

sudo rm -f /var/www/html/index.html

Create your Download token

Create your Download token in de Broadcom portal

Create a token file in /home folder

Upload the VCF download tool

Sudo mkdir /home/vcf-download-tool

Sudo chmod 777 /home/vcf-download-tool

cd /tmp/vcf-download-tool

Upload the tool in /tmp/vcf-download-tool folder

tar -xf vcf-download-tool-9.0.1.0.24962179.tar.gz

sudo reboot

Run the following

Cd /tmp/vcf-download-tool/bin

sudo ./vcf-download-tool binaries download –depot-download-token-file=/home/token -d /var/www/html –vcf-version=9.0.1 –automated-install –type=INSTALL

Download all the appliances

sudo ./vcf-download-tool binaries list –depot-download-token-file=/home/token –vcf-version=9.0.1 –type=INSTALL –sku=VCF

Upgrade

sudo ./vcf-download-tool binaries download –depot-download-token-file=/home/token -d /var/www/html –vcf-version=9.0.1 –type UPGRADE –component SDDC_MANAGER_VCF

sudo ./vcf-download-tool binaries download –depot-download-token-file=/home/token -d /var/www/html –vcf-version=9.0.1 –type UPGRADE –component VCENTER

sudo ./vcf-download-tool binaries download –depot-download-token-file=/home/token -d /var/www/html –vcf-version=9.0.1 –type UPGRADE –component VRSLCM

sudo ./vcf-download-tool binaries download –depot-download-token-file=/home/token -d /var/www/html –vcf-version=9.0.1 –type UPGRADE –component VROPS

sudo ./vcf-download-tool binaries download –depot-download-token-file=/home/token -d /var/www/html –vcf-version=9.0.1 –type UPGRADE –component NSX_T_MANAGER

sudo ./vcf-download-tool binaries download –depot-download-token-file=/home/token -d /var/www/html –vcf-version=9.0.1 –type UPGRADE –component VCF_OPS_CLOUD_PROXY

sudo ./vcf-download-tool binaries download –depot-download-token-file=/home/token -d /var/www/html –vcf-version=9.0.1 –type UPGRADE –component VRA

Additional

sudo ./vcf-download-tool binaries download –depot-download-token-file=/home/token -d /var/www/html –vcf-version=9.0.1 –type UPGRADE –component VRNI

sudo ./vcf-download-tool binaries download –depot-download-token-file=/home/token -d /var/www/html –vcf-version=9.0.1 –type UPGRADE –component VRLI

sudo ./vcf-download-tool binaries download –depot-download-token-file=/home/token -d /var/www/html –vcf-version=9.0.1 –type UPGRADE –component HCX

sudo ./vcf-download-tool binaries download –depot-download-token-file=/home/token -d /var/www/html –vcf-version=9.0.1 –type UPGRADE –component VRO

sudo ./vcf-download-tool binaries download –depot-download-token-file=/home/token -d /var/www/html –vcf-version=9.0.1 –type UPGRADE –component VIDB

Afbeelding met tekst, schermopname, Lettertype, softwareDoor AI gegenereerde inhoud is mogelijk onjuist.

Upgrade Binaries will be visible

Afbeelding met tekst, schermopname, nummer, LettertypeDoor AI gegenereerde inhoud is mogelijk onjuist.

On de SDDC manager

Open de VM console

Login with the root user

Vim /etc/ssh/sshd_config

 if the following line exists, possibly commented out (with a # in front):

PermitRootLogin

Then change it to the following, uncommenting if needed (remove the # in front):

PermitRootLogin yes

systemctl restart sshd

Copy vcf.crt

scp root@ftt-depot.wardhomelab.nl:/etc/apache2/ssl/vcf.crt /tmp/vcf.crt

Import the certificate into the Java truststore

sudo keytool -import -trustcacerts -alias vcfDepotCert1 \

-file /tmp/vcf.crt \

-keystore /usr/lib/jvm/openjdk-java17-headless.x86_64/lib/security/cacerts \

-storepass changeit

Reboot

Now u should connect VCF to you offline depot

Afbeelding met tekst, schermopname, software, nummerDoor AI gegenereerde inhoud is mogelijk onjuist.

Afbeelding met tekst, schermopname, nummer, LettertypeDoor AI gegenereerde inhoud is mogelijk onjuist.

You want you upgrade to 9.0.1 ivm Edge Issue

Special thanks to vmtechnics for putting me in the right direction

Translate »