惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

罗磊的独立博客
Forbes - Security
Forbes - Security
Blog — PlanetScale
Blog — PlanetScale
P
Proofpoint News Feed
Apple Machine Learning Research
Apple Machine Learning Research
Google DeepMind News
Google DeepMind News
MyScale Blog
MyScale Blog
GbyAI
GbyAI
B
Blog RSS Feed
S
SegmentFault 最新的问题
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
小众软件
小众软件
The Last Watchdog
The Last Watchdog
W
WeLiveSecurity
Webroot Blog
Webroot Blog
S
Security @ Cisco Blogs
Hugging Face - Blog
Hugging Face - Blog
Microsoft Security Blog
Microsoft Security Blog
月光博客
月光博客
博客园 - 聂微东
F
Fortinet All Blogs
H
Hacker News: Front Page
A
About on SuperTechFans
Application and Cybersecurity Blog
Application and Cybersecurity Blog
C
Check Point Blog
V
V2EX
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Y
Y Combinator Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
N
News | PayPal Newsroom
Cisco Talos Blog
Cisco Talos Blog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
The Cloudflare Blog
P
Privacy & Cybersecurity Law Blog
N
Netflix TechBlog - Medium
C
CXSECURITY Database RSS Feed - CXSecurity.com
Recorded Future
Recorded Future
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Google DeepMind News
Google DeepMind News
大猫的无限游戏
大猫的无限游戏
美团技术团队
Security Latest
Security Latest
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
I
InfoQ
Recent Announcements
Recent Announcements
The GitHub Blog
The GitHub Blog
Google Online Security Blog
Google Online Security Blog
T
The Exploit Database - CXSecurity.com

VMware Blogs

Diagnostics for VMware Cloud Foundation (VCF) 9.1 with Old Versions of VCF Components Mastering Infrastructure Policies in VMware Cloud Foundation Automation 9.1 Modernizing the Private Cloud: Why VCF 9.1 Lifecycle Management is a Game Changer Announcing the VMware Cloud Foundation 9.1 Upgrade Planning Tool VCF Breakroom Chats Episode 86 – Containers Made Easy: The New “Container-as-a-Service” in VCF 9.1 Securing Your VCF 9.1 Infrastructure with the Symantec Identity Security Platform Virtually Speaking: The AI Reality Check with Dave Linthicum Zero Touch Provisioning: Activating Edge Sites with VMware Cloud Foundation Edge 9.1 VCF Breakroom Chats Episode 85 – Cloning Success at Scale: Inside VCF 9.1’s App Stack Formation VMware Cloud on AWS の使用状況を確認できる API Unlocking the Full Potential of Programmable Infrastructure with VMware Cloud Foundation 9.1 – New Features and Capabilities Smarter Patching at Scale: Vulnerability Assessment and Remediation with VMware Tanzu Platform Encrypted vMotion Offload to Intel QAT in VMware Cloud Foundation 9.1 Deepen Your Expertise: Four Key Benefits of Attending Increase Deployment Flexibility with VCF Edge Automation 1.0.3 Avi Advantage: Automating Certificate Management of VCF Workloads More Memory, Less Effort: Configuring Memory Tiering in VCF 9.1 VCF 9.1 Licensing: Programmatic, Centralized, and Built to Scale Why APJ Networking Professionals Need Private Cloud Expertise VCF 9.1 Networking: Simpler VPC Connectivity Control VCF 9.1 Networking: Exploring Network Services for Virtual Private Clouds VCF Networking 9.1: Seamless DDI Integration with Infoblox The Open Source Advantage: Building from Source for Ultimate Security Expand Shared VMDKs with Clustered Applications in VMware vSAN for VCF 9.1 Monetizing Zero-Trust Security with VCF 9.1 and VMware vDefend VMware vSAN Protection and Recovery Enhancements for VCF 9.1 Deliver Production SQL Server DBaaS with VMware Data Services Manager 9.1 Maximizing Profitability: VCF 9.1 Cost-Focused Approach for VMware Cloud Service Providers Modernizing Your Infrastructure: Introducing VMware Cloud Foundation 9.1 to VCSPs VCF 9.1 is Available: Explore the New Features in Hands-on Labs What’s New with vSphere in VMware Cloud Foundation 9.1? Resizing VMware vCenter in VMware Cloud Foundation 9 Non-Disruptive VMware vCenter Patching in VMware Cloud Foundation 9.1 VMware vCenter Virtual Hardware Gets an Upgrade in vSphere with VCF 9.1 AI Has Changed the Threat Landscape. Is Your Infrastructure Ready? Simplifying Storage with the New Effective Capacity View in VMware vSAN for VCF 9.1 Auto-RAID in VMware vSAN for VCF 9.1 – Comprehensive System-Managed Data Resilience Introducing VMmark 4.1: Enhanced Power Efficiency Benchmarking for Private Cloud Infrastructure Advanced Memory Tiering Enhancements in VMware Cloud Foundation 9.1 VCF 9.1 Is Here. See It in Action. 博通發布 VMware Cloud Foundation 9.1 How Broadcom Is Helping Enterprises Win the AI Security Sprint How to Prepare for the World of AI Driven Exploits Avi Innovations for VCF 9.1: Powering Kubernetes, Agentic AI and VPC Workloads VCF 9.1: The Secure, Cost-Effective Private Cloud Platform for Production AI Announcing VCF 9.1: Modern Private Cloud Built for Efficiency and Resilience Announcing VMware Cloud Foundation Edge 9.1: A Scalable, Autonomous Edge Platform Accelerate, Streamline, and Control Your Self-Service Private Cloud with VMware Cloud Foundation 9.1 Deploy Modern Apps Faster, Scale Smarter, and Lower Your TCO with VMware vSphere Kubernetes Service in VCF 9.1 Scale Smarter, Save More: Redefining Infrastructure Economics with VMware vSphere in VCF 9.1 AI with VCF 9.1 on AMD GPUs: Build with open frameworks and simplify management, at a lower TCO Streamline, Simplify and Protect all your AI workloads with VCF 9.1 Simplify Workload Connectivity and Enhance Network Scale and Performance with VCF 9.1 VMware and CrowdStrike Deliver New Integration for Cyber Recovery Workflows How Many Users Can Your LLM Server Really Handle? From Infrastructure to Agents: A Hands-On Guide to Secure Private AI with Broadcom – Part 2 The New Frontier: Leading the Cloud-Native Evolution Replicating VMware vSphere Configuration Profile Desired State Webinar Recap: Design and Architecture Considerations for VMware vSphere Kubernetes Service on VMware Cloud Foundation Kubernetes 1.36: What Actually Changed for Enterprise Platforms Enhance Lateral Security and Ingress Load Balancing for Kubernetes Workloads Avi Load Balancer Analytics: Root Cause Application Performance Issues in Minutes Analyst Insight Series #3: Policy-Driven Governance and Multi-Tenant Control Post-Quantum Readiness on VMware Cloud Foundation Registration Is Live for Las Vegas | $ave with Early-Bird May 21, 2026: What’s New in VMware Tanzu Data Intelligence 10.4 From Infrastructure to Agents: A Hands-On Guide to Secure Private AI with Broadcom – Part 1 Stop Guessing: Advanced Monitoring and Troubleshooting for Data Services CPU, Disk, Network, and Memory Workload Profiles for DVD Store Database Testing How VMware Salt Automates Compliance Across Private Cloud Analyst Insight Series #2: Operational Scalability and Lifecycle Management MCP vs. APIs: Why You Need Both for AI Applications The Real Constraint on Enterprise AI isn’t GPUs; It’s Power Deploying Harbor Service in Air-Gapped VMware Cloud Foundation 9.0 Why Enhanced DirectPath Wins for High-Performance Apps Observability on VMware vSphere Kubernetes Service VMware Cloud on AWS: Introducing the Usage Report APIs Converging VMware vSphere to VMware Cloud Foundation 9.0: The Top 10 Questions Answered May 6, 2026: What’s New in Tanzu Platform 10.4: Powering Agentic Apps at Scale VMware Tanzu RabbitMQ Powers the Modern Data Lakehouse with New Spark Integration and Enterprise Tooling Tanzu Data Intelligence 10.4 Delivers AI-Driven Analytics, Unified Real-Time Operations, and Sovereign Resilience Enterprise-Ready Agents Made Simple & Safe with VMware Tanzu Platform Agent Foundations Introducing Tanzu Platform 10.4: Extending Platform as a Service to Agentic Applications How AI-Assisted Analytics in Tanzu Data Intelligence Can Help Remove the SQL Bottleneck From Prototype to Production: Securing Database MCP at Enterprise Scale The Compelling Case for a Private Cloud Data Intelligence Platform The Unification Dividend: Consolidating Database Operations on VMware Cloud Foundation The Modern Spring Workflow Is Enterprise-Ready and AI-Boosted [TAM Blog] セキュアブート証明書の有効期限切れに関する注意点と対応について Accelerate Lateral Security and Ingress Load Balancing for Kubernetes Workloads From Platform to Data: Building a Cloud-Native Developer Experience On-Prem with VMware Cloud Foundation How VMware Cloud Foundation (VCF) Training Helps Keep Top Tech Talent in APJ Build Your Case for Attending VMware Explore 2026 Spring 開発元が提供する商用サポート「VMware Tanzu® Spring Essentials」とは VMware Cloud on AWS より i7i.metal-24xl インスタンスの提供開始 VMware Advanced Memory Tiering Tips for Success VMware Cloud Foundation Edge 9.0: Two-Host Edge Site Deployment with Brownfield Import Your Database Is About to Become an AI Tool. Is It Ready? Applying GitOps Principles to Maintain Desired State Configuration using VMware vSphere Configuration Profile – Part 3 Webinar Recap: Converging VMware vSphere to VMware Cloud Foundation 9.0
Bridging the (.Local) Gap: A Split-Domain Design for VMware Cloud Foundation Deployment
vmwareblogs · 2026-04-17 · via VMware Blogs

In the ever-evolving landscape of private cloud, technical debt often hides in the most fundamental places, like your DNS naming convention. For many years, .local was the go-to Top-Level Domain (TLD) for internal Active Directory environments.

However, as per RFC 6762, .local is now officially reserved for Multicast DNS (mDNS) and is no longer recommended for unicast DNS in enterprise environments. As we evolve VMware Cloud Foundation (VCF), we are implementing stricter guardrails to align with these global standards, encouraging a shift toward valid, routable, or non-conflicting TLDs.

The Challenge: The Hardening of VCF

-5As part of our commitment to platform security and stability, we have begun “hardening” the VCF stack. This means that several modern components are losing support for .local TLDs to prevent resolution conflicts and security vulnerabilities.z

Where .local is no longer supported:

  • VCF Identity Broker (VIDB): The modern authentication backbone for VCF 9.x.
  • VCF Automation: Modern cloud management capabilities
  • vSphere Supervisor: Essential for Kubernetes consumption and modern application delivery

Where .local is still supported (for now):

To provide a transition window, core infrastructure components still allow .local configuration:

  • VCF Operations
  • vCenter Server
  • VCF Networking (NSX)
  • SDDC Manager

Design Scenario: The Transition Strategy

We understand that migrating an entire enterprise’s DNS infrastructure is not an overnight task. If your core VCF components (vCenter, NSX, SDDC Manager) are already tied to a .local domain and you aren’t ready for a full-scale rename, you need a hybrid DNS design to consume modern VCF services.

To bridge the gap, we recommend a “Transition Zone” approach. While your core management components stay on .local, you must introduce a standard-compliant TLD (e.g., corp.vcf.com or vcf.internal or Green.NET) for the modern services you wish to deploy.

The proposed design addresses the challenge of modernizing a VMware Cloud Foundation (VCF) environment that still relies on a legacy .local Top-Level Domain (TLD). Because modern components are increasingly “hardened” against the use of .local due to RFC standards, this design implements a split-domain architecture to bridge the gap between legacy core infrastructure and modern consumption services.

Split-Domain Architecture

The design divides the environment into two distinct logical zones based on their technical requirements and supportability:

  • Legacy Infrastructure Zone (Blue.LOCAL): This zone serves the core VCF infrastructure components that still support .local for backward compatibility.
    • vCenter Server: vCenter.Blue.local
    • VCF Operations: ops.Blue.local
    • NSX Manager: nsx.Blue.local
  • Modern Consumption Zone (Green.NET): This zone utilizes an RFC-compliant TLD for newer services where .local is strictly unsupported.
    • VCF Automation (VCFA): VCFA.green.net
    • Supervisor / VMware vSphere Kubernetes Service (VKS): sup.green.net or vks.green.net
    • VCF Identity Broker (VIDB): vidb.green.net

Implementation Options for Interoperability

To allow these two zones to communicate and function as a unified platform, the design proposes two primary integration methods:

FeatureOption 1: Forest TrustOption 2: Distinct Domains
ConnectivityEstablishes a Two-Way Forest Trust between Blue.LOCAL and Green.NET.Maintains domains as completely Distinct Entities.
DNS StrategyShared identity and DNS records across the forest.Utilizes DNS Forwarding to resolve queries between the two domains.

Critical Configuration Requirements

To ensure successful deployment and Single Sign-On (SSO) functionality, the following configuration guardrails must be followed:

  • Identity Provider (IdP) Alignment: The SSO configuration must recognize both Green.NET and Blue.local as valid Identity Providers to allow users from either domain to access the platform.
  • Search Domains: While deploying components, it is mandatory to configure both Green.NET and Blue.LOCAL in the DNS search domain list. This ensures that services in the modern zone can correctly locate and communicate with the legacy core infrastructure.

Implementation Steps

  1. Maintain the Core: Keep your existing VCF Operations, vCenter, NSX and SDDC Manager on the .local domain to avoid disruptive renames.
  2. Establish a New Domain: Create a new, RFC-compliant DNS domain (such as .net or .internal) in your environment.
  3. Deploy Modern Services to the New Zone: When deploying VIDB, VCF Automation or vSphere Supervisor, use the new FQDNs.
  4. Cross-Zone Resolution: Ensure that your DNS servers can resolve both the legacy .local zone and the new modern zone to allow inter-component communication.

For this hybrid design to function correctly, two specific configuration steps are mandatory during deployment:

  1. Dual Search Domains: When deploying any component (especially in the Green.NET zone), you must configure BOTH Green.NET and Blue.LOCAL in the DNS search domain list. This ensures that a modern service like VKS can find the legacy vCenter it depends on.
  2. Unified SSO Identity: The Identity Provider (IdP) must be configured to recognize both the Green.NET and Blue.local domains. This allows users from both domains to authenticate into each component.

This split-domain design offers a strategic pathway for VCF customers to adopt new capabilities and features without the immediate, costly burden of a full-scale .local domain migration. By leveraging a dual-zone architecture and essential cross-domain configuration, enterprises can ensure platform stability, security compliance, and access to all next-generation VCF capabilities today.


Discover more from VMware Cloud Foundation (VCF) Blog

Subscribe to get the latest posts sent to your email.