I have listed the links to my VCF Home lab build out below to make it easer for folks to find.
Tag: vExpert
VMware Cloud Foundation Home Lab – Part 7 (VCF Business Services Console Online Registration)
Blog Date: December 2025
If you’ve been following along in this home lab series, in my previous blog, I finished my VCF 9.0.1 deployment to my 4 MINIS FORUM MS-A2s HERE.
With Broadcom’s VCF 9, we are now required to configure usage reporting. This process is pretty straight forward. Click on the [START REGISTRATION] button, and you’ll be redirected to the Broadcom portal for authentication.
You’ll need to enter a display name for this license file. It could be representative of the environment where used.
Select the licenses needed for the environment..
Validate the selection.
Now we just need to copy the activation code.
Back in VCF Operations, we now click the [ENTER ACTIVATION CODE] button to paste in the code.
With your Activation Code ready, now you can activate.
Now your licenses will be available to apply to vCenter (PRIMARY LICENSE) and vSAN (ADD-ON LICENSE).
But wait… There’s More!
I am rather surprised that we have to apply the download token twice considering it’s a requirement to download the bits for the installation, especially in a world where we are constantly striving to automate all the things. Maybe Broadcom’s VCF Engineering division just overlooked this simple quality of life automation task to copy said download Token from the Cloud Installer, and import it to VCF Operations?
You’ll want to add your download token again to VCF Operations:
Fleet Management ->Lifecycle ->Depot Configuration
This looks oddly familiar for creating a credential file for VCF (Aria) Operations Integration. Click the plus icon.
Well that’s… disappointing.
I fixed it for you, Broadcom.
Just like you would create a credential file, here you add your download token where you’d add your password, and click [ADD].
Now just select your Download Token and click [OK].
Now you can download your VCF Fleet (Aria) bits.
VMware Cloud Foundation Home Lab – Part 6 (VCF Core Deployment)
Blog Date: December 2025
In my previous post, I walked through the process of getting the VMUG Advantage token configured in the Cloud Foundation Installer, to establish the connection to the online depot and download the VCF bits, HERE. This post assumes those bits have all been downloaded successfully.
Before continuing with your VCF 9 home lab deployment, or even a production deployment, be sure to check out this post HERE, where I cover the updated password requirements for VCF, and how missing those requirements will cause the deployment to fail.
For a VCF 9 home lab running on hardware that’s not part of the VMware HCL, it will be necessary to bypass the vSAN ESA precheck during VMware Cloud Foundation (VCF) deployment using the Cloud Foundation Installer. If compatible vSAN ESA hardware is not available in your home lab, the deployment fails during the HCL validation phase. To bypass this, log in to the VCF Installer and append the following configuration parameter to the following /etc/vmware/vcf/domainmanager/application-prod.properties file:
echo "vsan.esa.sddc.managed.disk.claim=true" >> /etc/vmware/vcf/domainmanager/application-prod.propertiesNext, you’ll either need to restart the the appliance, or you can just restart the service with the following:
systemctl restart domainmanager 
Time to start the VCF 9 deployment.
I’ve been deploying VCF for customers since the 2.X days, so I have mixed feelings about this new wizard. However, I must say I do enjoy not having to fill in multiple deployment workbooks. I am deploying a greenfield VCF home lab, so I do not have existing components
I elected to do a simple deployment for my homelab. I did notice through testing that the Installer will hallucinate if one of the NTP servers is not reachable. Later on during the pre-check validations, I saw error messages stating the NTP value was null. Probably my favorite was when it hallucinated NTP values that I did not configure, but said that it couldn’t reach them (duh). My only indication of the actual problem was that the pre-check failed when it couldn’t validate the ESX hosts connection to the second NTP and DNS server. I wonder how much vibe coding the VCF devs were doing that day?
I hadn’t deployed my second domain controller yet that I would also use as my second NTP source, and was hoping that I could set it during the Core VCF deployment, and deploy the server after. I ended up just deleting the second DNS and NTP server address in the Installer. I’ll just add it later. I left them configured on the ESX hosts.
Deployment for VCF (Aria) Operations and Fleet Management Appliance (Aria Suite LCM)
I elected to not deploy VCF (Aria) Automation. I’ll deploy this after.
I deployed my management vCenter using the medium size to avoid the smaller appliances performance issues.
Even though the “simple deployment” was chosen, you are still required to define a Virtual IP for NSX.
Out of all the VMware home labs I have built, this is my first using vSAN, but I wanted to try out ESA. In the past I avoided vSAN just because in certain situations it made host maintenance painful.
I’ve got my 4 MINISFORUM MS-A2 hosts added.
I elected to keep my deployment simple in my home lab, and have my management VMs share the same network as my ESX hosts.
I chose the Default virtual distributed switch config
If you remember my previous post HERE, I talked about what will happen on this screen if you did not use a 15 character password for the local user (admin/Administrator).
As expected, the pre-check validation returned a WARNING on the vSAN ESX Disks Eligibility for not being on the HCL. This needs to be Acknowledged before the [DEPLOY] button becomes available.
I kicked off the VCF 9 deployment in my home lab at roughly 5:03pm. The deployment finished about 7 hours later (12:23AM to be exact). Honestly, it was the NSX OVA deployment that took roughly 6 hours to complete. The VCF Fleet Manager, VCF Operations, and VCF Ops collector deployed around an hour I believe.
In my next blog, I’ll run through getting VCF Operations connected to the Broadcom Cloud Services portal to activate my licenses in my home lab.
VMware Cloud Foundation Home Lab – Part 5 (Cloud Foundation Installer Password Requirements)
Blog Date: December 2025
In my previous blog VMware Cloud Foundation Home Lab – Part 4 (VCF Installer with VMUG Advantage Download Token), I walked through the process of getting the Cloud Installer connected to the Online Depot using the Download Token for VMUG Advantage Members.
In this blog, I’ll go over the basic deployment of the VMware Cloud Foundation Installer appliance (formally VCF Cloud Builder) OVA, because there’s a new ‘feature’ that will trip you up if you’re not careful.
We’ve all installed OVAs before, but for the Cloud Foundation Installer OVA, there was something that I wanted to call out.
Specifically, when you’re deploying the OVA, be mindful of the new password requirements as they have changed. Previous versions of VCF through VCF 5.x, did not require a 15 character password. Apparently the quality control folks over in the VCF Division at Broadcom also forgot about this, because you can enter an 8 character passwords here, and the OVA deployment will continue as normal.
Why does this matter, well if we fast forward here a little bit, and get to where we are in the VMware Cloud Foundation deployment wizard on Step 11, you are again asked for the Administrator Password (local user). If you did not use at least a 15 character password during the OVA deployment, the wizard when you click [NEXT] will state that the Administrator password is incorrect . It doesn’t warn you that it is too short. So after a couple of tries, you will get kicked out of the wizard and back to the Cloud Foundation Installer login page, unable to log in because the local user (admin account) is now locked… I first observed this behavior during a customer deployment of 9.0, and found that the ‘feature’ is still there in the 9.0.1 I deployed for my home lab.
If you do find yourself in this situation, the admin@local account unlock procedure is straight forward, and Broadcom has a KB (Article ID: 403316) on how-to:
How to unlock the admin@local account on VMware Cloud Foundation Installer 9.0
If you need to reset the password for the admin@local account, Broadcom has a KB (Article ID: 403099) for that too:
How to Reset the Admin@local password in SDDC Manager
(#-__-)
VMware Cloud Foundation Home Lab – Part 4 (VCF Installer with VMUG Advantage Download Token)
Blog Date: December 2025
One of the things that I had been waiting for were the VMware Cloud Foundation 9 subscription licenses for VMUG Advantage members and the vExpert community of bloggers and SMEs. VMUG Advantage Home Lab License Guide During the week of November 17th, it was announced that the download tokens are now available for the VMUG Advantage Members who passed their VCF 9 certifications.
This post assumes that you have already deployed the VCF Installer, and are ready to get those VCF 9 bits downloaded to your home lab like a typical production environment would.
- Your VMUG Advantage account email has to be the same as the one that you use with your VMware by Broadcom certifications.
- To access your VMUG Advantage VCF or VVF entitlements go here and log in: https://support.broadcom.com/group/ecx/alpine-certificate
- After you authenticate, there’s a good chance that your session has been redirected to the Broadcom Support Portal. Past the above URL back into your browser and hit enter…
- You should have now arrived at the special VMUG Advantage portal and see the VCF Certification Production Licenses in the upper left of the screen like so:
I have already requested my licences for VCF, and thus have a badge and a cloud download button on the green highlighted boxes. If you do not see those, then you would see a blue request license button. This post assumes you already have done this.
5. In the top right of the window, you see a blue “Generate Token” button. Click it.
6. On the next screen, you should see the download token needed for the VCF Installer. Copy it.
7. Log into the VCF installer appliance.
8. Go into Depot Settings, and click ‘Configure’ on the Connect to the online depot.
9. Paste the download token and click the blue ‘Authenticate’ button.
10. Assuming your VCF Installer can reach the internet and depot, a connection will be established.
11. In this example, I want to download the Product “VMware Cloud Foundation” and Version “9.0.1.0”.
12. Select all the bits desired for download, and then click the ‘DOWNLOAD’ link.
VMware by Broadcom has made this process more difficult. All of the required bits for installation used to be included with the Cloud Builder appliance that was available for VCF 5 and older versions. Now there’s an extra step to download the bits, but I’m sure that was a feature of the required download token. More complexity.
VMware Cloud Foundation Home Lab – Part 3 (ESX Host Prep)
Blog Date: December 2025
In this post I’ll cover the basic ESX host prep needed for VMware Cloud Foundation. This post assumes that ESX 9 has already been installed. This post also assumes these are brand new hosts that have not been used for vsan before.
Configure the ESX Host basic network settings via the DCUI
- Open the DCUI of the ESX host.
- Open a console window to the host.
- Press F2 to enter the DCUI.
- Log in using the esx_root_user_password.
- Configure the network.
- Select Configure Management Network and press Enter.
- Select VLAN (Optional) and press Enter.
- Enter the VLAN ID for the ESX Management Network and press Enter.
- Select IPv4 Configuration and press Enter.
- Select Set static IPv4 address and network configuration and press the Space bar.
- Enter the IPv4 Address, Subnet Mask and Default Gateway and press Enter.
- Here I would also disable IPv6 if not in use.
- Select DNS Configuration and press Enter.
- Select Use the following DNS Server address and hostname and press the Space bar.
- Enter the Primary DNS Server, Alternate DNS Server and Hostname (FQDN) and press Enter.
- Select Custom DNS Suffixes and press Enter.
- Ensure that there are no suffixes listed and press Enter.
- Press Escape to exit and press Y to confirm the changes.
- Reboot the host.
- Repeat this procedure for all remaining hosts.
Configure the Virtual Machine port group on the standard switch
- In a web browser, log in to the ESX host using the VMware Host Client.
- Click OK to join the Customer Experience Improvement Program.
- Configure a VLAN for the VM Network port group.
- In the navigation pane, click Networking.
- Click the Port groups tab, select the VM network port group, and click Edit Settings.
- On the Edit port group – VM network page, enter the VM Management Network VLAN ID, and click Save.
- Repeat this procedure for all remaining hosts.
Configure NTP on the Host(s)
- In a web browser, log in to the ESX host using the VMware Host Client.
- Configure and start the NTP service.
- In the navigation pane, click Manage, and click the System tab.
- Click Time & date and click Edit NTP Settings.
- On the Edit NTP Settings page, select the Use Network Time Protocol (enable NTP client) radio button, and change the NTP service startup policy to Start and stop with host.
- In the NTP servers text box, enter the NTP Server FQDN or IP Address, and click Save.
- Click the Services tab, select ntpd, and click Start.
- Repeat this procedure for all remaining hosts.
Regenerate Self-Signed Certificate on ESX Hosts.
- In a web browser, log in to the ESX host using the VMware Host Client.
- In the Actions menu, click ServicesEnable Secure Shell (SSH).
- Log in to the ESX host using an SSH client such as Putty.
- Regenerate the self-signed certificate by executing the following command:
#:/sbin/generate-certificates - Reboot the ESX host.
- Log back in to the VMware Host Client and click ServicesDisable Secure Shell (SSH) from the Actions menu.
- Repeat this procedure for all remaining hosts.
I don’t know why, but every customer engagement that I have been on, these steps get overlooked. This is probably the simplest part to preparing your data center for VCF. VMware by Broadcom also has documentation with these exact steps located here: Preparing ESX Hosts for VMware Cloud Foundation or vSphere Foundation
VMware Cloud Foundation Home Lab – Part 2 (Network Topology)
Blog Date: December 2025
Below is the basic network Topology and vlan config for my new VMware Cloud Foundation home lab. For my home network, I had replaced my off the shelf consumer wifi router a few years ago, and purchased a Ubiquity EdgeRouter 12 so that I could have vlans for my VMware Home lab, that lasted me from vSphere 6 to vSphere 8.
On this router, I have defined and hung the vlans off from the built in virtual switch (192.168.X.1).
| vlan (10.0.X.1) | Description |
| 20 | iscsi storage straffic |
| 30 | Management |
| 40 | vmotion |
| 50 | vsan |
| 60 | ESX TEP |
| 70 | NSX Edge T0 Uplink01 |
| 71 | NSX Edge T0 Uplink02 |
| 80 | Replication |
As detailed in my VCF 9 Home lab BOM, I chose to go with the QNAP (QSW-M3216R-8S8T-US) Layer 2 for my TOR switch. This Layer 2 managed switch supports 10G on the standard ethernet ports and on the SFP+ ports, giving me lots of options for connectivity.
I can also mount two of them side by side in a standard 19 inch width rack offering more space save opportunities for future home lab expansion.
I have the same vlans tagged to the TOR switch
VMware Cloud Foundation Home Lab Bom – Part 2
Blog Date: October 2025
Continuing from my original blog post entitled: VMware Cloud Foundation Home Lab Bom,
I went over the mini pc components and x4 MINISFORUM MS-A2 9955HX systems. In this blog I’ll cover the rack, rack mounts for the MS-A2s, UPS, and the 10G switch.
I am quite pleased with the wiring now that I have everything tidied up, although I forgot what a PITA cage nuts are. I’ve installed a shelf at the bottom for a future migration of my old lab 2x SuperMicro boxes that will either be used to host VCF Holodeck, or perhaps I’ll use them for a dedicated workload domain backed by NFS storage. The CPUs were depreciated in ESXi 8, but they still have some life left in them. Reaching into the way back time machine, that kit was Current CaptainvOPS Homelab 2020.
For the additional rack, rack mounts for the MS-A2s, UPS, and 10G managed switch:
| QTY | Item Description | Link | Total Price |
| 1 | A Rockville RR20U 20U Rack with wheels. | Amazon.com | $189.95 |
| 2 | Rack Mount for 2 MINISFORUM MS-01 19inch 2U Dual-Mount | Amazon.com | $166 |
| 1 | QNAP 16-Port Half-Width Rackmount 10GbE Managed Network Switch (QSW-M3216R-8S8T-US) | Amazon.com | $599 |
| 1 | CyberPower CP1500PFCRM2U PFC Sinewave UPS Battery Backup and Surge Protector, 1500VA/1000W, 8 Outlets, AVR, Short Depth 2U Rackmount | Amazon.com | $358.95 |
| 1 | 10Gtek 𝟭.𝟮𝟱/𝟮.𝟱/𝟱/𝟭𝟬𝗚-𝗧 𝗦𝗙𝗣+ 𝘁𝗼 𝗥𝗝𝟰𝟱, CAT.6a Copper Transceiver, Auto-Negotiation SFP+ Ethernet Module | Amazon.com | $44.99 |
| 1 | 1U Rack Mount Cable Management Panel with Tidy Brush Slot for Cable Entry | Amazon.com | $31.59 |
| 1 | 1U Server Rack Shelf – Vented Rack Mount Cantilever Tray for 19″ Network Rack | Amazon.com | $32.99 |
| 1 | (Optional) 2U Server Rack Shelf – Universal Vented Rack Mount Cantilever Tray for 19″ Network Equipment Rack | Amazon.com | $43.86 |
Total = $1,467.33
That brings the Grand Total for this new VCF 9 Home lab to $8,409.73
Thankfully I spread these purchases out over a couple of months. I assumed this would come in around 8k, but I over shot a little. RIP to my wallet.
I have a UniFi router that’ll handle the BGP so I did not need a new one. In my next blog, I’ll go over my basic network setup for this new lab.
VMware Cloud Foundation Home Lab Bom – Part 1
Blog Date: October 2025
It’s that time to give the home lab a big refresh, and purchase new hardware for VMware Cloud Foundation sandbox. As a VMware employee, I had access to internal labs that I could quickly spin up if I needed to test something with VCF. With every software company purchase, Broadcom has spun off the majority if not all of their newly acquired Professional Services division, and VMware was no different. Now back in Partner life, I needed to reinvest in my home lab. VMware Cloud Foundation is and expensive investment for customers, and as it turns out, it is not cheap for the home lab either lol.
Taking inspiration from William Lam’s VCF 9.0 Hardware BOM for Silicon Valley VMUG, I have modeled my VCF home lab BOM in a similar way.
| QTY | Item Description | Link | Total Price |
| 4 | MINISFORUM MS-A2 AMD Ryzen™ 9 9955HX / Barebone | MINISFORUM.com | $3,516.00 + warranty $359.96 = $3,875.96 |
| 4 | 10Gtek 𝟭.𝟮𝟱/𝟮.𝟱/𝟱/𝟭𝟬𝗚-𝗧 𝗦𝗙𝗣+ 𝘁𝗼 𝗥𝗝𝟰𝟱, CAT.6a Copper Transceiver, Auto-Negotiation SFP+ Ethernet Module dual kit | Amazon.com | $152 |
| 4 | Boot Drive: Kingston KC3000 M.2 2280 512GB PCIe 4.0 x4 NVMe 3D TLC Internal Solid State Drive (SSD) SKC3000S/512G | Newegg.com | $283.36 |
| 4 | NVMe Tiering: SAMSUNG 990 EVO SSD 1TB, PCIe Gen 4×4, Gen 5×2 M.2 2280 NVMe | Amazon.com | $319.96 |
| 4 | vSAN ESA: SAMSUNG 990 EVO SSD 2TB, PCIe Gen 4×4, Gen 5×2 M.2 2280 NVMe | Amazon.com | $479.96 |
| 4 | Memory: 128GB Kit (2x64GB) DDR5 5600MHz C46 SODIMM kit | BestBuy.com | $1,831.16 |
Total = $6,942.4
Your tax and shipping costs may vary. I am still looking for 10G switch, rack, and rack mount hit for these to keep things tidy. I expect my total costs to come in under 8K USD. I’ll update this blog with the additional hardware when it comes in.
Rotating NSX-T Compute Manager Service Accounts Fails in VMware Cloud Foundation 4.x.
Blog Date: October 10, 2024
Hit a frustrating bug that I had been troubleshooting for weeks in a customer’s VMware Cloud Foundation (VCF) 4.x environment, where the SDDC manager was unable to rotate or remediate the svc-{nsxvip-vcenter-fqdn}@vsphere.local service account, that is used to connect the NSX-T to the Compute Manager (vCenter). We could successfully remediate and rotate the service account for the management domain NSX-T, but we could not rotate vi-workload domain NSX-T service account.
In the SDDC UI and operationsmanager.log, we would see an error message similar to:
“Compute manager {wld-vcenter-fqdn} with id {uuid} connection config is invalid. Edit Hostname and provide compute manager credentials.”
Come to find out, this is a known bug for the 4.x versions of VCF workload domains that use a shared NSX-T configuration. It is believed that there is an SSO passwords sync delay between vCenter Servers that causes this.
I don’t believe there’s a resolution for 4.x versions of VCF, and have not tested in 5.x versions of VCF, but here’s the work around. Are you ready?
- Log into SDDC Manager
- Go to Password management section and select service account in vCenter used by NSX-T to rotate
- Initiate the task to rotate the password
- Wait for the task to fail like in the picture below.
5. Wait 5 to 15 minutes for sync operations on vCenter to complete and then click on RETRY button. (your mileage may vary depending on vCenter activity)
6. Verify task is successful in SDDC Manager. That should do the trick. Otherwise, you might have something else going on and will need to open a ticket with support to investigate further.
On a side note, the “Last Modified” date may not change in the UI, this is another known bug. All we are looking for here is the task to complete successfully.
It doesn’t appear that this account password is stored in the SDDC manager. It is not stored in the usual way that would present the account using the lookup_passwords utility on the SDDC manager.
In my searching, I did happen to come across the following KB to Retrieve the service accounts credentials from SDDC Manager. Even though this shows the svc-{nsxvip-vcenter-fqdn}@vsphere.local service account, it does not provide the password. I digress. Hopefully the above workaround walk-through helps you.
CaptainvOPS 
You must be logged in to post a comment.