We now have a new authentication solution for VCF: the Identity Broker. It is designed to serve as the central authentication point for all VCF components and introduces enhanced capabilities, including integration with modern identity providers.

We have 2 deployment modes available:
1: Integrated with Management Domain vCenter.
This is recommended for smaller environments. The Identity broker runs as a container on the vCenter server and does not need to be separately maintained.
2: External Appliance
This mode provides a 3 node cluster with HA, hosted in the Management Domain.

First we need to deploy the cluster, then we can configure the certificates and configure SSO.

Browse to Fleet Management / Lifecycle

This will now start to look like an Aria Suite Lifecycle environment deploy – that functionality is now rolled into the “Fleet Management” appliance which is deployed during the initial build.

We’ll deploy with a self-signed certificate first, then we can replace that with CA Signed – I’ll show this process in another post.

Fill your network details on the next page:

Now configure the Broker IP Components:

We are not using additional VIPs in this deployment. We have to specify at least 4 IPs in the Cluster Node IP Pool (3 Node Cluster + 1 IP for rolling upgrades).

Once we click through, we can validate our selections and start the deployment.

Once the deployment completes we can replace the self-signed certificates with CA signed, and configure SSO in VCF.

Next step is in VCF operations:

Click start

choose identity broker appliance