Core identity services are part of every embedded deployment and every platform services node. VMCA is part of every VMware core identity services group. Use the management CLIs and the vSphere Client to interact with these services.

VMware core identity services include several components.
Table 1. Core Identity Services
Service Description Included in
VMware Directory Service (vmdir) Handles SAML certificate management for authentication with vCenter Single Sign-On. Platform Services Controller

Embedded deployment

VMware Certificate Authority (VMCA) Issues certificates for VMware solution users, machine certificates for machines on which services are running, and ESXi host certificates. VMCA can be used as is, or as an intermediary certificate authority.

VMCA issues certificates only to clients that can authenticate to vCenter Single Sign-On in the same domain.

Platform Services Controller

Embedded deployment

VMware Authentication Framework Daemon (VMAFD) Includes the VMware Endpoint Certificate Store (VECS) and several other authentication services. VMware administrators interact with VECS. The other services are used internally. Platform Services Controller

vCenter Server

Embedded deployment