Announced Features for VCF 9

Estimated reading time: 13 minutes

VMware Cloud Foundation (VCF) is Broadcom’s flagship platform for nearly every solution formerly offered by VMware pre-acquisition. Details are starting to drop regarding the next iteration, VCF 9, just in time to create some buzz in advance of the VMware Explore 2025 conference. Customers are accustomed to incremental improvements with a handful of especially cool and innovative additions. VCF 9 is no exception, multiplied several times! There is much to digest, plan, and get excited about!

Community

Before we get started, I would like to acknowledge a small handful of fellow vExpert bloggers who contributed articles of their own to the vCommunity. Please consider visiting their blogs as you continue to learn more about VCF 9!

Christopher Kusek | Architect’s Edge Insights : VCF 9.0 Licensing. Simplified. Real talk on what VCF licensing looks like now.
Christian Mohn | vNinja : VCF 9.0 Is Here — What Does That Mean?
Maarten Van Driessen | Brisk-IT : VCF 9 – News and Thoughts
Edd | VxWorld : A First Look at VMware Cloud Foundation 9

Top 5 Highlights

Expanded Memory Tiering with NVMe
vSAN ESA Enhancements
VCF Operations Fleet Management
Unification of VCF (formerly Aria Suite) Solutions
Licensing and Compliance Updates

Memory Tiering with NVMe

You have likely heard about Memory Tiering over the last year. Memory Tiering has become especially popular in homelab environments, which are commonly Memory constrained. This is especially the case when implementing VCF, due to the sheer number of components required to run a proper instance. Broadcom appears to have invested further into this technology and is expanding Memory Tiering with NVMe in VCF 9! You can already leverage Memory Tiering in vSphere 8, but with some restrictions around the ratio of Physical Memory to Tiered Memory over NVMe. Increased development effort will enable users to elevate their use of Memory Tiering, beyond the supported maximum today.

Memory Tiering allows for the hypervisor to offload cold Memory pages to fast NVMe storage mediums instead of DRAM. The opportunity for cost savings is significant! Of course, cost savings are highly variable based on vendor and parts selection, among other factors. Using some quick math of my own, enterprise-grade NVMe can run at about $0.39 cents per GB, whereas the cost of DRAM could be closer to $14.00 per GB. Again, the cost per GB is highly variable based on hardware selection (capacity, manufacturer, speed, etc.) and other factors (reseller discounts, tariffs, etc.).

Given these simple figures, you can quickly understand that NVMe is less costly at scale and can be leveraged effectively to offload cold pages from DRAM, leaving more room for active pages. Understanding your workloads and their resource usage patterns will provide the necessary context to determine if Memory Tiering is a game changer for your environment.

vSAN ESA Enhancements

vSAN ESA is not new but has received some important enhancements courtesy of VCF 9. I could fill an entire blog post discussing many of the changes; a couple of things to keep an eye on are: Global Deduplication and vSAN > vSAN replication with deep snapshots (crash consistent). If you evaluated vSAN in the past, you may have been disappointed that neither of these features were available previously. These are important enhancements for vSAN, as customers are encouraged (not required) to leverage it as the native storage provider across environments. Broadcom has invested development effort into vSAN, which is evident.

Global deduplication or “dedupe” can save a considerable amount of capacity (and therefore, expense), which is no secret – most storage platforms have supported deduplication for years. The adoption of NVMe drives in standard server chassis has paved the way for Broadcom to develop the necessary code for ESXi to handle deduplication – in addition to other core services related to vSAN – to ensure the back-end workload can be sustained with reasonable resource utilization. Remember, vSAN unifies compute with storage: the Host is fulfilling both roles.

Replication between vSAN clusters speaks for itself but crash consistent “deep snapshots” are certainly an improvement. Storage arrays which treat VMs as objects on the array(s) have been capable of doing this for a while now – and it’s a fabulous feature. Consider the benefit of having crash consistent snapshots captured for your VMs based on a policy which defines the scope and frequency, likely with ability to clone based on the snapshot(s) as well. We will learn more about these vSAN native snapshots soon, but this is a feature to keep an eye on.

Global Deduplication is not expected to be available to a broad range of customers at time of VCF 9 GA but will likely be included in the first update. Customers may follow the Request for Product Qualification (RPQ) process to obtain a waiver from Broadcom to implement the feature early, if willing. Contact your Broadcom Account Team if you are interested in learning more about the opportunity.

VCF Operations Fleet Management

VCF Operations is rapidly becoming the centralized platform to manage your VCF environment, which I will discuss more in the next section. What’s important to know for this section is that VCF Operations in VCF 9 will introduce “Fleet Management”, which streamlines the coordination of several lifecycle functions. In particular, Operations will soon facilitate password rotation for service accounts, SSL certificate rotation, and identify configuration drift across vCenter Servers and Hosts!

Password and certificate management can be tricky, especially if you consider an alternate solution to be the “source of truth”, such as the Microsoft Certificate Authority or CyberArk. Operations will have integrations available to several third-party solutions, which is intended to make short work of what can often become tedious and error-prone tasks. Think about it – with the click of a button, a Cloud Administrator could rotate a series of passwords and/or certificates, all with the consistency and standardization we need to maintain a healthy enterprise-grade environment.

Configuration Drift is very real: how many vCenter Servers or Hosts have you deployed, sometimes referencing the existing environment in a separate browser tab? How can a Cloud Administrator be certain they have captured all of the necessary configuration values and applied them correctly? Operations will offer visibility to configuration drifts to reveal potential misconfigurations and even alert members of your team, if configured via Operations policy. The “source of truth” in this case is determined by user-defined desired state configuration templates: you pick which resource to model after, and Operations will deliver actionable insights. When comparing desired vs actual configurations, you will be presented with a side-by-side comparison with variances highlighted.

Unification of VCF (formerly Aria Suite) Components

If you have some knowledge of VCF 5.2 and the Aria Suite already, then you are likely familiar with operational components such as SDDC Manager, Aria Operations, Aria Operations for Logs, Aria Suite Lifecycle, and so on. In VCF 9, the VCF Operations platform we know and love will become massively important to effectively deploy, manage, and monitor your infrastructure! Gone are the days when VCF Operations only served as the monitoring and performance assessment platform!

In VCF 9, components such as SDDC Manager and Operations for Logs will be centrally accessible through the Operations UI! At present, each of these solutions are separate user interfaces, running separate virtual appliances, served over separate load balancers, authenticated using different authentication methods, and so on. VCF Operations will become the “one stop shop” for managing your VCF environment, which is expected to reduce complexity and enhance efficiency across your operational team.

If you have used vRealize Suite Lifecycle in the past, you may recall that downloading product patches and installation binaries “online” was possible until the transition was made from VMware Customer Connect to the Broadcom Support Portal. Even today, Cloud Administrators must download install and update binaries from the Broadcom Support Portal and import into vRealize Suite Lifecycle. I am pleased to report that this “online updates” feature will be reinstated!

Of worthy mention, Aria Suite Lifecycle will be deprecated as we know it today, with many of its features and capabilities migrating to VCF Operations. Essentially, VCF Operations will adopt features to maintain product lifecycle, passwords, certificates, etc. with its own look and feel using the modern Operations UI. Although the immediate deprecation of Aria Suite Lifecycle has not been formally announced, I suspect that will become the case soon.

Licensing and Compliance Updates

Longtime VMware customers are familiar with the “honor system” model of licensing, which allows license keys to be generated and applied to products/solutions without a “phone home” mechanism. This notion does not apply to vSphere+ and former SaaS solutions, of course – and with the understanding that license audits may be ordered at any time, per the license agreement. The bottom line is, on-prem deployments do not currently have a mechanism to report consumption back to VMware/Broadcom for the purposes of measuring or evaluating license consumption and compliance.

In VCF 9, Broadcom will require further insight into license consumption using one of two methods:

Option One: If your VCF Operations instance has connectivity to the Internet and the customer approves, Operations will automatically report license consumption back to Broadcom on a routine interval. This is the easiest option, as it transpires in the background and does not require any further input from operations teams. The background process will synchronize licenses with Broadcom and maintain record of the sync to ensure the customer may continue accessing product updates, etc.

Option Two: The customer may generate an output file from VCF Operations which contains a brief report of license consumption within the environment. The file must then be uploaded to Broadcom in the form of a support case. The expected frequency is semi-annual (every six months), so up to two instances per year, per environment. This option is most applicable to environments which do not permit Internet access for VCF Operations appliances. In this case, the customer provides the report file to Broadcom Support, after which they will provide a new file for the customer to import back into VCF Operations. This is manual handshake workflow is necessary for Operations to acknowledge that the license synchronization has been facilitated.

Rumors of this new compliance requirement have circulated online and have been met with varying degrees of resistance. Although I understand that this is “one more thing to keep track of” (among other concerns), I think it is important to acknowledge that most subscription-based software synchronizes with a given vendor’s license platform – and has for years. This is a new concept for VCF but should not be a source of contention for Cloud Administrators.

Wait, there’s more!

I discussed my top five interests for what is to come with VCF 9, but that truly is the top of the iceberg! Below are some additional points you may find interesting and wish to keep an eye on:

The VCF Management Domain will no longer require vSAN as the primary storage medium. This has always been the case for the Workload Domain(s), but the Management Domain has always required vSAN. You will now have the option of leveraging alternative storage platforms over FC or NFS. You may of course leverage vSAN if you wish, but it is not required.
vMotion stun time for GPU-enabled VMs will be reduced to 2 seconds or less.
The “Cloud Builder” virtual appliance will be superseded by the “Cloud Foundation Installer” virtual appliance, which will provide an “install wizard” type of user interface. That’s right – gone are the days when you had to fill-out an Excel spreadsheet offline and import at time of install! Cloud Foundation Installer will streamline the deployment process, deploy components such as Operations and NSX, automatically generate passwords for necessary components, and help facilitate import of a “brownfield” vSphere environment for conversation into a VCF environment. Don’t worry, you can still download and manipulate a JSON output file (and re-import with changes) as needed to accommodate advanced installations.
You understood the point above correctly! Existing vSphere environments with or without vSAN, Aria 8.x components, and/or NSX 4.x may be converted into a VCF 9 instance using a “brownfield import” approach!
In-place upgrade to VCF 9 is supported for existing VCF 5.x instances.
Environments with NSX configured may achieve up to 3x faster data transfer speeds. There are measurable reductions in latency and CPU load, making NSX more sustainable and efficient.
In vSphere and vCenter 9, if you do not have a VCF implementation, VCF Operations is required. This is because Operations fulfills the role of a license key manager, as individual license keys for each component will not exist in vSphere 9. Your VCF entitlement will be synchronized across the relevant solutions by Operations. At the end of the day: Yes, customers with a VCF entitlement may still deploy vSphere/ESXi 9 and vCenter Server 9 without implementing the full VCF stack but must deploy VCF Operations to synchronize the license state across products.
The Intel Skylake CPU generation, including prior generations, will not be supported. Refer to the Broadcom Compatibility Guide (BCG) for additional details.
vVOL technology will be supported in VCF 9 GA but will be deprecated in a forthcoming update.
STIG guidelines will be met for all new VCF 9 deployments, with exception to VCF Orchestrator and VCF Operations for Networks (formerly vRealize Network Insight or vRNI) by default. FIPS will be enabled by default for each component as well.
VCF Operations will include a new identity broker, “vIDB”, which will supersede VMware Identity Manager (vIDM). This will enable each of the VCF Suite products and managed vCenter Servers to authenticate using a common identity broker. You may recall that support for vIDM was mixed across products/solutions, historically. vIDB will support AD/LDAP, ADFS, Azure/Entra ID, Okta, and other common identity providers.
VCF Health & Diagnostics will provide “Diagnostic Findings”, similar to the output provided by VMware Skyline in years past. Broadcom introduced Diagnostic Findings in Operations 8.18 but has expanded upon the feature set with VCF 9.
VCF Health & Diagnostics will enable VI Admins to generate log bundles and attach them to Broadcom Support cases! This was one of my favorite features from Skyline, so I’m glad to see it make a return!
VCF Operations for Logs (formerly vRealize Log Insight) will be incorporated into VCF Operations not just in terms of the UI, but at an infrastructure level as well. All VCF components will be automatically configured to forward syslog messages to this Operations instance by default.
VCF Operations will provide a centralized view of audit events related to Authentication, Authorization, Permissions, Network, Firewall, and more. This is an essential tool for tracing user actions and troubleshooting access issues.