10 Reasons Why VMware Cloud Foundation 9 is a Game Changer in Private Cloud!
Last week, we had the opportunity to attend a presentation by a VMware by Broadcom employee at our office about upcoming changes, including the release of VMware Cloud Foundation 9. Before diving into that topic, my team of specialists, who have successfully implemented VMware products for years, analyzed the scale of transformation that has taken place over the past year in the private cloud space delivered to clients by VMware. We are truly impressed by these changes and the announcements regarding version 9.
Introducing a single interface for managing an entire private cloud platform, which from the moment of deployment allows for the division into smaller, isolated units, known as tenants, is a significant change. The ability to quickly allocate dedicated space, for example, for developers, is just the beginning.
In the next step, the tenant administrator can create a VPC (Virtual Private Cloud), where the VPC user can independently divide the VPC into logical network segments, introduce their own firewall policies (microsegmentation), and decide whether traffic will be allowed to exit the VPC.
But what if communication is needed between two or more VPCs?
At the tenant level, the administrator can establish communication between them. Additionally, VPC management can be performed at different levels – from the self-service catalog (VCF Automation), the NSX management console, or even directly from the vCenter console.
Management can also be carried out via command-line and code. There’s something for everyone.
Let's move on to the main private cloud interface.
This is the level where the administrator is responsible for maintaining and developing the entire private cloud environment. The actions taken at this level directly impact what tenant administrators can access later.
It is crucial to delegate this level to individuals in the organization who are disciplined yet imaginative, capable of developing new services, and leveraging the full power of the platform. The best approach is to build a team consisting of administrators from various fields: virtualization, storage, networking, security, and Kubernetes platforms. This way, we accomplish something extremely important—creating a team that operates beyond traditional technological silos. This approach gives the company tremendous power. Everything moves faster, processes become simpler, visibility increases, and the team no longer blames problems on other departments.
This approach ultimately leads to higher SLA levels for applications and lower total IT costs (TCO). There has been a lot of discussion about costs recently, but few have mentioned that these costs can be significantly reduced using VMware’s private cloud platform.
Few people may also be aware that the price of VCF has been reduced by 50% following Broadcom’s acquisition.
Returning to what administrators can achieve within the main interface, the first step is defining the source of cloud users, whether it be Active Directory, Okta, ADLDS, or another system.
Next, there is a module responsible for managing all administrative passwords within the cloud environment, including mechanisms for their automatic renewal after a specified period. Once this is configured, the next step is handling and monitoring certificates used for connecting to the private cloud and its components. Everything is visible in one place—what certificates are issued, their expiration dates, and the option for automatic renewal. Simple yet essential for daily cloud platform maintenance.
Now that certificates are handled, let’s move on to cloud lifecycle management.
This refers to managing updates for the entire platform, including server firmware, from a single location, without worrying about dependencies between cloud components. VCF Operations takes care of this. The platform also features Live Patching, allowing for cloud updates without the need to restart physical servers.
Every administrator knows how long it can take to get approval for server downtime from the business side. With Live Patching, the green light is always on. Those familiar with patch management in large organizations understand the savings involved. The cloud management console also includes a component for tracking configuration changes.
The workshop leader mentioned that 20 years ago, he wanted to implement a similar mechanism for tracking changes in configuration files, recognizing that the lack of such visibility combined with a large team could lead to failures.
Some may argue that ITIL already addresses this issue on another level. That’s true, but in the case of an intruder breach, this system quickly reveals what changes were made to facilitate unauthorized access.
We believe monitoring discrepancies between configurations set by VCF9’s main cloud administrators and those modified at a lower level in vSphere is crucial.
Moving forward, what else did we find interesting in VCF9?
Cloud-wide capacity management allows for easy expansion with additional nodes from the same portal. There is also something for security teams.
The cloud solution’s security status is visible in real time. The final key aspect is monitoring what happens within the cloud, including log collection, correlation, and visualization. Those familiar with Aria Operations and Aria for Logs will notice that everything is now integrated into a single core console—VCF Operations.
Here’s a tip: In addition to monitoring the VCF9 cloud software itself, IT infrastructure and applications should also be monitored. We can assist with delivering ready-to-use monitoring components within VCF Operations.
At the final stage, our VCF9 administrator team creates tenants, appointing additional administrators responsible for using the platform.
There is a list of our Addons – Explore 👉
What exactly does this usage entail? What services are consumed, and where do they come from?
VCF9 administrators, using VCF Automation, provide ready-to-use services built into the platform, such as IaaS, PaaS, CaaS (Container as a Service), Private AI, AVI Load Balancer, and advanced security. Additionally, they can create dedicated services tailored to the needs of our clients.
We appreciate that the entire cloud platform is software-driven from the infrastructure side, including virtualized computing power, storage, networking, and security.
This gives us power. The lack of manual integration of these components, dependency checks, and post-upgrade testing brings immense organizational benefits and reduces time consumption. This can be quantified.
In some large companies in Poland, teams of over 20 people are dedicated solely to building a service catalog based on outdated technology silos. Eliminating these silos finally allows organizations to enter the 21st century—where, incidentally, we have already been for 25 years.
Service creation can be done through a graphical interface, where logical cloud entities are combined into a single service, or through code. After all, some people prefer coding. A solid strategy from VMware.
It is also worth mentioning that within the service catalog, we can see the costs associated with the services ordered by users, while our main VCF9 administrators will have visibility into the total cost of the entire platform.
For advanced organizations, VCF9 allows the implementation of ChargeBack or ShowBack. Of course, the visibility of service costs or cost recovery is determined by our main VCF9 administrators.
To conclude the discussion on VCF Automation, it is important to note that tenant administrators will be able to leverage the capabilities offered by VCF Operations. This will enable them to monitor resource utilization levels directly from their consoles.
We have comprehensive cloud management support, and significant and important changes lie ahead.
Now, we will move on to the infrastructure-related section, starting with vSAN—what changes are happening in this area? What do we like about them?
First and foremost, we focus on using affordable NVMe storage, which we install in our servers. Some might be surprised that I call it affordable, but in recent years, this technology has become widespread, significantly lowering its cost. Those who are savvy shoppers know how to buy smartly at a low cost—and we can help with that too.
The new vSAN ESA architecture, combined with NVMe drives (which provide fast read and write speeds) and fast, cost-effective Ethernet networks (25, 50, 100 GbE), paves the way for new functionalities. One of the most anticipated features, as mentioned by the speaker, is efficient snapshots of virtual machine disks.
Snapshots can be stored for long periods and even created in a mode that prevents modifications for a specified time. This is a simple but effective safeguard against administrative errors, cyberattacks, and ransomware attempts.
We like this solution because it allows for multiple snapshots and the creation of a self-service feature, enabling users to restore data on demand. Moreover, snapshots can be used to recover test and pre-production environments from a specific point in time.
Additionally, vSAN will introduce global deduplication—after data is reduced through compression, further savings can be achieved. There will also be direct vSAN-to-vSAN replication, bypassing higher layers. This feature is ideal for companies needing to build a long-distance DR solution.
For shorter distances (up to 200 km over fiber – 5 ms latency), a vSAN stretched cluster is an excellent choice.
Moving on to the hypervisor.
Two things caught our attention. The first is support for new processors that will dominate the market—ARM processors. We all use them in our smartphones. Due to their high performance and low power consumption, these processors can help reduce energy costs in data centers. The second exciting development is the introduction of an automatic RAM tiering system. It categorizes memory into frequently used and rarely used segments. The rarely used memory is automatically offloaded to NVMe storage. We previously mentioned that investing in NVMe technology in servers is a wise choice. If your company has established server standards, now is the time to update them by incorporating at least 6–8 NVMe drives. It’s also worth selecting high-performance processors with strong per-core performance.
Feel free to reach out to us—we’re happy to help if needed!
Finally, it’s worth mentioning networking. SDN in the cloud offers great flexibility with the introduction of VPCs and significant operational cost savings.
I’ll cover this topic in more detail in my next article, where I’ll focus on networking and advanced security mechanisms in VCF 9.
To sum up:
VCF 9 is a step in the right direction. Now, we just have to wait for the final product, but for those looking to take advantage of cutting-edge solutions today, I recommend VCF 5.2.1, which already includes many innovations we’ve discussed.
One last key takeaway: Breaking out of technological silos with VCF, reducing the number of IT devices in data centers, and minimizing dependencies between components—this isn’t just about entering the 21st century; it’s also about drastically lowering TCO costs.
Let’s talk! We’d love to share the details with you!
👉 List of VCF Operations Add-ons Developed by Indevops
We remind you of our presentation at VMware Explore 2024 in Barcelona.
See Indevops in action! That’s where we first heard about VCF 9.
We demonstrate how to take cloud automation to the next level with VMware Cloud Foundation, integrated with VCF, Oracle Cloud, Azure Cloud, and many other platforms. Through real-world use cases and practical code examples in Terraform, VMware Orchestrator, PHP, PowerShell, JavaScript, and Python, we show how to automate complex processes and enhance operational efficiency.
Want to streamline resource management, automate configurations, and integrate clouds? This session is a must-see!
👉 Watch the VMware Explore Barcelona 2024 recording –
Mastering Multi-Cloud Automation and Beyond with VCF Aria Automation
