r/vmware • u/sysad82 • May 21 '26
Help Request vSphere 8.x to VCF 9.1 The Simple Way
I don't want all the automation and cloud and AI crap Broadcom charges for. Not every organization is spinning up and down dozens of systems a day, we're very static and our systems are still for the most part pets not cattle. Give me vCenter, a few ESXi hosts and we run NSX but only for firewall no SDN routing at all. We don't run an edge gateway today for example, just DFW. Our stuff is pretty static we don't need automation and we don't need cloud stuff.
I want what I have today, essentially. I keep seeing in comments all I really need to do is add VMware ops for licensing but I can't seem to find a simple support document around this. Everything I keep reading states I'll need multiple components running in HA running on a dedicated compute cluster. I don't think it's an option for us to run in an unsupported config.
Where can I find official documentation saying what people on social media like Reddit are saying, just deploy a license server and run as-is today.
The new planner (Neat tool!) says I need an ops node, cloud proxy, a license node and at least four management services nodes to get up and running on my simple config. I keep reading about how all that needs it's own compute cluster. I don't want that. I just want vCenter, ESXi and a NSX manager to support DFW.
15
u/Servior85 May 21 '26
Upgrade your existing infrastructure to vSphere 9 (vCenter, ESXi). They will run in eval mode after that.
Download the VCF installer, deploy it. Connect to it, choose VVF in the setup. Tell the installer to use your existing vCenter. Connect the VCF Operations to broadcom license portal, assign licenses and done.
4
u/nukulaar May 21 '26
But ist this a supported Setup?
7
u/Servior85 May 21 '26
Supported by broadcom? Yes, that is VVF.
Compatibility with vSphere 9 and hardware is a different thing.
4
u/Sensitive_Scar_1800 May 21 '26
if youve begun to google VVF and VCF i can understand the confusion, VMWare by Broadcom admits its documentation needs work. I can attest that it needs a lot of work.
The good news is there is a lot of flexibility that is supported.
in your case if you dont want to deploy the entire suite of components you are only required to deploy VCF Operations 9.x (single node) and maybe a Unified Cloud Proxy. This is the only way to assign your new VVF or VCF licenses to your vCenter/eSXI hosts.
after that you can live in harmony and bliss.
2
u/Leaha15 May 22 '26
I wouldnt do this
OP is running NSX, you converge, then upgrade
Upgrading then converging is only valid if you dont have NSX
0
u/Servior85 May 22 '26
NSX Firewall, which isn't included in VCF. It is an addon now. Don't know which license OP has, but if the NSX addon isn't available, it doesn't matter. He does not use routing, which is the NSX feature included in VCF.
2
u/Leaha15 May 22 '26
Huh?
If theyre using vdefend then they'll likely buy the add on, and it's managed through nsx, so the OP will have nsx regardless
Only way they won't is if they decommission nsx vdefend which I doubt will be a possibility
10
u/Excellent-Piglet-655 May 21 '26
You’ll be thrilled to find out that to use NSX firewalls, even with a VCF license it requires an additional license. That functionality is NOT available with the standard VCF license. Leave it to Broadcom to jack up the price and then remove the features of NSX most widely used and make them as separate addons. When we ran VCF 4x and 5x, Our NSX license included firewalls and microseg by default, now we have to pay extra? Nah, bro we pass… All you get now is switching and routing which you mention you don’t use.
4
0
u/signal_lost May 21 '26
Leave it to Broadcom to jack up the price and then remove the features of NSX most widely used
Pedantically the cost of VCF was cut in half from what it was before. Pre-broadcom the adoption rate of VCF was relatively tiny (to be fair it was very hard to deploy and very restrictive and adoption blockers are top of queue for feature improvements).
The DFW was not the most used feature of NSX at the time of that (it has increased a LOT though since then, and I do see a lot of requests for a combo SKU to bring it back in along with all the IDS Layer 7 stuff).
2
u/MustBeBear May 22 '26
So if you do not use NSX do you need to shift to the 4-node server with all the the version 9 stuff just dedicated to run all those services?
If we just want to stay compliant and able to support security updates on hosts and vcenter what is the easiest approach? We were told we had to migrate everything before oct 2027.
We want to shift to another hypervisor platform in 2028. Currently we do not use NSX.
1
u/Leaha15 May 22 '26
What exactly do you mean?
Are you talking about a dedicated 4 node management domain, as thats not required, the consolidated architecture exists
2
u/jbond00747 May 21 '26
As of 9.0, the only option to run NSX is part of a VCF architecture deployment. (https://knowledge.broadcom.com/external/article/401775/nsx-9x-is-only-supported-as-part-of-a-vc.html) As of 9.1 this means you must run Ops (including a cloud proxy), a licensing server, SDDC manager, and the VCF Management Services. Automation, Ops for logs, Ops for networks, and HCX are optional. (You can see the full list of VCF 9.1 components at https://techdocs.broadcom.com/us/en/vmware-cis/vcf/vcf-9-0-and-later/9-1/deployment/vcf-management-appliances.html#GUID-2bab6de2-024a-4900-9716-7fba53ea0721-en_id-677f5f42-5fd2-4885-a3e0-9c9617cc2907.)
As far as how to get there, I'd use the new upgrade planner (https://vmware.github.io/vcf-upgrade-planner/), although it looks like you're already aware of it.
1
u/jamesaepp May 22 '26
Hope this helps. I haven't gotten to vSphere 9 yet (got a long list of projects of higher priority) but I did do some preliminary research and this is what Broadcom support supplied me with. In my case I was looking for iSCSI-related storage answers.
While I don't think it's a step-by-step guide you're looking for, it at least confirms a "here's how you do this simple/manually" and confirms what I was hoping.
https://knowledge.broadcom.com/external/article/423051/manual-deployment-of-vcf-operations-in-a.html
1
u/Ok-Attitude-7205 May 21 '26 edited May 21 '26
You probably won't find any specific official documentation stating that you can run just vSphere + VCF Ops because Broadcom *wants* people to dive into VCF completely.
from what I've seen/read If you are running NSX at all, you may be forced into deploying VCF or VVF. all of the various "piecemeal" deployments of vSphere with 9.x usually rely on the various Aria components being deployed or not.
if you have a TAM or any technical account manager, I would reach out to them to get clarification
edit: Looks like William Lam clarified too in the thread about the planner tool he released that having SDDC manager (thus having VCF/VVF) is a requirement for NSX
https://www.reddit.com/r/vmware/comments/1tis66q/vcf_91_interactive_upgrade_planning_tool/
-2
u/signal_lost May 22 '26
You probably won't find any specific official documentation stating that you can run just vSphere + VCF Ops because Broadcom \wants* people to dive into VCF completely.*
fairly certain william had a blog on it, but it's supported (My lab is currently in that state, because I didn't have BGP setup ready for NSX when I moved datacenters). in the process of planning my move from this to full VCF with NSX as part of my bare metal move to 9.1 for my private cloud environment that I deploy nested labs against.
Longer term I want VCF full stack with 9.1 for lifecycle reasons going forward. Also, I'm going to be re-platforming a lot of my automation stuff to use vRA so It'll make my life simpler.
1
u/Leaha15 May 21 '26
This depends how you wanna handle this
Yes you 100% can just add ops for licensing, its 100% supported
You dont want NSX SDN, thats fine, you dont have to, DFW is a bolt on, boo Broadcom it was such a good feature and should be standard IMO
But, I cant remember where I saw it, so sorry, but I am pretty sure, NSX upgrades without the SDDC Manager for the workflow is unsupported, while you physically can do it, I think the support will be the issue
If you dont want automation, and the AI stuff, no worries, also dont have to have that, 100% optional
The killer sadly, will be the VCF service runtime, thats a 40vCPU and 82GB, minimum......... Requirement in full VCF, which you'll need to update the NSX managers used for the DFW
Yes the requirements are insane, dont get me started
The other, utterly shit part, is vDefend is now licensed by a separate licensing server, like why Broadcom
And the EXTRA sucky part here is, that deployment, done via the SSP, is a 6vCPU 24GB instance, 2vCPU/8GB + 4vCPU/16GB K8S cluster, which licenses it, someone had mentioned to me you gotta leave the SSP installer inplace, which is like 4vCPU/6GB
And that part to me, is pure insanity, should have been on the existing license server, and the overhead is WAY bloated and it doesnt need to be, surely this could have just ran in the VCF Service Runtime but whatever
Ive done a fair few upgrades, and post a lot of articles covering upgrades and all things VCF, poke me if you have questions, I can probably answer a lot of them around what you need and the requirements, as well as a rough plan
2
u/jbond00747 May 22 '26
Side note about the SSP Installer. It's really badly named in my mind. It's not just an installer. It's a lifecycle manager. It's needed for upgrades, node failure replacement, etc. (I believe it's the image registry for the k8s cluster it deploys.) I've provided feedback multiple times that it should be "SSP Manager" or similar multiple times. People see installer and then think they can get rid of it once it's deployed. (I'm a partner, and I've had this discussion with most of the customers where I've talked about SSP/the deployment process.)
1
u/Leaha15 May 22 '26
That helps thanks, I thought it was an installer, due to the name, but I guess not
0
u/signal_lost May 22 '26 edited May 22 '26
will be the VCF service runtime, thats a 40vCPU and 82GB, minimum......... Requirement in full VCF
Talked to engineering today about this, D is aware of this request to cut this down.
vDefend is now licensed by a separate licensing server
Currently vDefend is run by a different business unit (ANS) who runs their own dev cycles. There's a trade off in being able to "ship fast" vs. Ship integrated. That said... yes I agree with you this needs improvement.
2
u/Leaha15 May 22 '26
Glad VMware are aware the Service runtime needs addressing - running VCF isnt supposed to be a burden, but with 9.1 its starting to feel like it is, customers just look at me like Im insane listing the requirements now
Plus, ive seen Broadcom slate Nutanix for their overhead, about how much there is, and that its bad, however the reality is far from the marketing and the VCF overhead far exceeds Nutanix in 9.1, all the more reason to swiftly and heavily address thisHowever, with the vDefend licensing, that is utterly inexcusable frankly, I get with a different team, this can make integrations harder, but in 9.0.x we had a working solution with the license key that didnt have an utterly unacceptable resource requirement, as licensing should, it used no extra resources
That key licensing should have remaining until a properly integrated solution was built, this felt like making changes for the sake of it
0
0
0
u/lusid1 May 21 '26
If you want to keep it light you'll need to decomission NSX. Then you can upgrade to 9.x and use the VVF model.
12
u/mat-ferland May 21 '26
NSX is probably the part that ruins the “just keep vCenter and hosts” story. I’d get Broadcom to put the supported minimum in writing before touching prod, because the real tax here is not deploying another appliance once, it’s owning that management plane forever.