Skip to content
Latest
NewUpgrade NVIDIA Mellanox Firmware for VCF 9NewOmnissa Horizon 2603 – Deleting / Cleaning Up Orphaned VMs / TemplatesNewVMware Explore 2026: A No-Hype Field Guide for VCF PractitionersPostBuild a Production-Ready VCF Offline Depot in 5 MinutesPostIntegrating Microsoft Certificate Authority with VMware Cloud Foundation 9.xPostVMware Explore 2026: What VCF Practitioners Should Plan ForPostVCF 9.1: Past the AI Hype, a Solid Maturity ReleasePostLight & Dark Mode, now on every toolNewUpgrade NVIDIA Mellanox Firmware for VCF 9NewOmnissa Horizon 2603 – Deleting / Cleaning Up Orphaned VMs / TemplatesNewVMware Explore 2026: A No-Hype Field Guide for VCF PractitionersPostBuild a Production-Ready VCF Offline Depot in 5 MinutesPostIntegrating Microsoft Certificate Authority with VMware Cloud Foundation 9.xPostVMware Explore 2026: What VCF Practitioners Should Plan ForPostVCF 9.1: Past the AI Hype, a Solid Maturity ReleasePostLight & Dark Mode, now on every tool
Virtual Bytes
Infrastructure · VCF · NSX · vSAN
VMware Cloud Foundation May 6, 2026 9 min read

VCF 9.1: Past the AI Hype, a Solid Maturity Release

Broadcom announced VMware Cloud Foundation 9.1 on May 5th, 2026, and the messaging across the press release and the dozen-plus supporting blog posts all converges on the same theme: “AI and Kubernetes native private cloud.” If you read all of them, you’d think the headline is AI. It isn’t — not for most of us.

For operators and architects running VCF, the headlines that actually matter are: 2× scale per instance, 4× faster cluster upgrades, live patching maturity, vCenter-as-a-workload-domain for 8.0 U3+, NVMe memory tiering with real TCO numbers, vSAN-to-vSAN replication from any source, and hardware-offloaded encrypted vMotion. Everything else is interesting, but those items change how you actually operate the platform.

TL;DR

  • 5,000 ESX hosts per instance (2× from 9.0), 4× faster cluster upgrades with parallel lifecycle operations
  • NVMe memory tiering — up to 40% lower TCO through unified memory model (DRAM + NVMe offload)
  • vSAN global dedup + enhanced compression — up to 39% lower storage TCO
  • Encrypted vMotion with hardware offload (Intel QuickAssist) — ~70% CPU savings during migrations
  • Live patching covers up to 80% of patch use cases without host evacuation
  • VCF Operations can manage existing vSphere 8.0 U3+ environments as a workload domain
  • vSAN replication accepts any source (VMFS, NFS, vSAN) into a vSAN target
  • vDefend — 9 Tbps threat inspection per instance, 5× more app IDs, IDS/IPS now extends to VKS
  • VKS scales to 500 Kubernetes clusters per Supervisor
  • AI capabilities are real, but unless you’re building Private AI, they’re not why you upgrade

Infrastructure efficiency: the part with actual TCO numbers

This is where 9.1 earns its keep, and Broadcom is publishing real numbers for once.

NVMe memory tiering introduces a unified memory model — hot data stays in DRAM, colder pages get offloaded to NVMe. 9.1 improves performance over the 9.0 implementation, adds native software mirroring, and simplifies deployment. The headline number is up to 40% lower TCO and higher consolidation ratios, which is significant if you’re running memory-bound workloads (databases, large VM estates, AI inference clusters mixed with traditional workloads). Caveat: this is a Broadcom internal estimate. Validate against your actual workload mix.

vSAN global deduplication and enhanced compression runs continuously in the background, supports encrypted environments, and Broadcom is claiming up to 39% lower storage TCO. If you’re on vSAN already, this is a software upgrade away from real capacity savings without a hardware refresh.

Encrypted vMotion with hardware acceleration is the quiet sleeper hit. Intel QuickAssist Technology now offloads the encryption work, with Broadcom claiming up to ~70% CPU savings during migrations. Anyone who’s watched a host’s CPU pin during a maintenance-window migration of large VMs will appreciate this one. It also means encrypted vMotion is finally cheap enough to be a default rather than a “for sensitive workloads only” exception.

vSphere Elastic Provisioning brings parallel imaging, automated discovery, and consistent configuration to host onboarding. Less interesting unless you’re regularly racking new hardware — but if you are, the time savings are real.

Lifecycle and scale

4× faster cluster upgrades. 9.0’s parallel cluster upgrades had a low enough cap that maintenance windows still ran long for medium-fleet shops. The increased parallel lifecycle capacity in 9.1 changes the math — what used to be a multi-weekend window for 100+ clusters can now compress significantly. Wall-clock time will be dominated by the slowest cluster, not by serialization overhead. Re-baseline your maintenance window estimates against this if you have a large estate.

Live patching maturity. 9.0 introduced live patching but had real gaps in the supported scenarios. 9.1 expands the supported use cases substantially. Broadcom’s claim is that up to 80% of patch use cases can now be applied without host evacuation or maintenance windows. That number is aspirational, but even getting half your patches off the maintenance-window calendar is a real win for SLAs on continuous-availability workloads.

5,000 ESX hosts per single instance — 2× from 9.0. For most homelab and mid-market environments this is irrelevant. For large estates, instance consolidation becomes a real conversation. Fewer instances means fewer management endpoints to monitor, fewer certs to rotate, fewer upgrade cycles. The catch: bigger blast radius cuts both ways. Plan around fault domains.

Topology-aware scheduling for modern high-core-count processors and enterprise support for Ubuntu OS images round out the platform-level changes.

vCenter-as-a-workload-domain

This deserves its own callout. VCF Operations in 9.1 can manage existing vSphere 8.0 Update 3+ environments as a workload domain. Your VCF instance runs 9.1, but Operations can wrap a separate vSphere 8.0 U3+ environment for lifecycle management.

If you’ve been quoting “we can’t move to VCF until we’re done with the vSphere refresh,” this changes the conversation. Bring legacy vCenters under VCF Operations now, migrate underlying clusters into full VCF workload domains on your own timeline.

vSAN: practical wins

vSAN-to-vSAN replication now accepts any source — VMFS, NFS, or vSAN — replicating to a vSAN target. For mixed-storage environments (most environments), this means a single replication target and workflow regardless of where the workload sits today. If you’ve been juggling separate replication products for legacy VMFS versus newer vSAN workloads, take a look.

vSAN for Recovery combines deep snapshot chains with integrated replication workflows for a streamlined approach to both DR and ransomware recovery. It’s the foundation that ties together with the CrowdStrike clean-room workflow below.

Native S3 object storage lands as a third storage type alongside block and file, exposed through VCF Automation. If you’ve been propping up MinIO or a third-party object store just to satisfy a CI/CD pipeline that wants S3 endpoints, this is worth piloting. Read the docs carefully on production readiness before committing.

VKS and modern apps

VKS scales to 500 Kubernetes clusters per Supervisor. Combined with faster provisioning and better isolation, this is the scale that finally makes VKS a serious option for service providers and large multi-tenant platform teams. Broadcom is claiming up to 46% lower Kubernetes operational costs at scale.

Live application stack blueprints are genuinely interesting. Capture a running multi-VM application — compute, networking, storage configuration, dependencies — and turn it into a reusable template. For DevOps teams provisioning environments at scale, this collapses what used to be hours of manual configuration into minutes, with consistency across dev/test/prod.

Networking and security

vDefend brings 9 Tbps threat inspection per VCF instance along with 5× more application IDs (~4,000 new signatures) for L7 firewall rules. Distributed IDS/IPS now extends to Kubernetes workloads for the first time, eliminating the blind spot between VM-only and container-based protection. New exempt actions let you exclude trusted traffic (backup flows, replication) from inspection — overdue and welcome.

CrowdStrike Falcon EDR integration for ransomware recovery is more substantial than the press release headline suggests. Recovered workloads get scanned in isolated clean room environments before being returned to production, helping prevent reinfection. If you’ve ever had to recover from ransomware and worried whether your “clean” backups were actually clean, this is the workflow you’ve wanted.

Continuous compliance enforcement with Advanced Cyber Compliance (ACC) provides automated assessment and remediation against VCF security guidelines and PCI DSS benchmarks, with built-in drift detection. Real time saved on audit prep.

Open networking ecosystem. EVPN and VXLAN interoperability with Arista Universal Cloud Network is a genuine signal that Broadcom isn’t trying to lock the network layer down. Cisco and SONiC integrations are also called out. If your network team has invested in Arista or Cisco fabric, you can stand up VCF on top without re-architecting the underlay.

The AI story

AI is the marketing headline, not the operational headline for the average VCF environment. That said, if you’re actively building Private AI, there’s substance:

  • NVIDIA ConnectX-7 + BlueField-3 with Enhanced DirectPath I/O for high-speed multi-host AI training and data transfer
  • AMD Instinct MI350 Series GPUs with Enhanced DirectPath I/O — open accelerator choice, not just NVIDIA
  • DirectPath enablement for NVIDIA GPUs — exclusive GPU access for a single VM
  • CPU-based inferencing through Llama.cpp for proof-of-concept and smaller workloads
  • AI Metrics Observability Dashboard — time to first token, token throughput, GPU utilization
  • vDefend protects VKS clusters with the same distributed IDS/IPS as VMs

If you’re not building Private AI infrastructure, none of these change anything for you. Don’t let “AI-native” framing pressure you into upgrading on a timeline that doesn’t fit.

Things to be cautious about

  1. Don’t upgrade production on day one. Wait at least one patch cycle and let community feedback surface the edge cases.
  2. TCO numbers are vendor numbers. The 40% memory TCO, 39% storage TCO, 70% vMotion CPU savings, and 80% live-patching figures are all Broadcom internal estimates. Validate against your actual workloads.
  3. vSAN S3 readiness. Read the docs before committing production workloads.
  4. Several capabilities are gated behind Advanced Services for VCF licensing (vDefend, Avi Load Balancer, ACC). Pay attention to which features you actually get.
  5. Check the HCL. Especially if you’re running older NICs or storage controllers — and especially if you want hardware-offloaded encrypted vMotion (needs Intel QuickAssist).

What I’d do this week

Read the actual release notes (not the marketing blogs), inventory your TPM-enabled hosts, identify mixed-storage environments that could collapse onto a single vSAN replication target, check whether your CPU generation supports QuickAssist for the vMotion offload story, and spin up a homelab or non-prod upgrade. Don’t touch prod yet.

Bottom line

VCF 9.1 is a maturity release, not a revolution. The features that matter most — live patching, parallel upgrade scale, NVMe memory tiering, vCenter-as-workload-domain, hardware-offloaded encrypted vMotion — are about reducing operational friction and TCO at scale. The AI features are real, but they’re not why most of us run VCF. What this release signals clearly is that Broadcom is investing in the platform, not coasting.

I’ll be running 9.1 through the homelab over the next couple of weeks. Expect a follow-up on the actual upgrade path and whether the parallel-upgrade math holds up. Got specific 9.1 questions or use cases? Drop a comment below.

Further reading

Share
Tags 5000 esx AI Cloud Computing cyber security private AI s3 servers storage vcenter Virtual Machines VKS VMs vmware VMware Cloud Foundation vsan
Tommy Grot
Infrastructure engineer and author at VirtualBytes.

Leave a comment

Your email address will not be published. Required fields are marked with an asterisk.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More from VMware Cloud Foundation

Upgrade NVIDIA Mellanox Firmware for VCF 9 Jun 16, 2026 9 min read Build a Production-Ready VCF Offline Depot in 5 Minutes May 24, 2026 12 min read Integrating Microsoft Certificate Authority with VMware Cloud Foundation 9.x May 21, 2026 8 min read Light & Dark Mode, now on every tool May 4, 2026 3 min read

Related posts