Notes: Although the notes from the session are not lengthy, the impact of this announcement cannot be understated. VMware has finally brought to the table slimplifed VCSA (and later ESXi) certificate management. I can't wait for the future betas to try out these new features.
New APIs for Cert management
Intuitive UI to manage certs
Reduce total number of certs - Machine SSL certificate. No more solution users certificates.
Address known cert issues
​Certificate API story: Rest API with PowerShell coming
​Currently the VCSA is in scope for this simplication, with ESXi hosts coming later.
vSphere Identity Federation
Federated authentication: AuthN, Authz
Major Identity Providers: Microsoft AD, AAD, Ping, Okta, vIDM
SSO, MFA
Local accounts: For bootstrap and failsafe scenarios
Very long term goal: Total removal of passwords for authentication. But that will be a long road and passwords will be supported for at least the next two major vSphere versions.
vCenter will NOT see your credentials. vSphere client will redirect you to the enterprise authentication portal.
​
​
