Cloud HCI NSX SDDC Security VCF vSAN vSphere by Martin

VCF 9 – takeaways

VCF 9 is out for a few weeks now. In the meantime, I have deployed it various times in the lab and currently I am involved in several customer PoC projects. Hereby, I want to share my biggest takeaways from this absolute stunning new release. I will start with bullet points and gradually expand them in the coming weeks.

Architecture
– VCF Fleet is the new superstructure, each Fleet consists of a shared VCF Operations and VCF Automation deployment and at least one VCF Instance.

– Each VCF Instance itself consists of at least one (Management) Workload Domain, which in turn consists of at least one vSphere/vSAN cluster, and can be deployed for various availability scenarios.

VCF Installer Appliance aka SDDC Manager
– Cloudbuilder is dead, VCF Installer is the new way to deploy VCF and also VVF, it can remain in place for later use or get converted to the SDDC Manager during the Deployment
– The SDDC Manager UI is deprecated, only API will still be used, all UI functions are now in the VCF Operations UI under Fleet Management
– VCF Installer has an UI Wizard like VxRail, automatically saving the progress and providing exportable json files which can also be used to deploy
– IP Pools for Host TEP IPs are finally selectable in all out-of-the-box vDS Profiles

VCF Operations (Ops)
– VCF Ops will have a very prominent new role! thats why it will be the first I write about

VCF Ops consists of a few Appliances:
– 3 Nodes in Single Node Deployment: Operations (Primary), Fleet Management and Operations Collector
– 5 Nodes in High Availability Deployment: additionally Operations Replica and Operations Data Node

Fleet Management functions in VCF Ops are:
– Lifecycle Management
– Component Deployment like VCF Ops for Logs, VCF Ops for Networks, external IDB in High Availability
– SSO configuration which can be used for all integrated products
– Certificate changes
– Password changes
– Tags
– Configuration Drifts for vCenter and vSphere/vSAN Cluster

vCenter
– Enhance Linked Mode (ELM) is dead, welcome vCenter Linking and vCenter Groups
– vIDM aka Workspace One Access is also dead, the new Identity Broker (IDB) is embedded in vCenter
– VPCs can now be edited in vCenter

ESX
– Yes, you read it correctly! There is a prominent name change: ESXi is now ESX (again)
– heterogeneous Clusters (mixing HW vendors) are possible now, using secondary vLCM Images
– EVC-Mode is customizable, the mode is configurable after the deployment even with a running vCenter on the cluster!
– Memory Tiering is no more Tech Preview

vSAN
– Stretched Cluster failover enhancements (manually take over an environment where one Site and the Witness are down)
– Global Deduplication in vSAN ESA coming soon with VCF 9.0 patch 01 (P01).

NSX
– VPC is the new networking operations model
– Transit Gateways are the new T1 GW
– Central and Distributed Connectivity are two different options to connect with the physcial infrastructure. Distributed doesn’t need any Edge VMs!
– 3 VPC Subnet Types: Public, Private Transit GW and Private
– NSX Upgrade sequence changes, NSX Manager is now the first to get upgraded
– NSX vibs are (finally) included in ESX
– Enhanced Datapath is the new default for vDS

VCF Automation
– Kubernetes based
– two moduses when creating tenants: Classic or Modern All Apps (using Supervisor)

VKS (aka Tanzu)
– Supervisor needs to be configured during VI WLD deployment

Licensing
– new Licensing Portal https://vcf.broadcom.com
– License files and Usage reports (every 180 days), also for offline/dark site environments

Summary
As stated in my first sentence. This is a really stuning new release with lots of changes and lots of new features! There are many more. I will try to subsequently update this post in the coming days.

I hope this post can be helpful to you. Feel free to share if you like…


// footnotes:

Date: 03.07.2025
Version: 1.0