VMware Cloud Foundation 9.0, the latest evolution of VMware by Broadcom, is reshaping the infrastructure landscape by enabling on-premises environments to function as true private clouds. With integrated compute, storage, and networking components acting as scalable building blocks, it delivers higher service levels while significantly reducing operational complexity.

But beyond these surface-level enhancements, the real transformation lies in how VCF 9.0 redefines the role of infrastructure teams, especially through the lens of a platform engineer. The era of rigid, ticket-based provisioning is fading. VCF 9.0 introduces a unified, modern approach that enables platform teams to provide self-service capabilities, automate infrastructure delivery, and support both traditional virtual machines and modern, containerized workloads.

After a solid introduction by Katarina Brookfield, Technical Marketing – VMware by Broadcom, and following some hands-on demos, I’d like to share my impressions, focusing on what matters most for delivering applications across diverse environments.

The Power of One Platform

In an era defined by cloud sprawl and progressively growing operational complexity, VMware Cloud Foundation 9.0 delivers a clear message: simplify everything.

At the heart of this release is the deeper integration of key infrastructure components, vSphere, vSAN, and NSX, unified through a new integration layer known as the Modern Cloud Interface. With VCF 9.0, VMware is not just shipping another product; it’s a cohesive vision:

• One platform to manage infrastructure, security, automation, and developer enablement.
• One platform to run every kind of application: virtual machines or containers.
• One platform to turn infrastructure into a service.

Key capabilities of VCF 9.0 include:

• VCF 9.0 with Kubernetes integration (VMware Kubernetes Service) to handle container orchestrator and lifecycles. 
• Full-stack hyper-converged infrastructure including NSX, vSAN, vSphere, and SDDC Manager
• Simplified Day 2 operations, including lifecycle management, patching, and upgrades
• Native support for DevOps automation and GitOps workflows

A Platform Engineer’s View: One Control Plane to Serve Them All

Let’s address a key point: VMware Cloud Foundation 9.0, with its new Automation Portal, might not be the definitive platform for every organization… and that’s okay. Every company has its own workflows, governance models, and internal tooling. However, there are a few foundational requirements that remain constant: a self-service interface, automation workflows, and fine-grained Role-Based Access Control (RBAC). These are essential to reduce operational friction and support both legacy and modern applications.

The VMware Cloud Foundation Automation Portal is the true gateway for platform engineers. It enables the design and delivery of self-service experience where teams can provide virtual machines, Kubernetes clusters, and full application stacks securely, reliably, and repeatedly.

The core concept of the virtual machine, a cornerstone of the VMware vSphere model, still plays a central role. However, it’s now part of a broader life cycle. That lifecycle starts with templates and blueprints, enriched with Cloud-Init scripts or third-party tools like Ansible (which can be embedded or external). These elements provide the application abstraction layer that can be fully automated and integrated into CI/CD pipelines.

Moving up the stack, VCF 9.0 supports full Kubernetes cluster lifecycle management through VMware Kubernetes Service (VKS). Depending on organizational policies, these clusters can also be made available through the same self-service portal, with lifecycle actions like updates or scaling simplified into predictable workflows.

To support modern deployment strategies, VCF 9.0 can integrate with GitOps such as Argo CD. This enables a declarative approach to deploying Helm-based applications, with Git repositories serving as the single source of truth. This not only accelerates delivery but also brings consistency and compliance to application deployments.

In summary, VCF 9.0 enables a unified approach to application deployment where:

1. Applications can be deployed traditionally via virtual machines, augmented by automation and configuration tools to deliver dynamic, decoupled workloads.
2. Cloud-native applications can be delivered through Kubernetes and GitOps pipelines, offering secure, scalable, and automated release cycles.

Observability, Security, and Governance Built-In

Implementing an automation layer without a solid RBAC and policy framework can be dangerously reductive. Least privilege principles must be enforced, and deep integration with the monitoring and observability stack is essential to maintain visibility and control.

One of the most critical risks in today’s enterprise environments lies in the supply chain workflows. When automation is granted excessive or incorrect permissions, it can create vulnerabilities that attackers may exploit, potentially escalating privileges and increasing the blast radius of any compromise.

VMware has long recognized these challenges, offering solutions like vRealize Orchestrator (vRO) and the Aria suite to enable policy-driven automation with built-in governance.

With VCF 9.0, automation is more than just scripting; it is tied to identity, roles, compliance, and observability.

Automation is no longer an isolated capability; it’s woven into the platform with role-awareness and policy control. Every automation action can be mapped to a defined role, helping enforce operational boundaries. Whether through vSphere permissions, SDDC Manager role mapping, or integration with VCF Automation, the principle of least privilege is embedded into the stack.

VCF 9.0 also supports identity federation and centralized authentication systems such as Active Directory and LDAP, ensuring that role assignments can be inherited and governed from enterprise identity sources. This tight integration enables the secure delegation of automation tasks without exposing critical components unnecessarily.

Teams can define who is allowed to provision infrastructure, trigger workflows, or modify network and storage configurations without granting full administrative access. Combined with audit logging and observability, this model supports accountability and operational safety.

In a zero-trust environment, static credentials and hardcoded passwords are no longer acceptable. VCF 9.0 embraces this mindset by enabling secure password and secret management through integration with VCF Automation Secrets or external enterprise vaults.

Secrets should be rotated automatically, injected dynamically at runtime, and scoped to the minimum required permissions. By removing long-lived credentials and avoiding manual handling of secrets, organizations reduce the attack surface and prevent lateral movement.

In supply chain automation, where systems interact with CI/CD pipelines, configuration management tools, or provisioning workflows, centralized secret management becomes even more critical. A compromised automation token with elevated access could compromise the entire environment. 

Why VCF 9.0 Matters

Platform engineering is still an emerging discipline, and many organizations are actively seeking practical solutions that deliver real, measurable value to their services.

With VCF 9.0, infrastructure teams can finally speak the same language as developers through API-driven provisioning, automation, and platform abstraction. It shifts the role of platform engineer from a ticket-responder to a service designer.

VCF 9.0 is more than just another VMware by Broadcom product release. It represents a unified vision: an integrated set of tools that offer both a ready-to-use platform and a solid foundation for customization. It brings together automation, security, and workload orchestration into a single, cohesive control plane.

For platform engineers, this means a powerful opportunity: to reduce complexity, scale service delivery, and empower development teams… all without compromising control or governance.

The VMware Cloud Foundation 9.0 Showcase: Powering the Modern Private Cloud was presented by VMware in association with Techstrong and Tech Field Day. The videos will be posted to the Tech Field Day YouTube channel and on the website. You can learn more about VMware Cloud Foundation 9.0 on the VMware website.