18th June, 2025    

VMware Cloud Foundation 9.0: Revolutionizing Hybrid Cloud Infrastructure

VMware Cloud Foundation (VCF) 9.0 marks a significant milestone in the evolution of hybrid cloud infrastructure. Released on 17th of June, 2025, this latest iteration introduces a suite of critical advancements designed to streamline operations, accelerate time to value, and enable organizations to scale their cloud environments with unprecedented confidence. By integrating cutting-edge features across deployment, management, performance, and security, VCF 9.0 empowers businesses to build and operate robust, agile, and secure private and hybrid cloud platforms.

This article provides a detailed exploration of the key innovations introduced in VMware Cloud Foundation 9.0, focusing on its transformative new capabilities, the enhanced workload mobility facilitated by VMware HCX, and the underlying principles of secure and resilient infrastructure that underpin the platform.

Summary of Key Innovations in VMware Cloud Foundation 9.0

VMware Cloud Foundation (VCF) 9.0 delivers substantial enhancements across infrastructure, operations, and security, solidifying its position as a leading hybrid cloud platform. Here are the highlights of what's new and improved:

• Foundational Infrastructure Boosts: Includes Advanced NVMe Memory Tiering, vSAN Global Deduplication, Enhanced Data Paths & DPU Offload, and Confidential Compute for optimized performance and security.

• Streamlined Operations & Management: Features a unified VCF Operations console with integrated log management, a new Accelerated VCF Installer, enhanced Native Multi-Tenancy, an Easy VPC Experience, the VCF Automation Console for automated provisioning and lifecycle management, Performant Fleet Management with critical in-service patching and flexible upgrades, and an advanced VCF Automation Consumption Experience leveraging Terraform, GitOps, and vSphere Supervisor.

• Comprehensive Security & Resilience: Provides comprehensive security at every layer (including platform hardening, encryption, and advanced compliance), enhanced resiliency for critical workloads (with vSAN-to-vSAN replication and non-disruptive operations), proactive risk mitigation (through automated diagnostics, integrated security operations, and configuration drift management), and unified data and ransomware protection. The Security Operations Dashboard offers real-time threat visibility and compliance monitoring.

• Enhanced Workload Mobility with VMware HCX: Seamlessly integrated within VCF Operations to enable secure migrations, rebalances, and disaster recovery, including OS Assisted Migration (OSAM) for non-vSphere guest VMs.

• Strategic Product Focus: VMware's deployment strategy now concentrates on integrated platforms (VCF, VVF, vSphere Essentials), with individual product entitlements like NSX as a separate offering no longer available.

What's New in VMware Cloud Foundation 9.0

VMware Cloud Foundation 9.0 brings a foundational set of innovations aimed at dramatically improving the overall cloud experience. These enhancements touch every aspect of the cloud lifecycle, from initial deployment to day-to-day management and long-term scaling.

Foundational Infrastructure Innovations

The core infrastructure within VCF 9.0 has been bolstered with several groundbreaking features that optimize performance and resource utilization:

• Advanced NVMe Memory Tiering: This innovation significantly extends the available memory pool by leveraging NVMe (Non-Volatile Memory Express) technology. It intelligently treats fast flash storage as a second, lower-cost tier of memory, allowing for more efficient use of resources and potentially reducing overall operational costs while maintaining high performance. This enables applications to access a larger effective memory footprint, improving responsiveness and throughput for memory-intensive workloads.

• vSAN Global Deduplication: Moving beyond traditional disk-level deduplication, vSAN Global Deduplication in VCF 9.0 operates across entire clusters. This means that duplicate data is identified and eliminated once, with the resulting storage savings shared across all associated storage resources within the cluster. This enhancement dramatically improves storage efficiency, leading to reduced storage footprint and optimized cost-effectiveness for hyper-converged environments.

• Enhanced Data Paths: To further enhance performance, VCF 9.0 incorporates new kernel optimizations and introduces the option for DPU (Data Processing Unit) offload. These advancements are designed to flatten the "tax" on data processing, meaning that data moves more efficiently through the system with less overhead. This translates directly into higher performance for applications and services running on the VCF infrastructure, particularly for demanding workloads requiring low-latency data access.

• Confidential Compute: VCF 9.0 supports Confidential Compute, implemented using a combination of hardware technologies like AMD SEV-SNP (Secure Encrypted Virtualization-Secure Nested Paging) or Intel TDX (Trust Domain Extensions) and vSphere software features. This orchestrates and enforces workload isolation, ensuring that virtual machines run only on compatible, trusted hardware with secure memory encryption. While deployment may appear as a simple checkbox in the UI, it triggers a series of validations to ensure hardware-backed protection, policy adherence, and attestation.

Streamlined VCF Operations

VCF 9.0 positions "VCF Operations" as the central hub for managing the entire cloud stack. This focus on operational excellence is evident in several key improvements:

• VCF Operations as Home Base: This centralized console serves as the single point for all day-to-day troubleshooting, full-stack deployments, and comprehensive diagnostics. Its intuitive interface aims to simplify complex administrative tasks, providing administrators with a clear overview of their environment's health and performance. Logs are now included with VCF Operations and installed by default, simplifying log management and analysis.

• Accelerated VCF Installer: The Day-0 deployment of the entire VCF stack—including compute, storage, networking, and management components—can now be achieved in a matter of hours, rather than weeks. This significantly reduces the time to value for new VCF deployments, allowing organizations to rapidly provision and begin utilizing their cloud infrastructure. The VCF Installer is a new downloadable installer that replaces the "Cloud Builder" approach, supporting both YAML-based and GUI workflows for deployment.

• Easy Tenant Deployment & Management: VCF 9.0 simplifies the process of onboarding and managing tenants through wizard-driven workload domains and pre-configured tenant policy templates. This capability allows cloud administrators to quickly provision isolated and policy-compliant environments for different business units or applications, ensuring consistency and governance while reducing setup time. The wizard-driven approach lowers the barrier to entry for creating new cloud consumers.

• Native Multi-Tenancy: VCF 9.0 introduces native multi-tenancy, providing tenant, workload, and workflow separation straight out of the box. This feature offers significant customer benefits, including:

  • Increased Operational Efficiency and Reduced Overhead: By providing clear segregation and streamlined management for different tenants, organizations can optimize their operational processes and reduce administrative burden.

  • Optimized Resource Allocations and Cost Savings: Multi-tenancy allows for more granular control over resource allocation per tenant, leading to better utilization of infrastructure and potential cost reductions.

  • Easily Scale Tenants and Monitor Cost and Chargeback: The platform facilitates easy scaling of tenant environments and provides robust capabilities to monitor costs associated with each tenant, enabling effective chargeback models.

• Easy VPC Experience and Consumption: VCF 9.0 introduces an easy Virtual Private Cloud (VPC) experience, simplifying cloud connectivity and tenancy within the private cloud. This feature provides several customer benefits:

  • Operational Efficiency for Workload Connectivity: It enables easy connection, separation, securing, and protection of workloads directly from vSphere, streamlining network management.

  • Resource Efficiency: Workloads can be consolidated into secure VPCs, leading to optimized resource utilization and lower costs.

  • Simplified Multi-tenancy: This feature simplifies the isolation of network traffic and policies, allowing administrators to achieve multi-tenancy with fewer steps and greater ease.

• VCF Automation Console: VCF 9.0 includes the VCF Automation Console, designed to automate service provisioning, deployments, and lifecycle management for faster outcomes. Key customer benefits of this console include:

  • Automated Service Provisioning: Quickly deploy and configure cloud services with minimal manual intervention, accelerating the delivery of new services.

  • Streamlined Deployments: Automate the end-to-end deployment process for consistent, repeatable results, reducing errors and deployment times.

  • Lifecycle Management: Simplify the management of cloud infrastructure through automated upgrades and patching, ensuring the environment remains current and secure with less effort.

• Performant Fleet Management: Managing large-scale cloud environments is made more efficient with performant fleet management capabilities. Administrators can now roll out patches and updates to thousands of hosts with greater control and confidence. This is achieved through predictive pre-checks, which identify potential issues before they arise, and phased blast-radius controls, which allow updates to be deployed in stages, minimizing the impact of any unforeseen problems. This ensures a more resilient and less disruptive patching experience. This includes critical in-service ESX patching, allowing updates to be applied without requiring downtime, and enabling flexible, asynchronous upgrades for the entire VCF stack.

• VCF Automation Consumption Experience: VCF 9.0 introduces a unified open API, complemented by support for Terraform and GitOps methodologies, to handle every provision request. This robust automation framework ensures that all provisioning operations carry consistent policy and cost tags, eliminating governance drift and enabling a true self-service experience for developers and IT teams. In fact, the VCF Private Cloud leverages the vSphere Supervisor to provide a single declarative API, which aligns many infrastructure consumption flows directly with the native Terraform Kubernetes Provider, also benefiting from GitOps patterns as a result of the Supervisor API surface and a new VCF Service called ArgoCD. This fosters greater agility and consistency in cloud resource provisioning.

Workload Mobility with VMware HCX in VCF 9.0

Workload mobility is a cornerstone of hybrid cloud strategy, enabling organizations to seamlessly move applications and data across diverse environments without disruption. VMware Cloud Foundation 9.0 significantly enhances this capability through its integration with VMware HCX (Hybrid Cloud Extension).

Getting Started with VCF Operations HCX

The process of enabling and managing workload mobility in VCF 9.0 revolves around VCF Operations HCX. This component provides the necessary services to facilitate secure and efficient migrations, rebalances, and disaster recovery between on-premises data centers and private or hosted vSphere destinations.

The Broadcom technical documentation for VCF 9.0 outlines the critical steps and considerations for planning the installation and operation of VMware Cloud Foundation Operations HCX services within a vSphere data center environment. Successful implementation requires careful forethought and adherence to best practices to ensure optimal performance and resource utilization.

Deployment Concepts and Best Practices

To speed deployment time and effectively manage resources, the documentation emphasizes understanding key deployment concepts and adopting proven practices. These include:

• Environmental Assessment: A thorough understanding of both source and destination environments is crucial. This involves assessing network topology, IP addressing schemes, compute and storage resources, and security policies to ensure compatibility and smooth integration with HCX.

• Network Considerations: HCX heavily relies on network connectivity between sites. Planning for appropriate bandwidth, latency, and firewall rules is essential for efficient data transfer and the proper functioning of HCX services. This may involve setting up dedicated network segments or optimizing existing infrastructure.

• Resource Allocation: Adequate compute and storage resources must be provisioned for HCX appliances at both the source and destination sites. Proper sizing ensures that HCX operations can proceed without performance bottlenecks, especially during large-scale migrations.

• Security Configuration: Implementing appropriate security measures, such as firewall rules and network segmentation, is vital to protect the HCX communication channels and the migrated workloads. This ensures data integrity and confidentiality throughout the mobility process.

Installation Checklists for Configuration Planning

To assist with configuration planning and ensure a comprehensive setup, VCF 9.0 provides detailed installation checklists for HCX. These checklists serve as a valuable guide, ensuring that all prerequisites are met and all necessary configurations are in place before initiating HCX deployment. They typically cover:

• Prerequisites: Verifying software versions, hardware compatibility, and necessary network services.

• Network Configuration: Confirming IP addresses, VLANs, and routing.

• Firewall Rules: Ensuring that required ports are open for HCX communication.

• Service Accounts: Setting up appropriate user accounts with necessary permissions.

• Resource Sizing: Validating that compute, storage, and network resources are adequately provisioned for HCX appliances.

OS Assisted Migration (OSAM)

A particularly powerful feature for extending workload mobility is OS Assisted Migration (OSAM). This capability allows for the migration of guest virtual machines that are not running on vSphere from their on-premises data centers to private or hosted vSphere destinations.

OSAM significantly broadens the scope of workloads that can benefit from HCX's migration capabilities. This means organizations can seamlessly transition non-vSphere virtualized environments, or even physical servers after a P2V (Physical-to-Virtual) conversion, into their VCF-powered private or public clouds. This flexibility is crucial for consolidating data centers, facilitating cloud adoption, and enabling hybrid cloud strategies for a wider range of legacy applications.

Enhanced Security Operations

Security is paramount in any cloud environment, and VCF 9.0 addresses this with a dedicated focus on operational visibility and proactive threat management:

• Security Operations Dashboard: This single, comprehensive console provides SecOps teams with an overlaid view of live attack-surface maps and real-time compliance scores. This integrated dashboard empowers security professionals with a unified perspective to quickly spot vulnerabilities, prioritize patching efforts based on risk, and verify the effectiveness of remediation actions before an audit is even initiated. It acts as a crucial tool for maintaining a strong security posture and adhering to regulatory requirements. It also provides application troubleshooting and insights, helping to diagnose security-related issues within applications.

Secure and Resilient Infrastructure in VCF 9.0

VMware Cloud Foundation 9.0 is engineered with an inherent focus on delivering a secure and resilient infrastructure that can withstand challenges and protect critical workloads. Safeguarding infrastructure and data is paramount for uninterrupted operations, and VCF 9.0 addresses this through several key pillars:

Comprehensive Security at Every Layer

VCF 9.0 ensures data and infrastructure are protected comprehensively through built-in security features that span every layer of the stack. This includes:

• Platform Hardening and Security: Ensuring the underlying platform itself is secured with robust configurations and best practices to minimize vulnerabilities.

• Built-in Encryption: Protecting data at rest and in transit through integrated encryption capabilities.

• Secure Configurations: Implementing hardened configurations by default to reduce the attack surface.

• Advanced Compliance Features: Support for industry standards and protocols such as FIPS (Federal Information Processing Standards) and TLS 1.3 (Transport Layer Security), ensuring adherence to strict security and compliance requirements.

Resiliency for Critical Workloads

Minimizing downtime and disruption is a core tenet of VCF 9.0's design for critical workloads. The platform incorporates features specifically aimed at enhancing resilience and ensuring continuous availability:

• vSAN-to-vSAN Replication: Enabling efficient and reliable data replication between vSAN clusters for disaster recovery and business continuity.

• Enhanced Storage Cluster Resiliency: Improvements in storage cluster design and management to withstand failures and maintain data integrity.

• Non-Disruptive Operations: Allowing for maintenance, upgrades, and other administrative tasks to be performed without impacting the availability of running workloads.

• Extended Data Protection Features: Providing additional mechanisms and options for safeguarding data, enhancing overall data durability and recoverability.

Proactive Risk Mitigation

VCF 9.0 empowers administrators to detect and mitigate risks in real-time, proactively addressing potential threats before they escalate. This is achieved through:

• Automated Diagnostics: Intelligent systems that continuously monitor the environment and automatically identify anomalies or potential issues.

• Integrated Security Operations: A unified approach to security management, bringing together various security tools and insights into a cohesive framework.

• Configuration Compliance and Monitoring: Continuously auditing configurations against established policies and detecting any deviations (drift) in real-time, allowing for immediate remediation.

• Configuration Drift Management: Tools and processes to detect and correct unauthorized or unintended changes to configurations, ensuring that the infrastructure remains in its desired secure state.

Unified Data and Ransomware Protection

VCF 9.0 provides a comprehensive strategy for protecting data from various threats, including sophisticated ransomware attacks. This unified approach integrates several layers of defense to safeguard critical information and ensure rapid recovery.

Proactive Security Operations with the Security Operations Dashboard

As previously mentioned, the Security Operations Dashboard is a cornerstone of VCF 9.0's commitment to security. This centralized console plays a pivotal role in enabling proactive security management:

• Real-time Threat Visibility: By overlaying live attack-surface maps with real-time compliance scores, the dashboard provides administrators with immediate insights into potential vulnerabilities and compliance deviations. This visual representation allows SecOps teams to quickly identify areas of concern and understand their security posture at a glance.

• Vulnerability Prioritization: The dashboard helps in prioritizing patching and remediation efforts. By highlighting the most critical vulnerabilities and their potential impact, it enables security teams to allocate resources effectively, addressing high-risk issues first. This shifts security from a reactive to a proactive stance.

• Compliance Verification: Before audits or regulatory checks, the dashboard allows for the verification of remediation actions. This ensures that security controls are properly implemented and that the environment remains compliant with internal policies and external regulations, minimizing the risk of non-compliance penalties.

This integrated approach to security operations provides a unified view, empowering teams to maintain a strong defensive posture and respond swiftly to emerging threats.

Conclusion

VMware Cloud Foundation 9.0 represents a significant leap forward in the journey towards a more agile, efficient, and secure hybrid cloud. The new features and enhancements in VCF 9.0 underscore VMware's commitment to simplifying cloud operations, optimizing infrastructure performance, and enabling seamless workload mobility.

From advanced NVMe memory tiering and vSAN global deduplication to a modernized VCF Operations experience and a powerful Security Operations Dashboard, VCF 9.0 empowers organizations to unlock greater value from their private and hybrid cloud investments. The robust integration with VMware HCX, particularly with capabilities like OS Assisted Migration, ensures that workloads can traverse diverse environments with ease, facilitating strategic initiatives such as data center consolidation, cloud migration, and disaster recovery.

By providing a foundation for secure and resilient infrastructure through comprehensive security at every layer, enhanced resiliency for critical workloads, proactive risk mitigation, unified data and ransomware protection, and robust operational capabilities, VMware Cloud Foundation 9.0 positions itself as an indispensable platform for enterprises seeking to modernize their IT infrastructure and embrace the full potential of the hybrid cloud. It offers the speed, scale, and security required to meet the demands of today's dynamic digital landscape.

Read More

For more in-depth information on VMware Cloud Foundation 9.0, please refer to the following official sources:

• What's New in VMware Cloud Foundation 9.0 Blog: https://blogs.vmware.com/cloud-foundation/2025/06/17/whats-new-in-vmware-cloud-foundation-9-0/

• Getting Started with VMware HCX in VCF 9.0 Product Documentation: https://techdocs.broadcom.com/us/en/vmware-cis/vcf/vcf-9-0-and-later/9-0/workload-mobility/getting-started-with-vmware-hcx-vcf-9-0.html