Configuring TrueSSO for VMware Horizon with Okta

In this blog post, we will cover the basic guide on how to configure Okta and VMware Horizon to provide an end-to-end single sign-on experience to the end-user. We will focus on configuring TrueSSO on our Horizon environment, which enables users not to enter Active Directory credentials when using a remote desktop or applications.

Step 1: Configure Okta App Integration

In the Okta Admin Console, navigate to Applications > Applications > Create a new App Integration. Select SAML 2.0 and press Next. Enter your App name, upload an app logo (optional), and click Next. We will configure the SAML settings later, so skip this step for now.

Step 2: Download Okta Metadata

In the Sign On page, scroll down to the SAML 2.0 section, copy the Metadata URL, and open a new browser window. Save the file as my_metadata.xml.

Step 3: Assign App to Group

Go to the Assignments tab and select Assign > Assign to Groups. Assign your Active Directory group to the Application.

Step 4: Configure Identity Bridging Settings

Login to the VMware Unified Access Gateway by entering the correct credentials. Navigate to the Identity Bridging Settings. Press the gear button next to Upload Identity Provider Metadata. Upload the Okta metadata that you downloaded in step 2. Save your settings on the Unified Access Gateway.

Step 5: Configure SAML as Authentication Method

In the Horizon Administration Console, navigate to Settings > Servers > select the Connection Server. Click Edit. Set SAML 2.0 Authenticator to Allowed, and click Manage SAML Authenticators. Click Add button to create a new SAML Authenticator. Give your SAML 2.0 Authenticator a name, in the SAML Metadata field, paste the contents from step 2 (my_metadata.xml), and enable the Enabled for Connection Server option.

Step 6: Enable TrueSSO on Horizon Environment

Since our environment leverages Horizon TrueSSO, we need to enable TrueSSO on our Horizon environment. To do so, we need to login to the VMware Connection Servers and open a Command Prompt as administrator. We need to use the following command line to list all the authenticators and their True SSO mode status:

“list authenticators -type SAML 2.0 -enabled”

Replace: with the Horizon administrator user, with the fully qualified domain name for the Horizon admin user, and with the password for the Horizon administrator.

If True SSO mode is DISABLED for the authenticator you are trying to configure, execute the following command line to enable:

“enable authenticators -type SAML 2.0 -name “

After you enable True SSO, the True SSO mode for the authenticator you are enabling displays as ENABLE_IF_NO_PASSWORD.

Step 7: Test the End-to-End Single Sign-On Experience

In my demo, I am using an IGEL Thin Client to access my Horizon environment. But you can also install the Horizon Client on a Windows or macOS client machine. When you launch a remote desktop or application, you will be redirected to the Okta login page. Enter your credentials and click Log in. You will be redirected back to the remote desktop or application without entering any additional credentials.

That’s it! By following these steps, you have successfully configured TrueSSO for VMware Horizon with Okta, providing an end-to-end single sign-on experience to your end-users.

Configuring Okta Desktop MFA for macOS with VMware Workspace ONE

In this blog post, we will explore how to configure Okta Desktop MFA for macOS using the Okta Verify app and VMware Workspace ONE. We will also show you how to deploy the app through the VMware Workspace ONE console.

Okta Desktop MFA is an extra layer of security that adds a device access code to the macOS sign-in process, ensuring that only authorized users can access their computers and data. By using Okta Verify, you can set up an offline authentication method in addition to the MFA methods you might already be familiar with.

Configuring Okta Desktop MFA in the Okta Admin Console

To configure Okta Desktop MFA for macOS, follow these steps:

1. In the Okta Admin Console, go to Settings > Account > Embedded widget sign-in support and ensure that the Interaction Code checkbox is selected.

2. Enable Direct Authentication by going to Settings > Features and enabling Direct Authentication.

3. In the Applications section of the console, click Browse App Catalog and search for Desktop MFA. Click Add integration.

4. On the Sign on tab, go to the Settings section and click Edit.

5. Select Okta username prefix from the Application username format dropdown menu.

6. Assign the app to relevant users or groups on the Assignments tab.

7. Obtain the Client ID and Client secret from the General tab, which will be generated when you create the app integration.

Preparing the Device Management Profile in VMware Workspace ONE

To deploy the Okta Verify app for macOS through VMware Workspace ONE, follow these steps:

1. Log in to your VMware Workspace ONE console and navigate to Resources > Apps.

2. Click Internal, then select Application File from the Add dropdown menu.

3. Upload the DMG file of the Okta Verify app by clicking Upload and selecting Choose File.

4. After the upload has been completed, click Continue.

5. Upload the Metadata file by clicking Upload and selecting the PLIST file from the same folder.

6. Click Save and Assign to create the device management profile.

7. Name the profile with a name of your choice.

8. In the Custom Settings Payload within the Profile, add the following custom settings:

{ “PayloadContent”: { “com.okta.deviceaccess.servicedaemon”: { “Forced”: [ { “mcx_preference_settings”: { “DMFAClientId”: “your-client-id”, “DMFAuthenticationMethod”: “your-authentication-method” } } ] } } } }

Customize the profile to your preferences or needs.

Ensure that the MDM profile has been successfully deployed to end-user devices before deploying the macOS Okta Verify package!!

Setting Up a Device Access Code

To set up a device access code on your macOS computer, follow these steps:

1. Start your macOS computer.

2. Enter your username and password.

3. Before you can access your desktop, the Okta Device Access set up screen appears. Click Continue.

4. Enter your Okta username and click Sign In.

5. A push notification is sent to your mobile device. Tap Yes, it’s me on your device to complete the sign in.

6. On your computer, click Continue to start the next phase of the process.

7. Scan the QR-Code with your Okta Verify App on your mobile device.

8. A new account in your Okta Verify App was created, called Device access code.

9. Type in the Device access code here and press Continue.

10. After successful authentication, you should see the following screen. Just press Finish and you are set.

Conclusion

In this blog post, we have explored how to configure Okta Desktop MFA for macOS using the Okta Verify app and VMware Workspace ONE. We have also shown you how to deploy the app through the VMware Workspace ONE console. By setting up a device access code, you can ensure that only authorized users can access their computers and data.

EUC TECH: Enabling Single Sign-On with Okta for macOS Devices

In this blog post, we will guide you through the process of enabling single sign-on (SSO) with Okta for your macOS devices using the Desktop Password Sync feature. This feature allows users to authenticate themselves using their Okta credentials directly from the macOS login screen, providing a seamless and passwordless authentication experience.

Getting Started with Okta Desktop Password Sync

To get started, you will need to have the Okta Verify app installed on your macOS device. You can download the app from the Okta App Store. Once installed, open the app and sign in with your Okta credentials.

Configuring the Okta Verify App

Once you have signed in to the Okta Verify app, you will need to configure the app to work with your macOS device. To do this, follow these steps:

1. Go to the Okta Admin Console and search for “Desktop Password Sync” in the Catalog.

2. Click on the “Add Integration” button next to the Desktop Password Sync app.

3. Open the Desktop Password Sync app from your Applications list to configure it.

4. On the General tab, you can edit the application label or use the default one.

5. On the Sign on tab, make note of the Client ID. You will need this when creating the managed app configuration in your Workspace ONE environment.

6. Assign the app to individual users or groups on the Assignments tab. Users must be assigned the app to use Desktop Password Sync.

Preparing the Okta Verify App for Deployment

To prepare the Okta Verify app for deployment, you will need to download the Workspace ONE Admin Assistant Tool and prepare the Okta Verify app for deployment through Workspace ONE UEM. This process is covered in detail in our previous blog post, “How to Prepare the Okta Verify App for Deployment.”

Creating the SSO Extension Profile in Workspace ONE

To create the SSO extension profile in Workspace ONE, follow these steps:

1. Navigate to the Resources > Profiles & Baselines section in your Workspace ONE console.

2. Click on the “Create Profile” button and select “Extension” from the dropdown menu.

3. Give the profile a name (e.g., “Okta Verify SSO”).

4. Select ” Okta Verify” as the identity provider.

5. Configure the profile to use the Client ID you noted earlier.

6. Click “Save” to save the profile.

Enrolling Your macOS Device into Workspace ONE

To enroll your macOS device into Workspace ONE, follow these steps:

1. Download and install the Intelligent Hub on your macOS device.

2. Open the Intelligent Hub app and navigate to the “Enroll” tab.

3. Select “Workspace ONE” as the identity provider.

4. Authenticate with your Okta credentials using the Okta Verify app.

5. Once authenticated, the Enrollment Profile will be downloaded and installed on your device.

6. Double-click on the MDM Profile to install it.

7. Enter the username and password you created for the VM local user when prompted.

8. You should see a “Congratulations” screen indicating successful enrollment.

9. The Okta Verify app should also be installed successfully.

Registration Required Dialog Box

After successful enrollment, you will see a “Registration Required” dialog box appear upon login or soon after. To complete the registration process, follow these steps:

1. Click on the “Set up” button in the dialog box.

2. Authenticate with your Okta credentials using the Okta Verify app.

3. After successful authentication, you will see a “Your identity is verified” screen.

4. Close the browser tab.

5. You can now log out and log back in using your Okta password!

Conclusion

In this blog post, we have covered the process of enabling single sign-on with Okta for macOS devices using the Desktop Password Sync feature. We have also provided a step-by-step guide on how to configure the Okta Verify app and create the SSO extension profile in Workspace ONE. With these steps, you can now provide your users with a seamless and passwordless authentication experience.

EUC Tech: Enhancing Security with Okta Identity Management for vSphere

In the ever-evolving landscape of cybersecurity, identity management and multifactor authentication (MFA) have become crucial components for organizations to ensure the safety of their data and systems. The latest release of vSphere, vSphere 8 Update 1, introduces support for cloud-based identity providers in vCenter, including the widely used Okta service. This feature allows vSphere administrators to leverage modern identity management features for enhanced security and streamlined operations.

Okta Requirements

To set up the Okta identity provider on vCenter Server, there are a few requirements that must be met:

1. Okta connectivity requirements: To use the Okta identity provider, you need to have an active Okta account with the necessary permissions to access the vSphere environment.

2. vCenter Server requirements: The vCenter Server system must be running vSphere 8 Update 1 or later versions to support the Okta identity provider.

3. Networking requirements: The network configuration must allow for communication between the vCenter Server and the Okta service.

Creating an Okta Identity Provider on vCenter Server

To create an Okta identity provider on vCenter Server, follow these steps:

1. Log in as an administrator to vCenter Server and navigate to Home > Administration > Single Sign On > Configuration.

2. Click Change Provider and select Okta from the list of available providers.

3. The Configure Main Identity Provider wizard opens. Review the requirements for Okta and vCenter Server, and click Run Prechecks to check for any errors.

4. In the Directory panel, enter the following information:

* Directory Name: Name of the local directory to create on vCenter Server that stores the users and groups pushed from Okta

* Domain Name(s): Enter the Okta domain names that contain the Okta users and groups you want to synchronize with vCenter Server. If you enter multiple domain names, specify the default domain.

5. In the User Provisioning panel, select the duration of the token lifespan, and then click Next.

6. In the OpenID Connect panel, enter the following information:

* Redirect URI: This will be filled automatically

* Identity Provider Name: This will also be filled in automatically as Okta

* Client Identifier: Obtained when you created the OpenID Connect application in Okta

* Shared Secret: Obtained when you created the OpenID Connect application in Okta

* OpenID Address: For example,

7. Click Finish to complete the configuration of the Okta identity provider.

Assigning Users and Groups to the Okta Identity Provider

To assign users and groups to the Okta identity provider, follow these steps:

1. Log in as an administrator to vSphere Client and navigate to Administration > Single Sign On > Users and Groups.

2. Click the Administrators group, and then click Edit Members.

3. Select the domain name of the Okta group you want to add from the drop-down menu (for example, internal.euc-stuff.de).

4. Select your Okta group, add it to the Administrators group, and click Save.

Benefits of Using Okta Identity Management for vSphere

Using the Okta identity provider for vSphere offers several benefits, including:

1. Enhanced security: By leveraging modern identity management features, you can improve the overall security posture of your vSphere environment.

2. Streamlined operations: With the Okta identity provider, you can easily manage users and groups across your vSphere and Okta environments.

3. Better user experience: By providing a seamless authentication process, you can improve the user experience and increase productivity.

Conclusion

In conclusion, integrating the Okta identity provider with vSphere 8 Update 1 offers numerous benefits for organizations looking to enhance their security and streamline their operations. By following the steps outlined in this guide, you can successfully set up and configure the Okta identity provider on your vSphere environment, enabling better user management and a more secure authentication process.

Integrating Okta as the Identity Provider with VMware Web Proxy for Seamless SSO Experience

In today’s digital age, enterprises are increasingly adopting cloud-based applications and services to enhance productivity and collaboration among their workforce. However, managing user identities and access becomes a critical challenge, especially when it comes to ensuring seamless Single Sign-On (SSO) experiences for users. This is where Okta and VMware Web Proxy come into the picture, offering a comprehensive solution for enterprise SSO needs. In this blog post, we will guide you through the process of integrating Okta as the Identity Provider (IdP) with VMware Web Proxy, ensuring a smooth user experience.

Before we dive into the integration process, let’s quickly recap the benefits of using Okta and VMware Web Proxy together:

1. Seamless SSO experiences for users: With Okta as the IdP and VMware Web Proxy as the Web application firewall (WAF), users can access all their cloud applications securely, without having to log in multiple times.

2. Enhanced security: The integration of Okta and VMware Web Proxy provides an additional layer of security, ensuring that only authorized users can access cloud applications.

3. Simplified management: The combination of Okta and VMware Web Proxy simplifies identity management for enterprises, enabling them to manage user identities, access, and policies from a single platform.

Now, let’s take a closer look at the integration process:

Step 1: Create an Okta Application

To begin with, we need to create an application on the Okta side. To do this, log into the Okta Admin Portal, select Applications –> Applications, and then Select Create App Integration. Choose SAML 2.0 as the protocol and click Next. In the General Settings section, create a name for the app, add a logo (optional), and ensure that the app is not displayed to users. Click Next.

Step 2: Configure Okta SAML settings

In the next step, we need to configure the SAML settings for our Okta application. To do this, navigate to the Sign On tab, scroll down to the SAML Signing Certificates, and select Actions –> View IdP metadata. Download the certificate and save it to a local folder.

Step 3: Configure VMware Web Proxy

Now, let’s configure the VMware Web Proxy settings. Log in to the SASE Orchestrator, select SD-WAN –> Cloud Web Security, and then select Configure. Toggle the Single Sign On to Enabled, select Yes, and choose Okta as the SAML Provider. Enter the SAML 2.0 Endpoint and Service Identifier (Issuer) obtained from the metadata XML file.

Step 4: Configure Domain and X.509 Certificate

In the Domain field, fill in your domain name (e.g., yourdomain.com), as this setting is used to identify enterprise users (user@domain) to send the authentication request to Okta. Now, scroll down to the X.509 Certificate section and click Add/Edit Certificate. Locate the certificate you downloaded earlier and paste it into the data field. Save the settings.

Step 5: Configure Proxy URL and SSL Termination Certificate

Finally, we need to configure the Proxy URL and SSL Termination Certificate. To do this, navigate to the Web Proxy menu, toggle Enable Web Proxy to Active, select a Cloud Web Security Policy, and save your settings. Note down the Proxy URL, as we will need it for host configuration.

Step 6: Configure Host Settings (Optional)

In an enterprise setup, we would typically roll out both the certificate and the client proxy configuration via e.g., a MDM solution. However, for demonstration purposes, we can download the SSL Termination certificate via the SSL Termination menu and import it into the Trusted Root Certificate Authorities of our clients.

Step 7: Test the Integration (Optional)

To test the integration, we can leverage Okta FastPass, which has been well-documented by Okta. We can configure the client proxy settings on our device and access our cloud applications securely using SSO.

That’s it! With these steps, you have successfully integrated Okta as the IdP with VMware Web Proxy, providing a seamless SSO experience for your users. The integration not only simplifies user management but also enhances security by ensuring that only authorized users can access cloud applications.

Integrating Okta into SD-WAN Orchestrator for Single Sign-On (SSO) with Different User Types

In this article, we will explore how to integrate Okta into the VMware SD-WAN Orchestrator for single sign-on (SSO) with different user types. We will go over the steps to set up SSO authentication in the SD-WAN Orchestrator and how to use groups claim filters to assign different roles to users based on their Okta group membership.

Step 1: Create a New Application in Okta

To start, we need to create a new application in Okta. Select OIDC – OpenID Connect as the sign-in method and Web Application as the application type. Click Next to continue. In the General Settings section, enter a name for your application and select Refresh Token for the grant type. In the Sign-in redirect URIs text box, enter the redirect URL that your SD-WAN Orchestrator application uses as the callback endpoint. You can find this one in the Global Settings, Authentication menu in your SD-WAN Orchestrator.

Step 2: Note Down Client Credentials (Client ID and Client Secret)

Next, we need to note down the Client Credentials (Client ID and Client Secret) to be used during the SSO configuration in SD-WAN Orchestrator. These credentials can be found in the Okta application you just created.

Step 3: Configure a Groups Claim Filter

Since we don’t want every user to get enterprise super admin rights, we will configure a groups claim filter. To do this, click the Sign On tab and under the OpenID Connect ID Token area, click Edit. In this setup, I am using a basic filter, but this can be adapted to the respective use cases and needs.

Step 4: Assign Groups to SD-WAN Orchestrator Application

Now we need to assign groups to our SD-WAN Orchestrator application. On the Assignments tab, from the Assign drop-down menu, select Assign to Groups or Assign to People. In my example, I have already created two Okta groups.

Step 5: Configure SD-WAN Orchestrator for SSO Authentication

We need to log in as enterprise super user with our credentials, click on the Global Settings menu in the Drop-down Menu, and then select Enterprise Settings and set up a domain name for your enterprise. This is important before enabling SSO authentication for the SD-WAN Orchestrator!

Step 6: Configure SSO Authentication for SD-WAN Orchestrator

Within the User Management menu, click on the Authentication tab, and then from the Authentication Mode drop-down menu, select Single Sign-On. From the Identity Provider Template, we select Okta. In the OIDC well-known config URL text box, enter the OpenID Connect (OIDC) configuration URL for our Okta tenant. For example, https://{your-okta-url}/.well-known/openid-configuration.

Step 7: Update and Test SSO Configuration

The SD-WAN Orchestrator application auto-populates endpoint details such as Issuer, Authorization Endpoint, Token Endpoint, and User Information Endpoint. In the Client Id and Client Secret text box, enter the client identifier provided by your Okta tenant. To determine user’s role in SD-WAN Orchestrator we will use the Use Identity Provider Roles so our groups created in Okta. Remember that we’ve created the two groups superuser and readonly in the previous section in our Okta tenant.

Step 8: Test SSO Configuration

Finally, we will update and test our configuration via this button here. You will be redirected to Okta and need to log in with your user. If everything is configured properly, you should see the following successful SSO Configuration Test message.

Real Life Example

Now let’s have a look at how this is looking like in real life. If our users are logging in with administrative rights we can configure based on Okta authentications policies and its rules additional factors for authentication. In this video, we are leveraging Okta Verify as a second factor. Within the SD-WAN Orchestrator, we can now see which users have logged in Δ.

Conclusion

In this article, we have seen how to integrate Okta into the VMware SD-WAN Orchestrator for single sign-on (SSO) with different user types. We have gone over the steps to set up SSO authentication in the SD-WAN Orchestrator and how to use groups claim Filters to assign different roles to users based on their Okta group membership. By following these steps, you can ensure secure and seamless access to your SD-WAN Orchestrator for your users.

Upgrading VMware Workspace ONE Access Connector to Version 22.09: A Step-by-Step Guide

As a part of our commitment to providing the latest features, security updates, and resolved issues, we have upgraded our VMware Workspace ONE Access connector installation to version 22.09 from 21.08. In this blog post, we will guide you through the process of upgrading your existing Workspace ONE Access connector installation to the latest version.

Supported Upgrade Paths

———————-

Before we dive into the upgrade process, it’s essential to know the supported upgrade paths. The following are the supported upgrade paths:

* 22.05-21.08.x

* 20.10.x

* 20.01.x

Upgrade Process

————–

To begin the upgrade process, download the Workspace ONE Access Connector Software from the VMware Customer Connect portal and copy the file to the server where the connector is currently installed on. Start the Workspace ONE Access Connector installer. You’ll receive a notification that an older version of the Workspace ONE Access Connector is already installed, and an upgrade will be performed. Click OK here.

The installer is backing up the old version, which may take some time. Once the backup is complete, you’ll be prompted to accept the License Agreement. Press the Next button to continue.

Important Considerations about es-config.json File

————————————————-

If you are upgrading from version 21.08.x or 22.05, and you generated an es-config.json configuration file after the Workspace ONE Access 21.08 release or September 2021 Cloud release, you do not need to generate a new es-config.json file. However, if you have made any customizations to your es-config.json file, you should make sure to backup the file before upgrading.

Upgrade Options

—————

In the Workspace ONE Access console, go to Integrations > Connectors, click New, and create a new file on the Download Configuration File page of the wizard. You can browse to the file location, paste the password, and press the Next button.

You have the option to select the Default or Custom upgrade. If you have the Kerberos Service already installed and selected it during the upgrade, you will need to paste the password for this service account.

Upgrade Summary and Installation

——————————-

Once you’ve made your selection, you’ll be presented with a summary of the upgrade. The installer starts… (and is installing one service after the other). This can take some minutes, so just relax and drink a cup of coffee.

After the installation is complete, you should receive the following message. Press Finish here and restart the Connector Server.

Verifying the Upgrade

————————

To verify that the upgrade was successful, check the Windows Services. All my installed services are up and running. As a last test, I’ve also checked the login with an Active Directory User, and everything worked fine. From my point of view, the update was successful!! Δ

Conclusion

———-

Upgrading your VMware Workspace ONE Access connector installation to version 22.09 is a straightforward process that offers the latest features, security updates, and resolved issues. By following this guide, you can ensure a successful upgrade and enjoy all the benefits of the latest version.

Here we go! Workspace ONE Access 22.09.0.0 is GA! There are many new features and improvements that can be read here.. In this blog post, I will cover the online upgrade from Workspace ONE Access 21.08.0.1 to 22.09.0.0.

Important: Although we perform an online update, the following additional steps are required!

Log in to the VMware Customer Connect portal and navigate to the VMware Workspace ONE Access (VIDM) Download page. Navigate to the update-fix.tgz section and download the file to your local client. All important steps and a short guide can be found under the “Read More” section

Let’s check the appliance version via the command line, and you see that my appliance is running on version 21.08.0.1. Then, let’s start with the update

First, we need to upload the update-fix.tgz to your Workspace ONE Access appliance! This can be easily done with a tool like WinSCP After we’ve uploaded the file, we need to extract this one. This can be done on the appliance itself via the following command:

tar -xvf update-fix.tgz

The command for this task is the following one:

chmod 755 configureupdate.hzn

The last step before the update can start is to update the permission as below:

sudo chmod 755 configureupdate.hzn

Check if an online update is available:

If yes, you can start the online update:

Workspace ONE Access will take some minutes to apply the update, and you should see the following progress screen:

After a few minutes, and if the update went fine, you should see the following output, and then you can just reboot the Workspace ONE Access appliance:

When the Workspace ONE Access appliance is up and running again, we should see the following screen:

In addition to this, we can check the version again via the command line If we now log in via the web console (https://youraccessurl.yourdomain.com), we will see the redesigned Workspace ONE Access navigation!

So happy updating and enjoy the new features and enhancements!

As I pen down my last blog post as a Technical Adoption Manager for the Healthcare Team at VMware, I am filled with a mix of emotions – sadness to leave behind a role and an organization that has taught me so much, but excitement for the new chapter that lies ahead.

Throughout my journey at VMware, I have been fortunate enough to work with some of the most talented individuals in the industry, and I am grateful for the opportunities that I have had to learn from them and grow as a professional. The experiences that I have had here have not only helped me develop my skills and knowledge but have also shaped me into the person I am today.

I have learned that the power of the community is real, and it has been a driving force in my career. The relationships that I have forged with my colleagues, both past and present, will continue to be a source of inspiration and support for me moving forward. These connections are not just limited to the technical aspects of our work but also extend to the personal and human side of things.

I am thrilled to announce that I have accepted a new role with NVIDIA as a Senior Technical Engineer for the Omniverse team. This new chapter in my career will allow me to dive deeper into AI, an area that I am passionate about and have been exploring in recent times. The learning curve ahead of me is daunting, but I am ready for the challenge and excited to contribute to NVIDIA, the Omniverse Team, our customers, and partners.

As I bid adieu to VMware, I want to thank the organization and my colleagues for providing me with a space to grow and develop as a professional. The experiences that I have had here will forever be etched in my memory, and I will always be grateful for the opportunity that was given to me.

I also want to express my heartfelt gratitude to Drew Como, who believed in me and supported me throughout this journey. Our friendship and collaboration have been a source of inspiration for me, and I am honored to call him a friend and mentor.

As I embark on this new journey with NVIDIA, I leave you with my favorite quote, “For fate has a way of charting its own course, but before one surrenders to the hands of destiny, one might consider the power of the human spirit and the force that lies in one’s own free will” – Lost: The Final Chapter.

This quote resonates with me because it highlights the importance of taking control of our lives and not simply surrendering to fate. It reminds us that we have the power to shape our own destiny, and that is a lesson that I will carry with me as I embark on this new chapter in my career.

As I move forward, I encourage everyone to remain connected with me, and I am always there to help in any way possible. Remember the power of the community, commit to it, and you will be rewarded for it in due time.

Thank you all once again for your support, and I look forward to seeing where this new journey takes me. #AI #NVIDIA #NVIDIAN #Omniverse

As an IT professional, I am always looking for ways to keep my technology up-to-date and running smoothly. Recently, I decided to update my ESXi environment from version 8.0 Update 2 build 22380479 to the latest version 8.0 Update 2b build 23305546. In this blog post, I will share the steps I took to complete this update and provide guidance for those who may be considering a similar update in their own environments.

Before we begin, please keep in mind that this guide is based on my personal home lab environment and should be used with caution. It is essential to take appropriate steps, including documentation, to ensure a successful update. Additionally, as I am not an official VMware representative, any information provided here should not be considered an official VMware support statement.

To start the update process, I first enabled SSH on my ESXi host interface. This is a crucial step, as the ESXCLI commands we will use to update the software require SSH access. To enable SSH, follow these steps:

1. Log into your ESXi host interface.

2. Right-click the ESXi Host and select Services.

3. Select Enable Secure Shell (SSH).

Once you have enabled SSH, you can proceed with logging in using your Root credentials. I use Putty as my SSH client.

Next, we will apply the necessary updates using the ESXCLI commands provided by Paul Braren in his blog post found here. The command we will use is:

esxcli software profile update -p ESXi-8.0U2b-23305546-standard -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml –no-hardware-warning

Please note that my Dell PowerEdge R720 server is not found on the VMware Compatibility List, so we need to append -no-hardware-warning to the command.

As I applied each of the lines (8 total) below one at a time, they successfully applied the workaround for the Memory Error:

esxcli network firewall ruleset set -e true -r httpClient

esxcli system settings advanced set -o /VisorFS/VisorFSPristineTardisk -i 0

cp /usr/lib/vmware/esxcli-software /usr/lib/vmware/esxcli-software.bak

sed -i ‘s/mem=300/mem=500/g’ /usr/lib/vmware/esxcli-software.bak

mv /usr/lib/vmware/esxcli-software.bak /usr/lib/vmware/esxcli-software -f

esxcli system settings advanced set -o /VisorFS/VisorFSPristineTardisk -i 1

Once the commands were successfully applied, the update process began, and I was prompted to reboot my ESXi host. To keep track of the reboot process, I used my idrac session:

If you have any questions or suggestions, please let me know. If you’re interested in anything related to VMware on my blog, please click on this link.

Thank you for reading, and happy updating!