VCF-9 – Part 1: Introduction & Architecture

manish_jha86

Introduction

VCF-9 was introduced at VMware Explore 2024, marking a pivotal advancement in how enterprises build and manage private clouds. Designed to simplify and consolidate IT environments, VCF 9 promises faster deployment, streamlined consumption, and simplified management—all while boosting security and cost-efficiency. VCF-9 is aimed at allowing organizations to manage their entire infrastructure as a single, unified system.

Some of the key features of VCF-9 are:

1: Streamlined Infrastructure: One Platform, Many CapabilitiesVCF 9 integrates compute, networking, storage, and automation into a unified framework. This helps two main audiences:

  • Infrastructure teams can automate and simplify private cloud deployment.
  • Platform engineers & developers benefit from a self-service environment for VMs, containers, and Kubernetes workloads.

2: Tailored Experiences for Cloud Admins and Engineers

  • Cloud Admins: Gain a consolidated control center to manage capacity, policies, tenants, and security—all from a single console. Diagnostic tools and topology maps accelerate issue resolution.
  • Platform Engineers: Can self-provision environments across traditional VMs and modern container stacks. Multi-tenancy, governance, and resource isolation enable agile deployments without sacrificing security.

3: Core Enhancements by Domain

– Compute (vSphere)

  • Memory Tiering with NVMe: Moves lesser-used data to NVMe to reduce DRAM usage, improving server consolidation by ~40%.
  • Confidential Computing: Supports Intel TDX and AMD SEV-SNP to isolate and encrypt workloads at the hypervisor level.
  • Enhanced vSphere Kubernetes: Adds Windows container support, VPC connectivity, and OVF compatibility.

– Storage (vSAN)

  • vSAN-to-vSAN Snapshots: Enables fast disaster recovery with minute-level RPOs.
  • Global Deduplication: Cuts storage needs by ~46%.
  • ESA Stretched Recovery: Ensures availability across dual-site failures.

– Networking (NSX)

  • Native VPC in vCenter/VCF: Simplifies virtual network creation with automated orchestration.
  • Enhanced Data Path: Delivers up to 3X faster switching to meet high-performance needs.
  • Seamless VLAN to VPC Migration: Simplifies networking complexity and enhances security by streamlining the switch from conventional VLAN-based networks to VPCs.

4: Platform-Wide New Capabilities

  • Streamlined Imports: Pull in existing NSX and vSAN setups with minimal disruption.
  • Secure Multi-Tenancy: Partition shared infrastructure securely with defined governance.
  • Global Fleet Management: Central console for managing VCF deployments across multiple sites, with uniform security and compliance.

To know more about the new features of VCF 9 in greater detail, refer to the official blog posts by VMware.

Introducing VMware Cloud Foundation 9

What’s New in VMware Cloud Foundation 9.0

Architecture & Components

Workload Domains

The workload domain is the building block in a VCF private cloud deployment. A workload domain is a pool of capacity that has been carved out for hosting workloads. Each workload domain has its own storage and compute. That storage can be vSAN, NFS, or Fiber Channel. It also leverages capabilities from the vSphere distributed switch or software-defined networking capabilities of VMware NSX.

There are two types of domains in Cloud Foundation: the management domain and the virtual infrastructure workload domain. The difference between the two is that the management domain is a special-purpose domain. It’s the first domain that gets created as part of a VCF deployment and hosts all the infrastructure components, such as vCenter servers, NSX managers, and the fleet components, such as VCF operations and VCF automation. Optionally, it can host NSX Edge clusters. The management domain is used to administer and manage the private cloud. 

To deploy the management workload domain, you add ESXi hosts in the data center as a compute pool, represented as inventory in the diagram below.

Once the ESXi hosts have met the prerequisites, a management domain is created on a 4-host cluster (typically). To run the business applications (VM/K8s or private AI), you create a VI workload domain. Based on the business requirements, you can run the VMs, containers, and private AI workloads in the same workload domain or have a dedicated domain for each one of them. In the case of the latter, each workload domain is isolated behind its own vCenter server.

Each workload domain has its pool of storage, separate networking, and a pool of capacity for hosting workloads. A workload domain could have one or more clusters, up to vSphere’s maximums. Each domain can be scaled independently of the others.

VCF Instance

A VCF management domain with one or more virtual infrastructure (VI) workload domains represents a VCF instance. Each VCF instance is designated by having a single management domain. In a VCF instance, you add additional VI workload domains to scale that up. The management domain and the VI workload domain can have a single cluster or can be multi-clustered.

VCF Fleet

VCF-9 introduced a new component called VCF fleet in the VCF ecosystem. A VCF fleet is a collection of one or more VCF instances. A VCF fleet also includes 2 additional components: VCF operations and VCF automation. The fleet components are intended to span across VCF instances. You can have a single VCF operations and automation instance managing multiple VCF instances.

You can have multiple VCF fleets running in your data center, and these fleets together constitute your VCF private cloud.

So, in a nutshell, you deploy a workload domain first, then a VCF instance, and lastly, a VCF fleet.

Workload Domain and Cluster Topologies

When you create a new VCF instance, you can have a separate management domain and a VI workload domain. The management domain is dedicated to hosting only infrastructure components and is separated from the VI workload domain. You then create VI workload domains to host those user workloads. This topology ensures that each domain has dedicated resources.

Each domain has dedicated vCenter and NSX managers and has isolated networking and storage constructs. This architecture is referred to as the VCF standard architecture.

Note: Two or more VI workload domains can share the same NSX managers or can have dedicated NSX managers. 

VCF Standard Architecture – Single NSX Domain

VCF Standard Architecture – Dedicated NSX Domain

VCF also supports another topology known as the consolidated architecture. In this topology, the management domain and the VI workload domain are collapsed into a single entity, and isolation between infrastructure workloads and business workloads is achieved through vSphere resource pools. This is suitable for an environment that wants to start small and then scale out.

Rack Resiliency

There are different ways of providing availability for the clusters that make up a workload domain. Let’s understand them using the following examples.

1: Clusters in a Single Rack

In this architecture, all clusters of a workload domain are deployed in a single rack. The main benefit of this topology is that all east-west traffic and storage traffic (if using vSAN) are confined within a single rack. This helps save storage bandwidth, as you are not sending a lot of data across the top-of-rack switches. 

The main disadvantage of this topology, however, is that if a rack is lost, your workloads experience significant downtime and, in some cases, data loss. 

2: Cross-Rack Deployment

VCF supports cross-rack deployments where a workload domain can span across racks. To achieve resiliency, you configure fault domains in vSAN. This ensures that you can survive a rack failure, and there won’t be any data loss.

VCF provides you the flexibility to mix and match different topologies in the same environment. You can have a few clusters that are single-racked and a few spanning across the racks. Based on your business use case, you can choose which deployment model works best for you. 

In the example provided below, you have 2 single-clustered workload domains that are deployed in a single rack. Then you have workload domain 02 that has multiple clusters, and the clusters span across the racks. Also, workload domain 02 can have another standard cluster that is deployed in a single rack.

3: vSAN Stretched Cluster

This deployment model suits customers who have data centers in close proximity and want to stretch clusters across availability zones. Let’s take the previous deployment model example. 

You have added a new availability zone hosted in your second data center. The workload domain 02 has a new cluster that spans across the two availability zones, in addition to a couple of standard single-racked clusters and one multi-racked cluster. This topology provides a higher level of data protection by ensuring you survive a large-scale outage. You can run non-critical workloads on the standard clusters and your tier-1 apps on the multi-racked or stretched cluster. 

4: vSAN Storage Cluster

On top of rack resiliency, VCF also supports a vSAN storage cluster (previously known as vSAN Max) only. In this deployment model, you build a storage cluster in one rack and then mount the storage provided by the storage cluster onto other clusters deployed across the racks. 

Therefore, you have various options when it comes to cluster topologies and workload domain deployment. VCF offers deployment strategies that address most business use cases for rack resilience and data protection.

More deployment models cover remote sites, but it’s a topic of discussion for another blog post. 

Conclusion

Why VCF 9 Matters?

VCF 9 brings together compute, network, and storage into a tightly integrated, automated private cloud platform. From advanced memory use and improved disaster recovery to better networking and streamlined multi-tenant operations, it’s designed to help organizations boost efficiency, tighten security, and reduce cost and complexity in private cloud environments. It’s a key upgrade for any enterprise looking to stay ahead in the modern IT landscape.

And that’s it for this post. In the next post of this series, I will discuss VCF 9 deployment. 

I hope you enjoyed reading this post. Feel free to share this on social media if it is worth sharing.

Spread the Love

One thought on “VCF-9 – Part 1: Introduction & Architecture

  1. Pingback: VCF-9 – Part 3: Networking Models

Leave a Reply