How VCF 9.0 Architecture Works: A Practical Guide

VMware Cloud Foundation (VCF) 9.0 brings a redesigned architecture that changes how private cloud infrastructure is structured and managed. Whether you're coming from earlier VCF versions or looking at the platform for the first time, this guide breaks down what’s new and how it works in practice.

At a high level, VCF 9.0 is a hierarchical system that scales from a single site to globally distributed infrastructure. Here’s how it’s organized and how each layer fits into day-to-day operations.

Three-Layer Hierarchy of VCF 9.0

VCF 9.0 structures infrastructure into three layers, each serving a clear purpose:

Layer 1: Private Cloud (Top-Level)

This is the entire footprint of your private cloud environment. It encapsulates everything…your regions, Fleets, and Instances. You can think of it as the top-level container where policy and strategy decisions start.

Layer 2: Fleet (Mid-Level)

A Fleet is a logical grouping of infrastructure that shares centralized services. Each Fleet includes:

VCF Operations– the primary interface for managing and monitoring infrastructure
VCF Automation– a self-service portal

Fleets can span multiple locations, which makes them useful for large or distributed environments.

Layer 3: Instance (Foundational)

An Instance is where workloads run. Each includes:

A Management Domain for infrastructure services
One or more Workload Domains for running applications

Component Breakdown

Management Domain

Every VCF Instance includes a Management Domain that runs the core infrastructure software:

vCenter Server– central vSphere management
NSX Manager– software-defined networking
SDDC Manager– lifecycle and configuration automation
vSAN– shared storage for the cluster

The Management Domain doesn’t host workloads—it’s there to run the services that keep everything else functioning.

Workload Domains

This is where actual applications run. Each Workload Domain is isolated, allowing for:

Dedicated compute/networking
Independent lifecycle management
Tenant or environment separation (e.g., prod, dev, AI/ML)

Centralized Management in VCF 9

VCF Operations: Unified Interface

VCF 9.0 consolidates the management experience under VCF Operations. This removes the need to bounce between tools and provides a full view of your environment, including:

Monitoring (infra health, alerts)
Lifecycle management (patches, upgrades)
Security and compliance
Capacity and resource planning

The UI is broken into practical sections:

Launchpad– common tasks
Inventory– infrastructure breakdown
Operations– hands-on tools
Fleet Management– for cross-instance administration

Update Management

VCF 9 splits updates into two layers:

Fleet-Level (via VCF Operations):

Identity Broker
Automation platform
Operations interface

Instance-Level (via SDDC Manager):

ESXi hosts
vCenter
NSX

This separation allows teams to update management components without impacting workloads.

Cloud-Style Networking with VPCs

VCF 9 introduces Virtual Private Clouds (VPCs), which simplify networking inside the platform:

Self-service networks: Create isolated networks quickly
Transit Gateways: Handle routing between VPCs
Multi-tenant support: Teams can manage their own networks

VPCs integrate into vCenter, so vSphere admins don’t need to learn NSX to use them.

Security and Identity Enhancements

VCF Identity Broker

Identity Broker simplifies authentication across the stack. It supports modern protocols (SAML, OIDC) and applies settings globally at the Fleet level—except for ESXi and SDDC Manager, which still require separate configs.

Automated Certificate Management

Auto-renewal starts 60 days before expiry
Multiple CA support
Centralized via VCF Operations
Visibility and alerts for expired/misaligned certs

Deployment Options

Greenfield (New Install)

Use the VCF Installer (replaces Cloud Builder)
Define network/config inputs
Provision management domain and infrastructure
Add Workload Domains as needed

Convergence (Existing Infra)

Upgrade your vSphere components to v9.0
Deploy the VCF Installer
Run the convergence wizard
Your existing environment becomes a VCF-managed Instance

Daily Operations

Monitoring

Dashboards provide:

Color-coded health
Real-time + historical metrics
Capacity forecasting
Centralized alerting

Security Ops

Password management and rotation
Baseline compliance checks
Audit trail logging
Drift detection and remediation

Scaling the Environment

The hierarchy scales cleanly:

Single site: One Fleet, one Instance
Multi-site: One Fleet managing multiple Instances
Global scale: Multiple Fleets, each managing regional Instances

Each layer scales independently, which gives flexibility for multi-region design or tenant-based separation.

VCF 5.x and 9.0 Component Comparison Reference

Conclusion

VCF 9.0 brings a more modular structure to private cloud environments, introducing a hierarchy that makes it easier to organize and operate infrastructure at scale. The new Operations interface consolidates day-to-day management, while features like VPC networking, automated certificate handling, and convergence workflows help reduce overhead.

Whether you're deploying new infrastructure or looking to bring existing environments under consistent management, VCF 9.0 provides the tools to simplify operations without adding complexity.

Page 1 / 1

This article comes at a great time as we are shifting focus to VCF9 deployment now to replace our existing infrastructure. I am also looking at the VCP exam as well so every little detail helps. Thanks for sharing this one.

Hopefully, I’ll be transitioning away from VMW altogether in the coming mos so am not spending much time on this...but good to know.

Good luck on your exam Chris!

Great, I am already waiting on Veeam version, when I can test it for VCF9.0

Great post. Looking into VCF Op’s install coming up shortly. Lots of big changes, I’m actually shocked how much has been streamlined. Who knows, maybe Broadcom are fixing a few issues

Hi Andy
Thank you for sharing such a clear and helpful breakdown of the VCF 9.0 architecture! I’m particularly intrigued by the three-layer hierarchy diagram and how it illustrates the relationships between Private Cloud, Fleets, and Instances.
Could you let me know the original source of this diagram? Was it adapted from VMware TechDocs or a design blueprint—perhaps something like “Fleet with Multiple Sites in a Single Region plus Additional Region(s)”?
I’m working on designing a multi-region VCF deployment (one Fleet per region) and this diagram would be extremely valuable as a reference point. Any guidance or link to the original VMware documentation would be highly appreciated.
Thanks in advance for your help!

Iman Ardestani

I have a fair bit to learn before I upgrade.

Our renewal wasn’t too bad actually as we already had Enterprise Plus licenses, and multi site vCenter environment. I think the majority of the 5x or 9x increases were customers with extremally heavy discounts, or essentials customers.

Without getting to deep into the Broadcom sentiment, they have crammed a TON of new features into VCF, and the fact I get a bunch of software that would have cost an extremally large amount of money is a benefit, (Aria, vSAN, NSX, etc.). I'm mostly excited for Aira for monitoring as I’m not changing all our infrastructure around but in the right areas it will be good to learn this stuff.