With the rise of AI-driven infrastructure demands, VMware (Broadcom) released VCF 9.1 a platform significantly rebuilt compared to the baseline 9.0 release, focused on cost reduction and serious scalability. Instead of marketing generalities, I’ve put together a hard technical comparison of the key architectural differences between the old and new generation, based entirely on official vendor data and engineering specifications. Currently, the internet is full of lengthy articles that are hard to follow, so I’ve gathered all that information and boiled it down to the key points that matter most to me.
How did it work in 9.0? What does 9.1 change? And will a mid-size organization actually feel the difference?
1. Scalability and Management Architecture (SDDC Manager)#
Fleet management underwent a fundamental transformation from a model of separate appliances to a unified system.
Shared Runtime Environment#
- VCF 9.0: Lifecycle management, logging, and repository services ran as completely separate virtual appliances, consuming resources and generating operational overhead.
- VCF 9.1: Centralized VCF Management Services running on a single shared runtime environment.
Global Password Policies and Rotation#
- VCF 9.0: Each product and component had its own independent password management rules, forcing manual and fragmented administration of security policies across the platform.
- VCF 9.1: Centralized, unified Fleet-Scale Enforcement policies across the entire fleet. An administrator defines security rules (e.g., password reuse restrictions) once in a single place — the VCF platform automatically enforces them and maintains consistency across all managed components.
Double the Fleet Capacity#
- VCF 9.0: Maximum supported host limit was 2,500 per instance.
- VCF 9.1: A single central instance can now manage up to 5,000 ESXi hosts.
4x Faster Updates#
- VCF 9.0: Parallel patch installation was limited to 64 clusters simultaneously.
- VCF 9.1: The parallelization mechanism was rebuilt, supporting up to 256 clusters updated concurrently.
Mid-size IT perspective: The new management mechanics are a massive time saver. Global password policies mean no more tracking expiring credentials across multiple separate configuration panels — you set the rules once and forget. On top of that, the shared runtime saves valuable RAM and CPU on the management layer, which in smaller labs tended to be surprisingly heavy.
2. Compute Layer Optimization (vSphere 9.1)#
Direct hypervisor innovations address the “memory hunger” of AI workloads.
NVMe Memory Tiering#
- VCF 9.0: VM scalability and virtual memory allocation hit a hard ceiling at the physical DRAM limits of the server.
- VCF 9.1: Memory resources are unified into a single model that automatically offloads “cold” pages from expensive DRAM directly to NVMe drives reducing server build costs by up to 40% in mixed workload environments. What’s more, a dedicated section has been added to the Operation module for “what-if” analysis to illustrate exactly how it works and what the savings are—a feature that was missing in the previous version
Live Patching and Cryptographic Offload#
- VCF 9.0: Every hypervisor update required enabling maintenance mode and full VM evacuation via vMotion. If encrypted data was being migrated, the CPU absorbed the entire cryptographic workload.
- VCF 9.1: Live Patching on TPM 2.0 nodes eliminates evacuation in nearly 80% of cases. Additionally, vMotion encryption is offloaded to dedicated Intel QAT hardware, removing up to 70% of CPU overhead from the main processor.
Elastic Provisioning (Zero-Touch)#
- VCF 9.0: Adding new servers required more manual, sequential configuration by engineers.
- VCF 9.1: Fully automated parallel server imaging — hardware can be provisioned from the moment it’s cabled up (Zero-Touch Provisioning).
Mid-size IT perspective: This is where you’ll feel the biggest budget relief. NVMe Tiering lets you run memory-hungry servers without buying the most expensive RAM. Live Patching is a lifesaver in small clusters (3–4 nodes), where evacuating a full host created a noisy-neighbor problem that throttled the remaining nodes throughout the update window.
3. Next-Generation Storage (vSAN 9.1)#
Storage architecture evolved toward maximizing free capacity and reliable post-breach recovery.
Global Deduplication and Compression#
- VCF 9.0: Compression and dedup mechanisms operated on narrower data sets, rarely achieving optimal results at scale.
- VCF 9.1: Deduplication now operates globally at the cluster level, reducing total block storage TCO by 39%.
Native S3 Object Storage#
- VCF 9.0: Companies had to maintain costly external systems or third-party software to handle object storage (S3).
- VCF 9.1: AWS S3-compatible object storage is built directly into the vSAN layer (Tech Preview).
Multi-Source Replication (Any-to-vSAN)#
- VCF 9.0: Backup and replication was technically locked to a protocol requiring both source and target clusters to run vSAN.
- VCF 9.1: Multi-Source Replication allows replicating data from any VCF node regardless of the underlying storage. Support for high-capacity, cost-effective QLC drives for cold archiving was also introduced.
Mid-size IT perspective: Global dedup is essentially free terabytes — pushing back the next disk purchase. Native S3 support means developers needing object storage won’t force you to deploy and maintain external open-source solutions. Your existing hardware becomes more versatile.
4. Security and Networking (NSX and vDefend)#
VCF 9.1 assumes an extreme Zero Trust model inside your own network.
Firewall Throughput (IDPS Turbo Mode)#
- VCF 9.0: Advanced packet inspection engines could analyze traffic up to approximately 3 Gbps per host.
- VCF 9.1: The new Turbo Mode delivers a 3x improvement — handling 9 Gbps per host, with total preventive throughput across the VCF fabric reaching 9 Tbps.
Container and AI Microsegmentation (Lateral Security)#
- VCF 9.0: Virtual machine environments and Kubernetes container clusters operated as security silos — no unified policy or tracking across both layers.
- VCF 9.1: Through a CNI integration plugin, the distributed firewall now follows application identity seamlessly across both Kubernetes (VKS) and VM layers — blocking lateral virus propagation across the integrated environment.
Physical Switch Integration#
- VCF 9.0: A gap existed between VCF’s virtual network and physical infrastructure, requiring tedious manual rule synchronization and the use of Edge VMs to establish BGP sessions.
- VCF 9.1: EVPN-VXLAN open protocol support enables direct integration with major physical network vendors — SONiC, Cisco Nexus, Arista and others. DTGW gateways eliminate the need to deploy NSX Edge VMs for VPC connectivity.
Mid-size IT perspective: The 9 Tbps figures are for hyperscalers. But the new networking mechanics are felt at every scale. With a small cluster (4 hosts and one physical SONiC switch), you integrate them directly via EVPN — bypassing the installation of resource-hungry virtual NSX Edge machines. Lateral Security gives you one unified firewall covering both VMs and containers, securing the environment without third-party tooling.
5. Automation, Compliance, and Containerization (VCF Automation and ACC)#
Live Application Stack Blueprints#
- VCF 9.0: The automation module (Aria Automation) required tediously building empty, rigid templates from scratch.
- VCF 9.1: A reverse-capture service allows you to snapshot the full state of a live, running complex system (including networks and firewalls) and automatically generates a repeatable template ready to clone immediately.
Flexible Automation Deployment (Two Architectures, One vCenter)#
- VCF 9.0: Deploying automation infrastructure was extremely rigid — a strict one-to-one relationship. If an organization ran a traditional VM Apps Org model and wanted to adopt modern Supervisor-based management, it had to stand up entirely new vCenter instances and NSX environments.
- VCF 9.1: The platform solves this directly. When installing the Automation environment, you can choose both models simultaneously running the legacy VM Apps Org alongside the modern All Apps Org. Critically, both approaches can now share the same vCenter instance and NSX without any additional infrastructure.
Continuous Compliance Enforcement (ACC)#
- VCF 9.0: Configuration audits produced point-in-time compliance reports on security gaps — observation only.
- VCF 9.1: The new ACC module monitors the platform continuously in real time and automatically remediates non-compliant node settings and security configurations without manual intervention.
Kubernetes Orchestration Scale (VKS)#
- VCF 9.0: A single Supervisor component supported roughly half the cluster count.
- VCF 9.1: A single Supervisor now handles 500 independent Kubernetes clusters, deployed 70% faster with maintenance downtime windows reduced by 75%.
Mid-size IT perspective: The ability to share one vCenter for both classic automation (VM Apps) and modern Supervisor-based management (All Apps) is a genuine game-changer. Your organization can keep the existing working model and simultaneously test new cloud-native approaches alongside it — without new hardware, without a new vCenter, without a new NSX deployment. Live App Stack Blueprints means no complex YAML programming to deliver automated environments. ACC saves small IT teams from compliance busywork, automatically restoring policies so that PCI-DSS audits become nearly hands-free.
Summary#
The jump from VCF 9.0 to 9.1 is more than a standard update cycle. It’s a shift toward a fully automated platform targeting the reduction of hardware costs driven by generative AI scale, minimizing infrastructure downtime windows, and cutting maintenance workload to the absolute minimum — regardless of whether you manage 500 clusters or just 4 hosts in a single rack.
The features that matter most in practice for mid-size environments: shared management runtime, fleet-wide password policy enforcement, Live Patching, NVMe memory tiering, global dedup, Lateral Security, flexible dual-architecture automation, and ACC continuous compliance. These are not enterprise-only abstractions — they translate directly into saved compute, saved storage, and saved hours of operational work every week.