VMware Cloud Foundation 4.5 is GA!

Amongst several bug fixes, there are a couple of new or improved features. I’ll list them below.


There’s now support for tags! This allows us to use the existing tag platform that already exists in vCenter. We can assign and remove tags on hosts, clusters and workload domains from SDDC Manager.

To create new tags or tag categories you will have to use the vSphere Tag Management in vCenter. There’s realtime synchronization of tags with vCenter.

Assigned hosts and cluster tags will be propagated to vCenter. Unassigned hosts and domain tags are only visible in SDDC Manager.

All workflows that add host(s) to vCenter (Create VI WLD, Create Cluster and Expand Cluster) will automatically migrate existing tag associations on unassigned hosts to vCenter.
Likewise if a host is removed from vCenter, the tag associations will be migrated from vCenter to SDDC Manager.

The tag feature is automatically enabled in VCF 4.5.
For environments that are upgraded to VCF 4.5, existing tags in vCenter will be automatically displayed in SDDC Manager once the WLD vCenter is upgraded.

The VCF Tag service is part of the commonsvcs service in SDDC Manager and the corresponding log file is /var/log/vmware/vcf/commonsvcs/vcf-commonsvcs.log

VCF 4.5 Tags

Password and Certificate Expiration Warnings

The UI will now display a warning when there are passwords expiring (14 days threshold) or certificates (30 days).

As shown in the screenshot, there are 2 passwords expiring within 14 days (ESXi root and a vCenter account). We can easily rotate all passwords that are due to expire in 14 days by clicking the rotate all button.

A disconnected password means that the password has already expired, or that the expiration cannot be polled.

VCF 4.5 Password Expiration Warning

For certificates, a warning will be displayed in the UI if there are any certificates expiring in the next 30 days. In the picture below we can see that there are 4 certificates expiring within 30 days. If we navigate to the Workload Domains view we can see which domains are affected.

VCF 4.5 Certificate Expiration Warning

Scale Improvements
No longer do we have to wait for deployment locks to clear.

  • Parallel Host Commissioning
  • Parallel Host Decommissioning
  • Parallel Add Host
  • Parallel Remove Host
  • Parallel Cluster Creation

10 Host commissioning/decommissioning workflows can run in parallel (up to a maximum of 40 hosts per workflow).
Expand/shrink cluster is limited to 10 existing clusters at the same time.
You can now also create 7 clusters in parallel.

Proxy configuration in the UI!
No longer do you have to mess around with /opt/vmware/vcf/lcm/lcm-app/conf/application-prod.properties
You can now configure the proxy directly in the UI. Note that it does not support proxy authentication.

VCF 4.5 Proxy Configuration

AD FS as an Identity Provider in SDDC Manager

By default, VMware Cloud Foundation uses vCenter Single Sign-On as its identity provider and the system domain (for example, vsphere.local) as its identity source. 

In VCF 4.5, we can now use Active Directory Federation Services (AD FS) as an external Identity Provider, instead of vCenter Single Sign-On.
In this configuration, the external identity provider interacts with the identity source on behalf of vCenter Server.

Upgrading to VCF 4.5

The sequence for the upgrade remains unchanged from previous releases → 

  1. SDDC Manager and VMware Cloud Foundation services.
  2. vRealize Suite Lifecycle Manager, vRealize Suite products, and Workspace ONE Access.
  3. NSX-T upgrade, VC and ESXi upgrade of Management Domain
  4. NSX-T upgrade, VC and ESXi upgrade of all the workload domains.  

You can perform a sequential or skip-level upgrade to VMware Cloud Foundation 4.5 from VMware Cloud Foundation 4.2 or later. 

What’s New

  • Improvements to using VCF at scale:  Users can now add clusters in parallel and add/remove and commission/decommission hosts at scale.

  • Improvements to upgrade prechecks: Upgrade prechecks have been expanded to verify license and NSX-T edge cluster password validation, file permissions checks, password and certification rotation failed workflows validation, and also noisy vSAN health checks can be silenced.

  • Operational improvements: Users can now rename clusters and apply user-defined tags to objects.  

  • SDDC Manager Onboarding Workflow: The SDDC Manager UI provides an easy, wizard-like interface for new users to configure their VCF deployment.

  • Storage improvements: With HCI Mesh, a cluster can mount a remote vSAN datastore that has been configured with another cluster (two or more clusters can share the same vSAN datastore).

  • Accessibility improvements: This release resolves critical accessibility issues to provide a fully accessible interface.

  • Migration enablement: This release introduces support for Mixed Mode migrations and supports new topologies for migration from VCF 3.x through 4.x.

  • BOM updates: Updated Bill of Materials with new product versions

For VxRail:

  • VxRail UI improvements: The UI for VxRail domain manager workflows is brought up to the level of vSAN Ready Nodes.

Cloud Foundation Bill of Materials (BOM)

Software ComponentVersionDateBuild Number
Cloud Builder VM4.511 OCT 202220612863
SDDC Manager4.511 OCT 202220612863
VMware vCenter Server Appliance7.0 Update 3h13 SEP 202220395099
VMware ESXi7.0 Update 3g01 SEP 202220328353
VMware Virtual SAN Witness Appliance7.0 Update 3c27 JAN 202219193900
VMware NSX-T Data Center3.2.1.204 OCT 202220541212
VMware vRealize Suite Lifecycle Manager8.8.212 JUL 202220080494
VxRail Manager*7.0.40011 OCT 2022n/a

*VxRail Manager only applies to VMware Cloud Foundation on VxRail