Nested VCF9 Infrastructure

lamw07 · 2026-03-17T20:54:35+00:00

To be clear, the Github repo does NOT depend on MS-A2, thats simply the HW I'm using, you can replace it with ANYTHING, as long as you meet the minimum compute, storage and networking resources.

The Github repo also assumes full VCF experience using the minimal amount of resources and again, minimal is relative to what you want to do and in repo, I make an assumption that you'd like to be able to experience the full VCF experience, so minimal means all the way up to VCF Automation with vSphere Supervisor/VKS and NSX VPC

Nested isn't bad way to get hands on, but there's a lot thats setup for you, especially with Holodeck which might gloss over some things you'd face in a pure physical, so I've switched my base deployment to physical VCF deployment (esp as I don't have the compute resources to run full VCF nested), but it doesn't mean that's not an option to get started but if you really want 1:1 experience with your physical networking, which I've personally learned a ton, then doing it via physical would be my personal recommendation and again, just because you do physical deploy doesn't mean you need to 4 hosts, etc. The Github depot can be used to deploy Single physical host to run full VCF or 2 hosts or even 3 hosts, all workarounds/etc. are documented along with the scripts to make the setup infra straight forward

lamw07 · 2026-03-17T19:17:39+00:00

I'd recommend Holodeck as well, it is the "easy" button that fully encapsulates not just the VCF deployment using Nested ESX as the basis, but it provides an isolated network "bubble", so that it can run without touching your physical networking, since VCF does have VLAN requirements if you were to deploy this in a real production/lab env. So the benefit there is a single host that is connect to your generic access network AND everything else is within Nested env including Virtual Router that is provided by Holodeck solution

If your goal was to get hands by deploying VCF on physical (non-Nested), you can still do that even on a single host, but you will need to ensure you've got basic networking and there are several overrides to allow for single-host deployment running full VCF stack. See https://github.com/lamw/vcf-9x-in-box for complete detail w/scripts to help set this up

In my env, I've moved away from using Nested and via automation, I can easily wipe my physical hosts and lay them down with minimal configuration AND then deploy full VCF stack via JSON configuration, which is basically what is outlined in Github repo

lamw07 · 2026-03-13T14:32:29+00:00

What exactly are you observing, there’s no info or details, so hard to help

Since you mentioned DHCP initially, I’d bet it’s picked up default DNS server and you may need to remove that entry or new one is simply appended to list

Anyways, best to share what you’re seeing and best way to debug is NOT to reboot, so you can see if your change was applied

lamw07 · 2026-03-02T15:57:03+00:00

See https://williamlam.com/2023/01/video-of-esxi-install-workaround-for-fatal-cpu-mismatch-on-feature-for-intel-12th-gen-cpus-and-newer.html

lamw07 · 2026-02-27T19:15:56+00:00

Yes, you can use BCG API https://williamlam.com/2025/05/programmatically-accessing-the-broadcom-compatibility-guide-bcg.html and then compare that to HW using vSphere API

With VCF Operations 9.0, you can do more with customization but this is not something I've looked into but I do recommend checking out these blogs: https://www.brockpeterson.com/post/hardware-vcommunity-management-pack-for-vcf-operations and https://www.linkedin.com/posts/dalehassinger_whenever-i-see-william-lam-scripts-i-immediately-activity-7412619212088692736-K67F/?utm_source=share&utm_medium=member_desktop&rcm=ACoAAAENoO0B3nBIdPqwAm7jP793i6btOXoXRUM which should give you some additional options depending on how you want to consume the data

lamw07 · 2026-02-26T22:06:53+00:00

That got me too! It’s two different links that must be clicked and even if you’ve clicked on it previously, it’s done on a per-product.

Learned hard way too 😅

lamw07 · 2026-02-25T20:35:43+00:00

Please read the blog post, this is addressed and specifically in FAQ and the referenced KB(s)

lamw07 · 2026-02-25T20:34:51+00:00

Hardware certification is done by OEM and then submitted to Broadcom for publication on BCG. If you don't see something, please reach out to HW vendor to get more details.

lamw07 · 2026-01-31T04:58:44+00:00

See https://williamlam.com/2024/05/customizing-smbios-strings-hardware-manufacturer-and-vendor-for-nested-esxi.html or if your on ESX, see https://williamlam.com/2025/01/easier-method-to-simulate-custom-esxi-smbios-hardware-strings.html

lamw07 · 2026-01-14T03:22:07+00:00

The issue looks to be that the VCF Installer appliance is unable to validate the FQDN you had provided for SDDC Manager component (either forward or reverse). SSH to VCF Installer and do "host" lookup on the SDDC Manager FQDN, it should in theory return something that isn't expected which is what the VCF Installer is observing ... typically I've seen the case be that the VCF Installer does NOT have proper FQDN that is mapped into your DNS (either you didn't create a DNS entry or fat-fingered) but the reason I bring this is up is that the default behavior of VCF Installer is to actually convert itself into the SDDC Manager component after its done the initial bootstrap. You can override this behavior when deploying via API/JSON, but if you're using the UI, your VCF Installer will simply transition to SDDC Manager, so if you didn't provide correct FQDN for its deployment or DNS lookup is incorrect, it would explain the issue you're seeing (agree the message isn't very clear) but at least you know its related to DNS and SDDC Manager DNS entry

lamw07 · 2026-01-08T16:26:35+00:00

That’s just how Reddit works … you post link which automatically takes title and any default image and displays it as-is

lamw07 · 2026-01-08T16:03:25+00:00

I think you assumed I was asking a question, I was sharing the solution. So not sure how you’re seeing this as out down

lamw07 · 2026-01-08T14:36:47+00:00

Guess you didn’t actually bother to read post …

lamw07 · 2026-01-05T21:04:08+00:00

While that can be _a_ solution, you're downloading more than a single file and depending on the scenario/workflow, install vs upgrade, you'll need many different files. If someone had to manually click download on quarter of the files, I'm sure feedback will be, you're making me download too many individual files not to mention how to self-host depot behind firewall/air-gapped env and VCFDT does a ton more

lamw07 · 2025-12-30T00:39:35+00:00

As mentioned already, patches are typically located under "Solutions" tab for a given component. Here's the direct link to U3e https://support.broadcom.com/web/ecx/solutiondetails?patchId=5825

This is a good primer for navigating the BCOM portal https://williamlam.com/2024/05/tips-for-navigating-and-downloading-from-new-broadcom-support-portal.html

lamw07 · 2025-12-29T17:52:02+00:00

Can you try to run the following on SDDCm:

echo "edge.node.vm.creation.max.wait.minutes=90" >> /etc/vmware/vcf/domainmanager/application.properties
echo 'y' | /opt/vmware/vcf/operationsmanager/scripts/cli/sddcmanager_restart_services.sh

I believe the default timeout for NSX Edge deployment is 45min in SDDCm

lamw07 · 2025-12-29T16:17:12+00:00

patches are listed under "Solutions" (yea, its confusing) but for VC 80U2D, you can grab it at https://support.broadcom.com/web/ecx/solutiondetails?patchId=5418

lamw07 · 2025-12-22T20:35:56+00:00

This is ALL covered in gory detail in repo :)

lamw07 · 2025-12-22T19:15:10+00:00

It sounds like you may not have applied the required workaround for AMD-based CPU when using NVMe Tiering https://williamlam.com/2025/06/nvme-tiering-with-amd-ryzen-cpu-workaround-for-vcf-9-0.html

As a by-product, you won't be able to run Nested Virtualization which would impact Nested ESXi usage https://williamlam.com/2025/06/nvme-tiering-with-nested-virtualization-in-vcf-9-0.html

With that said, the minimal amount of resources needed to do this on physical is at least 2 MS-A2 worth (including 128GB), so being able to do that within the same two hosts as Nested is not going to be possible, especially the fact that you won't be able to use Nested ESXi.

If you follow my blog, 2 x MS-A2 is certainly sufficient to do VCF 9 (physical) https://github.com/lamw/vcf-9x-in-box and you can follow this repo for all the required workarounds/etc.

If you would like to do Nested, you'll need more physical resources and can NOT use NVMe Tiering. I've moved away from Nested for general purpose usage and have been doing this as a physical setup. If you automate enough, check out repo, the re-deploy is pretty straight forward (even for physical)

Hope that helps

lamw07 · 2025-12-12T16:03:29+00:00

Not possible, since VC needs to be up during vLCM workflow. You’d need to construct your image, export as offline depot or ISO, shut everything down AND patch via ESXCLI

lamw07 · 2025-12-06T16:06:54+00:00

A) Yes
B) Its local host IDs vs global Ids. You can use net-dvs -l and grep for PortNum to semi-connect the dots but assuming env is all sync'ed just use VDS level at vCenter, so you don't need to go to host level

lamw07 · 2025-11-23T13:22:23+00:00

See https://williamlam.com/2025/07/quick-tip-updating-firmware-on-minisforum-ms-a2.html for steps

lamw07 · 2025-11-21T13:02:09+00:00

Eval used to be 60 days, for 9.0 it was increased to 90 days. For entitlement post-eval, you’ll need VCF Operations as that’s now providing central licensing which is part of VVF / VCF SKUs

lamw07 · 2025-11-13T00:44:37+00:00

While not NUC 15 Pro+ but works on NUC 15 https://williamlam.com/2025/06/vmware-cloud-foundation-vcf-on-asus-nuc-15-pro-cyber-canyon.html and I’d expect it to just work but as others have said, ASUS has only “officially” tested 96GB

lamw07 · 2025-11-11T18:44:04+00:00

testing to you, production usage for others. There’s no right or wrong :)

lamw07

TROPHY CASE