Broadcom bets big on VMware Cloud Foundation 9.1

Broadcom on Tuesday launched VMware Cloud Foundation (VCF) 9.1, which it described as an AI- and Kubernetes-native private cloud platform with integrated security and mixed compute infrastructure support across AMD, Intel and Nvidia.

Prashanth Shenoy, VP of product marketing for Broadcom’s VCF division, said in a briefing last week that the new release has three major areas of focus: Helping customers address the increasing hardware supply crisis and increasing hardware costs, high velocity application delivery of AI-enabled applications, and providing a fully secure environment through a zero-trust architecture.

“Just like AI has been a boon for a lot of organizations, there are AI driven threats that we see exploding in the market,” he said.

Broadcom said VCF 9.1 contains virtualized load balancing with VMware Avi Load Balancer and VMware vDefend that, combined, eliminate hardware appliance requirements for AI inference endpoints and agentic applications. It also contains a multi-tenant infrastructure that enables enterprises and service providers to run multiple AI projects and customers on shared infrastructure with “strict security boundaries.”

The platform, it said, accelerates AI application deployment by running inference workloads, agentic applications, containerized services and traditional VMs on a single infrastructure layer. “This eliminates operational fragmentation and the cost of managing separate stacks while providing the developer velocity and platform governance that production AI requires.”

Compared to preview versions, the company stated, Kubernetes scale and performance for AI delivers a 2.6x increased cluster scale, 75% faster deployment and 75% shorter upgrade windows.

Security is also enhanced. VCF 9.1 contains what Broadcom described as “centralized monitoring and automated desired state remediation for workloads and VCF stack components.” Features include on-premises ransomware recovery, continuous compliance enforcement, and zero-trust lateral security that, it said, “extends distributed IDS/IPS protection to Kubernetes AI workloads for the first time.” It also promises zero downtime live patching in up to 80% of use cases.

Not just another quarterly release

Sanchit Vir Gogia, chief analyst at Greyhound Research, said that the launch “is not best read as another quarterly product release. It is Broadcom’s attempt to move VMware up the stack, from virtualization substrate to the governed control surface for production AI.”

The arc, he said, has been visible for some time. “VCF 9.0 supplied the modern private cloud foundation, built around unified operations, fleet management, and a standardized platform for traditional, modern, and AI workloads. 9.1 takes that base and points it directly at the harder question, which is not whether enterprises can host AI on private infrastructure, but whether they can operate it there at scale, under cost pressure, with credible governance.”

VCF is ‘not entering an empty room’

That, said Gogia, “is a different conversation. Hosting AI is straightforward; running it well is not. The 9.1 emphasis on inference economics, agentic workflows, mixed CPU and GPU consumption, runtime observability, lateral security, fleet expansion, and sovereign deployment patterns reads less like a feature catalogue and more like a control-plane bid.”

He pointed out that Broadcom is trying to make VCF the layer through which enterprises govern the AI workloads they no longer trust to a generic cloud-first model.

According to Gogia, the strategic logic is sound. “Production inference behaves nothing like training. It is continuous, latency-sensitive, frequently regulated, and economically punishing when run on the wrong substrate,” he noted. “As inference scales, the centre of gravity in enterprise AI decisions is shifting from ‘where can we run this fastest’ to ‘where can we run this responsibly and predictably.’ That is precisely the seam Broadcom is reaching for, and it is the same seam the wider market has been arriving at for the better part of two years.”

The competitive picture also matters here, he added, “because VCF is not entering an empty room. It sits between three distinct camps. The first is VMware-adjacent hybrid modernization, where Nutanix, Microsoft’s Azure Local with Arc governance, and HPE GreenLake are all making credible cases for cleaner hybrid operating models with AI readiness layered in.”

The second camp, said Gogia, is “open hybrid AI platforms, with Red Hat OpenShift AI as the most assertive challenger for buyers who prize Kubernetes-native openness and long-term portability above operational continuity.”

The third is distributed and sovereign AI infrastructure, where AWS Outposts and EKS Anywhere, Google Distributed Cloud, HPE Private Cloud AI, and the Dell AI Factory with NVIDIA “all push different versions of a turnkey or near-turnkey private AI proposition, frequently with a heavier accelerator narrative. Outside those camps sit OpenStack and Proxmox, which matter less as like-for-like replacements and more as anti-lock-in pressure valves for customers reacting to commercial terms.”

VCF’s distinctive position is none of those, he noted: “It is the evolutionary path for VMware-heavy estates that want to govern production AI without a wholesale runtime reset. That is a real advantage, because most enterprises do not want a greenfield AI factory. They want a credible way to bring AI into the operating model they already understand.”

Depends on recovery of trust

Whether that advantage holds, said Gogia, “depends on execution, on contractual posture, and on whether the trust environment around Broadcom recovers enough to let buyers commit at depth. The harder question, and the one buyers will judge, is whether VMware can deliver on a platform-power story while still carrying the trust overhang from its commercial reset.”

Architecture and credibility “are not the same thing,” he said. “A more capable platform does not automatically restore what licensing decisions, partner reductions, and patch-access disputes have unsettled. This is a serious move in a market that has become serious about private AI. It is also a move that has to clear a higher bar than a typical release would require, because Broadcom is asking customers to trust VMware with more, not less.”

Renewed interest in private cloud

Dave McCarthy, program VP and global lead of cloud and infrastructure services at IDC, said that with VCF 9.1, “Broadcom is demonstrating continued investment in the platform, which is welcome news for existing customers. This should put to rest any concerns that the company would put the product on maintenance mode.”

He added that the company is also positioning VCF as the premier private cloud platform for anyone transitioning from traditional IT environments, or those looking to repatriate workloads from the public cloud.

McCarthy said that IDC has seen a renewed interest in private cloud due to AI-related security and privacy concerns. In fact, in its FutureScape worldwide cloud predictions for 2026, the company said that by 2028, to meet data privacy requirements and reduce risks of leakage to public LLMs, 40% of organizations will adopt private clouds that give them more control over data governance for AI workloads.

He said he was also “pleasantly surprised” to see object storage added as a native VCF service. “This will be incredibly useful for organizations that have been standardizing on cloud-native app design,” he said.

Security architecture the key

Asked how confident he was that VCF 9.1 will be able to handle all that AI can throw at it, reduce infrastructure costs, and be able to protect modern distributed workloads, as Broadcom claims, McCarthy replied, “as enterprises look to scale AI workloads, cost efficiency is top of mind.”

Features like NVMe Memory Tiering “can have a significant impact on costs,” he said. “Given current memory supply chain issues, this is the right feature at the right time. For distributed edge environments, Zero Touch Provisioning can speed deployments without technical staff onsite.”

Organizations “are beginning to understand that VCF is much more than just vSphere and vSAN; it’s a full private cloud platform with an unmatched feature set,” he noted. “CIOs are realizing that hybrid architectures are here to stay, so they are looking for the public cloud experience in their own data centers; VCF provides that.”

Gogia added, “the security architecture is the quiet centre of the 9.1 story. The most strategically interesting part of [the platform] is not the AI vocabulary. It is the security architecture sitting underneath it.”

Mixed estates of VMs, containers, and AI workloads “change the threat surface materially,” he said. For example, east-west traffic widens. Identity moves between ephemeral and durable workloads. Pod-to-VM communication becomes a meaningful attack path. Recovery operations extend to model weights, embeddings, and data pipelines that did not previously exist as first-class assets. “None of that fits inside a perimeter-led security model, and very little of it is well served by bolt-on tools,” he said.

The 9.1 emphasis on lateral security for Kubernetes AI workloads, ransomware recovery into isolated environments, continuous compliance, and live patching “is not adjacent to the AI story. It is the story,” said Gogia. “An AI control plane that cannot be patched without disruption, segmented without sprawl, recovered without contamination, and audited without manual labour is not a control plane. It is a liability.”