Cloud Migrate

VMware recently released full support for Azure Active Directory (now called Entra ID) integration with vCenter with release 8.0 U2. Unfortunately, their documentation about integration had some major gaps. VMware’s documents initially recommended opening your vCenter server URL to the public (which you should NEVER do). They’ve since added a note about tunneling that connection with no guidance on how to accomplish that. One option mentioned is using an application proxy in Azure, but this still publishes a public endpoint for vCenter web services. As an alternative, this guide utilizes the Microsoft Azure on-prem SCIM app INSTEAD of the VMware Identity Service app. This ensures all connectivity to vCenter is kept private using an Entra connector application. There is a bit more SCIM configuration required with this approach, but it is documented below and results in a much more secure setup. Name Mapping vCenter Azure AD / Entra ID Client Identifier Application (client) ID Shared sec...

The Incident What Happened In December 2025, one of our production FTP servers went down hard. The server — running Windows Server 2016 — was responsible for ingesting high volumes of files around the clock. At some point during a peak processing window, all write operations on the D: drive failed simultaneously. The symptom was deceptively simple: the operating system reported 0 bytes available on the D: drive. Applications failed, file transfers aborted, and alerts fired across the board. The first instinct of anyone on the team was obvious: the disk is full. Except it wasn't.  Outage was caused by something most infrastructure engineers have never encountered — and that is exactly what makes it dangerous. NTFS metadata exhaustion is invisible to standard monitoring, looks exactly like a disk space problem, and cannot be solved by adding disk space.   The Investigation When we RDP'd into the server and opened Windows Explorer, the D: drive showed over 500GB of free s...