VMware Cloud Foundation (VCF) 9.1 has been released just a few days ago. In this blog post, I’ll highlight some of the new features in VCF 9.1.
VMware Cloud Foundation (VCF) 9.1 continues the platform’s evolution as a unified private cloud solution, delivering improvements across infrastructure efficiency, lifecycle management, developer services, cyber resilience, and operational automation. This release focuses on reducing operational complexity while improving resource utilization and accelerating the deployment of both traditional and cloud-native workloads.
Let’s examine the key capabilities introduced in VCF 9.1 and what they mean for infrastructure and platform teams.
Enhanced NVMe Memory Tiering
Many enhancements were made for Memory Tiering to provide better Observability, more redundancy choices, improved configuration, and VM interoperability. Administrators now gain deeper visibility into memory tiering health and performance through new host- and cluster-level dashboards and expanded metrics in vCenter. The release also introduces software-based mirroring, eliminating the need for dedicated RAID controllers while reducing costs, operational complexity, and potential single points of failure. Configuration has been streamlined into a unified, UI-driven workflow powered by VMware Configuration Profiles, cutting deployment time by more than 50% and removing the need for manual partitioning or host reboots. Additionally, VCF 9.1 expands interoperability by removing previous power-on restrictions for workloads such as latency-sensitive VMs, Fault Tolerance VMs, large virtual machines, and nested hypervisors, enabling greater flexibility in environments that leverage memory tiering.
Extended vSAN Deduplication and Compression
Storage efficiency receives a significant boost in VCF 9.1 through enhancements to vSAN’s data reduction capabilities. Deduplication and compression support have been expanded across additional cluster types and workload profiles, allowing organizations to reduce the raw storage required for each logical terabyte of data. The release also introduces deduplication support for encrypted data-at-rest environments, addressing a common limitation in security-sensitive deployments. Improved compression algorithms further increase storage efficiency, enabling customers to maximize usable capacity while lowering storage infrastructure costs.
vSphere Elastic Provisioning: Zero-Touch Infrastructure Deployment
Provisioning new hosts traditionally requires multiple manual steps, from operating system installation to configuration and cluster integration. VCF 9.1 introduces vSphere Elastic Provisioning, a zero-touch deployment capability that automates the bootstrap and configuration of ESX hosts on bare-metal servers. Using modern network-based imaging technologies such as UEFI and HTTP/S, administrators can deploy hosts without manual intervention. The result is faster infrastructure deployment, improved consistency, and reduced operational overhead when scaling environments.
Vsphere Kubernetes Sevice (VKS) and VM Fast-Deploy.
VKS 3.6 is included in VCF 9.1. It’s a 100% CNCF Kubernetes conformant experience while extending the support to 24 months. With the latest release customers get all upstream Capabilities enabled like In-place Pod resource updates and native OCI image volume sources. As cgroups-v1 is deprecated in 1.35, all VKS node images are already safely running cgroups-v2 out of the box. VM Fast Deploy accelerates workload delivery by utilizing per-datastore image caching and delta-disk technology to minimize deployment latency. For standard VMs, Linked Mode is used, which functions like a linked clone. It creates a delta disk referencing that local cache, allowing the VM to power on almost instantly. Because VKS clusters are built on these very same VMs, this optimization is exactly what allows us to slash cluster deployment times so dramatically. For encrypted workloads where delta disks aren’t an option, we use Direct Mode to ensure we’re still moving data as efficiently as possible. It’s this underlying VM-level speed that ultimately powers the agility of the entire platform.
Live Patching for ESX Hosts
Maintenance windows remain a significant challenge for infrastructure teams operating mission-critical environments. VCF 9.1 introduces Live Patching for ESX on TPM-enabled hosts, allowing qualifying patches to be applied directly to the running kernel memory without requiring host reboots or virtual machine downtime. According to VMware, this approach can cover up to 80 percent of patching scenarios, dramatically reducing maintenance windows and minimizing operational disruption.
Continuous Compliance Enforcement
Security and compliance requirements continue to grow in complexity across enterprise environments. VCF 9.1 enhances Advanced Cyber Compliance with continuous compliance remediation capabilities and unified security posture management across the VMware Cloud Foundation stack. Rather than relying solely on periodic compliance assessments, organizations can continuously monitor, detect, and remediate configuration drift and policy violations. This helps maintain security baselines while reducing the operational burden associated with compliance management.
Integrated On-Premises Ransomware Recovery
Cyber resilience is a major focus area in VMware Cloud Foundation 9.1. The release introduces integrated on-premises ransomware recovery capabilities that leverage isolated VCF clean room environments. In the event of a ransomware attack, organizations can recover workloads into a secure, isolated environment for validation and remediation before returning systems to production. This capability strengthens business continuity strategies while reducing recovery complexity and improving organizational readiness against modern cyber threats.
VCF Operations Real Time Metrics
VCF 9.1 has several enhancements that make it easier to identify and troubleshoot issues. These include Real Time metrics collection, ability to create custom troubleshooting dashboards, and the ability to capture and save notes in the troubleshooting workbench. In VCF 9.1 the real time metrics collection is applicable to NSX Edge, ESX hosts, VMs, WCP, Datacenter, Cluster, and vSAN. OOTB, real time metrics are collected every 20 second (continues to be 30 seconds for vSAN) with an optional ability to configure as low as 2-second metrics collection for ESX hosts. A separate Real Time Service instance is deployed for each VCF instance. It is easily deployed as a day-2 operations from the VCF Operations.
VCD Migration Path to VCF Automation
With the VCF 9.1 release, it is now possible to migrate organizations and associated administrative data from VMware Cloud Director (VCD) to VCF Automation (VCFA) using a migration tool, which is available within the VCFA UI. VMs are imported from OrgVDC Resource Pools into Namespaces. Supervisor, Clusters, Regions, Projects and Namespaces auto-created and mapped to existing VCD constructs. Network boundaries of OrgVDCs are migrated to NSX VPC.
Virtual Network Appliances (VNA): Network Services without Edges
VNAs address a key limitation of the Distributed Transit Gateway (DTGW) architecture introduced in VCF 9.0. While DTGW simplified networking by eliminating NSX Edge nodes and enabling direct host-to-physical network connectivity, it also removed the centralized location for advanced network services. VNAs restore these capabilities by providing lightweight, easy-to-deploy appliances that deliver stateful services such as SNAT, DNAT, and load balancing without requiring complex BGP configuration or Tunnel End Point (TEP) networking. This approach preserves the simplicity and performance benefits of an edge-less architecture while enabling critical networking services required for modern platforms such as VMware Kubernetes Service (VKS) and VMware Cloud Foundation Automation (VCFA).
Distributed Transit Gateway connection for VPCs
VCFA now allows us to use existing VLANs to connect to our Transit Gateways (TGW) used by our organizations. Distributed VLAN Connections offer a simplified way to connect organizations TGWs to outside networks without using an NSX Tier-0 gateway. In the distributed connectivity model, to provide stateful network services needed by the supervisor, such as Load Balancer, we need to have a VNA cluster set up. The VNA cluster will need to be setup using either vSphere client or NSX. VCF Automation simply discovers the available VNA clusters for our environment and lists them in the VCFA Provider Management Portal. Creating distributed connections allows to connect workloads to networks already existing in the datacenter, for instance on a VLAN.
Virtual Private Cloud (VPC) Connectivity Policies
VCF 9.1 introduces the concept of connectivity policies for VPCs. By default, a VPC has no policy assigned, and VPCs can communicate freely with each other. We now can group VPCs by assigning them a common connectivity policy of “community type”. VPCs within the same community can communicate with each other. However, they cannot communicate with VPCs in other communities, or with VPCs that have no connectivity policy.
Another option is the promiscuous policy. VPCs with this policy can communicate with any other VPC. Finally, the isolated policy groups VPCs that can only communicate with promiscuous VPCs.
Overall, connectivity policies provide a simple way to control communication between VPCs within a project. For example, we can easily create a shared services VPC, all through simple grouping instead of complex firewall rules.
VCF Management Services: A Unified Operational Foundation
One of the most important architectural enhancements in VCF 9.1 is the introduction of VCF Management Services. This new framework provides a common runtime environment and shared set of components that unify lifecycle management and operational capabilities across the VMware Cloud Foundation stack. The VCF services runtime instance of the first VCF Instance hosts the fleet-level VCF management services components that perform global operations and the instance-level components for that VCF Instance. Every VCF Instance has a VCF services runtime instance that hosts the instance-level VCF management services that run local tasks. Two models exist:
- First VCF Instance
Runs the following fleet level components: Fleet lifecycleSalt, RaaS, Log management.
Runs the following VCF Instance level components: SDDC lifecycle, Telemetry, Salt master, Identity broker, Real-time metrics, Software depot - Additional Instance
Runs the following VCF Instance level components: SDDC lifecycle, Telemetry, Salt master, Identity broker, Real-time metrics, Software depot
The following figure depicts the two VCF management services models.
Conclusion
Overall, VCF 9.1 represents another significant step toward a unified, automated, and resilient private cloud experience. Organizations planning their next platform refresh or private cloud modernization initiative should take a close look at the capabilities introduced in this release.
If you want to learn more about the VCF 9.1 capabilities, make sure to also check out the VCF 9.1 Discover What’s New website.
Leave a Reply