Upgrading Your vSphere Environment to VMware Cloud Foundation (VCF) 9.0

 

Modern IT organizations are increasingly looking to move from traditional vSphere deployments to a fully integrated private cloud model. VMware Cloud Foundation (VCF) 9.0 brings a simplified architecture, improved governance, and support for modern workloads—including AI and ML—while reducing operational complexity.

If you’re running an existing vSphere environment, upgrading to VCF 9.0 is a natural next step. This blog walks you through the high-level upgrade process, supported by a flowchart to visualize the journey.

High-Level Upgrade Steps to VCF 9.0

1. Design Consideration for VCF 9.0

Before you start, assess your current environment and plan for the target VCF 9.0 architecture.
Key actions:

• Validate hardware compatibility against the VCF 9.0 HCL.
• Review licensing needs—VCF 9.0 introduces simplified licensing.
• Identify which workloads will move first.
• Define network, storage, and security policies for the new foundation.

2. Complete All Prerequisites

Prepare your vSphere environment so it’s fully aligned for the upgrade:

• Upgrade supporting components (vSAN, NSX if applicable).
• Take full backups of vCenter, ESXi, and critical configs.
• Validate DNS, NTP, and network reachability.
• Ensure compliance with the minimum vSphere versions required by VCF 9.0.

3. Upgrade vCenter Server

The vCenter Server must be upgraded first since it is the central management plane.

• Upgrade to vCenter 9.0.
• Validate API and plugin compatibility.
• Test connectivity with ESXi hosts post-upgrade.

4. Upgrade ESXi Hosts

Once vCenter is running at the target version:

• Place hosts into maintenance mode (use vMotion to evacuate workloads).
• Upgrade ESXi to version 9.0.
• Validate host profiles, storage adapters, and networking after upgrade.

5. Deploy VCF Installer

The VCF installer orchestrates the private cloud buildout.

• Deploy it into the upgraded vSphere environment.
• Connect it to your management network.
• Validate access to the depot for downloading bundles.

6. Configure Depot and Download Bundle

The installer needs the VCF software bundle:

• Configure connectivity to the VCF depot (online or offline mode).
• Download the VCF 9.0 bundle.
• Ensure checksum validation before proceeding.

7. Deploy VCF 9.0 Using vCenter 9.0

With the installer ready:

• Deploy VCF 9.0 on top of your existing vCenter 9.0.
• This integrates your vSphere environment into a fully managed VCF framework.
• Deploy the Management Domain as the foundation for workload domains.

8. Configure Licensing in VCF Operations

VCF 9.0 introduces unified licensing:

• Apply the single license file in VCF Operations.
• Validate license compliance across vCenter, ESXi, and NSX.

9. Import Workload Domains (Optional)

If you have existing workload clusters/domains:

• Use the Import functionality to bring them under VCF governance.
• Align policies with the management domain.

Why Upgrade to VCF 9.0?

• Unified Operations → Manage vSphere, vSAN, and NSX under a single cloud operating model.
• Modern Workload Support → Run VMs, containers, and AI workloads natively.
• Simplified Licensing → Single license file for the entire platform.
• Fleet Management → Manage multiple VCF instances at scale.

This upgrade path ensures a structured transition from vSphere to VCF 9.0, allowing you to modernize operations while protecting existing workloads.

VMware Cloud Foundation (VCF 9) Fleet Deployment Options – A Deep Dive

 

As enterprises modernize their private cloud environments with VMware Cloud Foundation (VCF 9), managing multiple deployments at scale becomes a challenge. Different business units, regions, or even departments may run their own VCF instances, each with unique lifecycle, governance, and compliance requirements.

This is exactly where VCF 9 Fleet comes in. It acts as a single pane of glass for governance and policy enforcement across multiple VCF instances—whether they are within a single datacenter, spread across multiple sites in one region, or deployed globally.

Based on my understanding of VCF 9, I’ve analyzed multiple Fleet deployment approaches and their impact across different environments. What I realized is that the deployment model really matters—it must align with the organization’s scale, resilience goals, and compliance posture.

In this blog, I’ll walk you through the five primary VCF Fleet deployment options, with detailed insights, architectural context, and real-world examples.

1. VCF Fleet in a Single Site with Minimal Footprint

This is the most basic and lightweight Fleet deployment option. Think of it as the entry point into Fleet, typically chosen by organizations who want to explore its capabilities without committing to a large footprint.

Architecture Characteristics:

• Single VCF instance deployed in one datacenter.
• Fleet Manager co-located with the management domain.
• Minimal overhead; only the essential Fleet components are deployed.

When to Choose:

• Proof of Concept (PoC) environments.
• Smaller IT shops where one VCF instance is enough.
• Edge locations where resources are constrained.

Benefits:

• Extremely easy to deploy and manage.
• Gives IT teams a starting point to learn Fleet’s capabilities.
• Governance and compliance can still be applied, even at small scale.

Limitations:

• No support for multiple sites.
• Not designed for resiliency or large-scale environments.

Customer scenario: A retail chain rolling out a new regional warehouse IT setup—small scale today, but planning to scale into multiple DCs tomorrow. They start with minimal footprint Fleet to learn and prepare for future expansion.

2. VCF Fleet in a Single Site (Standard Deployment)

The next step up from minimal is a standard single-site Fleet deployment. While still operating in a single datacenter, this option gives you the full set of governance, lifecycle, and compliance features Fleet offers.

Architecture Characteristics:

• Single VCF instance in one site, but Fleet runs in full deployment mode.
• Complete management capabilities: governance, compliance checks, lifecycle operations.
• Can manage multiple workload domains under the same VCF instance.

When to Choose:

• Medium to large enterprises running workloads from a single datacenter.
• Organizations with compliance-heavy workloads that require governance.
• Customers who want to standardize operations in a single location.

Benefits:

• Comprehensive management in a single site.
• Suitable for long-term operations if growth is limited to one DC.
• Provides full lifecycle automation and consistency.

Limitations:

• Tied to one physical location.
• Not resilient against regional disruptions.

Customer scenario: A healthcare provider with a single large hospital datacenter. Fleet ensures all workloads—from patient applications to imaging—are governed under strict compliance policies.

 

3. VCF Fleet with Multiple Sites in a Single Region

Now we move into multi-site governance. Here, Fleet manages multiple VCF instances deployed across different datacenters within the same region. This is often the first step for enterprises looking to add resilience and DR within a geography.

Architecture Characteristics:

• Multiple datacenters within one region (say, Mumbai or California).
• Each site runs a VCF instance.
• Fleet Manager enforces governance and compliance across all sites.

When to Choose:

• Enterprises requiring regional disaster recovery setups.
• Banks and financial institutions with primary + DR datacenters.
• Any organization that needs resiliency within one metro/region.

Benefits:

• Unified governance and compliance across sites.
• Simplifies lifecycle and operations across all datacenters in a region.
• Supports cross-site workload mobility and DR testing.

Limitations:

• Bound to one region; doesn’t extend to global coverage.
• Requires strong regional network connectivity.

Customer scenario: A banking customer I worked with had three datacenters in one region—primary, DR, and test. Fleet gave them one governance model across all three, drastically reducing operational overhead.

 

4. VCF Fleet with Multiple Sites Across Multiple Regions

This is where things scale to a global level. Fleet spans multiple regions—each with their own sites—and provides centralized management and governance.

Architecture Characteristics:

• Regions defined geographically (e.g., APAC, EMEA, North America).
• Each region may contain one or more sites.
• Fleet overlays them all to provide global policy, compliance, and visibility.

When to Choose:

• Large multinational corporations with datacenters worldwide.
• Organizations needing global compliance enforcement.
• Industries like finance, telecom, or manufacturing with global operations.

Benefits:

• Single governance model across continents.
• Standardization of operations globally.
• Easier to meet global compliance regulations.

Limitations:

• Requires advanced networking and identity federation.
• Higher operational complexity.

 Customer scenario: A telecom company with DCs in Singapore, Frankfurt, and Virginia needed one global compliance posture. Fleet made it possible to apply consistent governance policies worldwide.

 

5. VCF Fleet with Multiple Sites in a Single Region Plus Additional Regions

Finally, the hybrid model. This is the most advanced Fleet deployment scenario, where an enterprise combines regional multi-site resiliency with global governance.

Architecture Characteristics:

• A core region with multiple datacenters (for regional resilience).
• Additional regions (APAC, EMEA, Americas) also running sites.
• Fleet oversees all, enforcing both regional DR governance and global policies.

When to Choose:

• Enterprises with both regional resilience needs and global consistency requirements.
• Multinationals with tiered governance (local policies + global oversight).

Benefits:

• Best of both worlds: local DR + global consistency.
• Highly resilient, highly standardized.
• Meets even the toughest compliance and SLA requirements.

Limitations:

• Complex design and operations.
• Requires careful planning of networking, compliance, and identity.

 Customer scenario: A global manufacturing giant with 3 European sites for DR, plus datacenters in APAC and North America. Fleet allowed them to keep regional DR intact while applying global governance rules.

The power of VCF Fleet lies in its flexibility. Whether you’re running a single datacenter, a regional cluster of sites, or a global network of private clouds, Fleet adapts to your needs.

The key is to choose the deployment model that aligns with your business goals, compliance posture, and resilience requirements. Start small if you need to, but design with the future in mind—because the way you structure your Fleet today will define how scalable and consistent your private cloud operations become tomorrow.

VCF Fleet isn’t just about technology—it’s about building a governed, resilient, and globally consistent private cloud that grows with your business.

Mastering VCF 9.0 Automation: Deep Dive into All App, VM App, and Provider App Organizations

 

Introduction

With the release of VMware Cloud Foundation (VCF) 9.0, VMware has continued to enhance its approach to delivering private cloud infrastructure that is secure, scalable, and easier to manage. One of the most significant changes in VCF 9.0 is the introduction of a new automation model designed to support multi-tenancy, better resource governance, and clearer separation between provider and tenant responsibilities. This new model is centered around three core organizational constructs: All App Organization, VM App Organization, and Provider App Organization. In this blog, we explore each of these in detail, understand their role in the overall architecture, and provide best practices for implementation.

Understanding the VCF 9.0 Automation Framework

VCF 9.0 introduces an evolved automation framework that builds on VMware Aria Automation (formerly vRealize Automation). Rather than treating automation as a one-size-fits-all component, VCF 9.0 allows infrastructure providers and tenants to operate in well-defined, segregated environments. This segregation ensures better governance, scalability, and alignment with enterprise and service provider use cases.

The automation experience in VCF 9.0 is delivered through three automation apps:

1. All App Organization
2. VM App Organization
3. Provider App Organization

Each organization type has distinct responsibilities and capabilities, and together they help build a secure and scalable private cloud ecosystem.

1. All App Organization

The All App Org is the default or root organizational entity in the VCF 9.0 automation framework. It is typically managed by the infrastructure provider or cloud admin and is responsible for managing shared infrastructure and global services.

Key Functions:

• Manage and onboard cloud accounts (such as vCenter, NSX, storage).
• Define global content such as blueprints, templates, and policies.
• Create and manage infrastructure projects across all tenants.
• Set up tagging strategies and resource placement policies.
• Maintain centralized governance and access control.

Typical Use Case: A platform team managing a single or multi-tenant private cloud infrastructure, where global templates and catalogs are created once and shared across tenant organizations.

Important Limitation: You cannot add the same vCenter Server to multiple organizations (All App Org, VM App Org, or Provider App Org) simultaneously. vCenter can only be onboarded to one organization due to resource ownership and inventory synchronization limitations. Attempting to do so may lead to duplication errors, inventory sync issues, and policy enforcement conflicts.

2. VM App Organization

The VM App Org is designed for tenant teams or business units within an enterprise that require self-service provisioning, resource control, and automation tailored to their specific use case.

Key Functions:

• Allows tenants to manage their own infrastructure projects.
• Users can deploy workloads using scoped catalog items.
• Provides isolation through dedicated projects, roles, and permissions.
• Enables granular control over resource usage and deployment behavior.

Typical Use Case: A large enterprise with separate Dev, QA, and Production teams using VCF to deploy and manage their workloads independently. Each team is given its own VM App Org with access to tailored templates and policies.

Best Practices:

• Use separate folders, clusters, and tags to isolate tenant environments.
• Implement quota and lease policies to control resource usage.
• Define tenant-specific cloud templates that inherit from All App Org catalog items.

3. Provider App Organization

The Provider App Org serves cloud providers or MSPs who are managing multiple tenants and want centralized visibility and control without exposing the underlying infrastructure directly to the tenants.

Key Functions:

• Provides a control plane for service providers.
• Allows onboarding and management of multiple VM App Orgs.
• Supports service brokering, billing integration, and centralized policy enforcement.
• Delegated administration without giving full infrastructure access.

Typical Use Case: A managed service provider hosting multiple customer environments on a single VCF instance, offering self-service capabilities while maintaining control over the infrastructure.

Key Advantages:

• Simplifies tenant lifecycle management.
• Enhances compliance by isolating responsibilities.
• Facilitates cross-tenant visibility for operational insights.

Architectural Considerations

When planning a VCF 9.0 deployment, careful thought must be given to how vCenter, NSX, and other infrastructure components are mapped to organizations. Below are some considerations:

• A single vCenter can be onboarded to only one automation organization.
• NSX segments and transport zones must be scoped to appropriate domains and orgs.
• Projects act as logical containers within orgs and can further segment workloads.
• Content sharing between orgs must be explicitly configured and governed.

Common Pitfalls to Avoid:

• Attempting to onboard a single vCenter into both All App Org and VM App Org.
• Using global tags without a naming convention, leading to conflicts.
• Over-provisioning access rights across orgs.

Conclusion

VMware Cloud Foundation 9.0 significantly improves automation capabilities by introducing a well-structured, multi-org framework that supports both enterprise and service provider use cases. By understanding and effectively utilizing the All App, VM App, and Provider App organizations, customers can achieve better resource control, enhanced security, and operational scalability. As always, planning the organization structure, access model, and resource boundaries in advance is critical for a successful VCF automation deployment.

Stay tuned for a follow-up blog where we'll walk through a real-world deployment scenario using all three organization types in VCF 9.0.