The general availability of VMware Cloud Foundation (VCF) 9.1 marks a leap forward for the private cloud, introducing major improvements in AI readiness, cost-saving NVMe Memory Tiering, massive host scalability improvements, and other breakthroughs. Yet, as organizations look to deploy these performance optimizations, protecting the underlying infrastructure becomes paramount. That is why the new native integration between Broadcom’s VCF 9.1 and the Symantec Identity Security Platform (IDSP) is a critical identity component of this release—directly shrinking the enterprise attack surface. Let’s explore how VCF 9.1’s broad platform innovations pair with Symantec’s premier identity solution and how other VCF 9.1 identity improvements form a secure, unified hardened platform for your modern workloads.
The Evolution of Symantec IDSP Support in VCF
The integration of the Symantec Identity Security Platform (IDSP) within VMware Cloud Foundation has evolved significantly to simplify hybrid cloud access management. Historically, configuring Symantec IDSP in a standalone vSphere 8 environment required administrators to utilize generic, alternative identity provider workflows built for platforms like Okta, Ping, or Entra ID—relying on OpenID Connect (OIDC) for authentication alongside Just-In-Time (JIT) and LDAP for user and group provisioning. This proxy setup continued with VCF 9.0, where deployments still had to be routed through standard Ping, Okta, Entra, or ADFS workflows.
With the release of VMware Cloud Foundation (VCF) 9.1, this process is simpler. Administrators can now select “Symantec IDSP” as a native, dedicated option directly from the identity configuration menu within VCF Operations to instantly enable native VCF Single Sign-On (SSO) authentication. This transition from a generic workaround to a native integration brings several critical performance and security benefits to enterprise environments.
Figure 1. In VCF 9.1, when configuring an identity provider within VCF Operations, a user can now select Symantec IDSP.
Symantec IDSP Capabilities That Help Secure VCF Infrastructure
When deploying VCF, it is important to understand the key characteristics of IdPs. A secure identity provider brings several critical capabilities to the table:
- Robust Security & MFA: It goes beyond simple passwords by supporting Multi-Factor Authentication (MFA) and phishing-resistant methods like Passkeys (leveraging FIDO2/WebAuthn).
- Support for Open Standards: A high-quality provider uses standard protocols like SAML, OAuth 2.0, and OpenID Connect (OIDC) to ensure it can integrate seamlessly with a wide range of applications and platforms.
- Scalability & High Availability: It handles traffic spikes (like seasonal shopping events) without performance drops and offers high uptime guarantees through distributed architecture across multiple regions.
- Adaptive Authentication: The best providers use adaptive risk assessments to dynamically adjust security requirements based on factors like user location, device health, and login behavior.
- Strengthened Compliance: A secure provider applies and manages compliance controls consistently across the infrastructure.
- Secure Remote Work: Protects critical enterprise assets wherever they live and from wherever they are accessed.
- Data and Threat Protection Everywhere: Unifies intelligence across control points to detect, block, and remediate targeted attacks.
VCF 9.1 also introduces standardized VCF-level roles to facilitate seamless authorization following VCF-level authentication. Organizations may utilize pre-configured roles or develop bespoke, customized roles to assign to users and groups, thereby enabling granular Role-Based Access Control (RBAC) across various VCF components. This centralized approach drastically reduces the operational complexity of managing permissions across infrastructure silos while enforcing a strict principle of least privilege.
Figure 2. VCF 9.1 supports VCF-level roles, which provides authorization per component.
APIs
VCF 9.1 addresses the common challenge of workflow automation via APIs. The platform now supports the generation of OAuth 2.0 standard-based API tokens for both human users and API clients, which can be exchanged for bearer tokens to facilitate secure, short-lived access management. Instead of using long-lived, higher risk service account passwords in your automation scripts, this VCF 9.1 capability avoids the blast radius of a compromised credential.
Figure 3. VCF 9.1 supports standards based programmatic API access across the private cloud components.
With the rollout of VMware Cloud Foundation 9.1, organizations can confidently deploy enterprise-grade identity features across their entire infrastructure. By combining Broadcom’s VCF 9.1 and the Symantec Identity Security Platform, IT teams can utilize native integration, standardized roles, and modern API security to treat identity as a unified perimeter rather than a fragmented checklist of tasks. This can improve security policies, improve operations which will reduce the potential attack surface. By bridging the gap between infrastructure operations and robust access control, your organization can help reduce threats and the blast radius of compromised credentials without slowing down business projects.
Ready to secure your private cloud? Visit the Broadcom Identity and Access Management page and the VCF 9.1 Launch page.
Acknowledgements
Special thanks for contributions to this blog:
Anant Kadam and Rob Lindberg
For information on VCF 9.1 Identity and Access Management, including Single Sign-On implementation, visit the VMware Cloud Foundation documentation.
Discover more from VMware Cloud Foundation (VCF) Blog
Subscribe to get the latest posts sent to your email.
