VCF 9.0 with Private AI: On-Prem Cloud Reimagined for Enterprise AI

Broadcom’s broadside from the VMware Explore stage in Las Vegas was blunt: enterprises should stop reflexively running to the public cloud and instead bring AI and modern apps back on-premises with VMware Cloud Foundation (VCF).

Background​

Broadcom completed its acquisition of VMware in late 2023 and has since repositioned VMware Cloud Foundation as the vendor’s strategic vehicle for private-cloud modernization and, now, private AI. At VMware Explore 2025 the company launched a series of product and partnership updates intended to make that vision tangible: VCF 9.0 is already generally available, and Broadcom has announced that VMware Private AI Services will be bundled into VCF 9.0 (available in Broadcom’s Q1 fiscal 2026), upgrades to cyber compliance and lateral-zero-trust protections for AI agents, native vSAN S3 object support, the Istio service mesh for Kubernetes, and a deeper tie-up with Canonical to include chiseled Ubuntu container images and precompiled GPU drivers for air-gapped and highly regulated environments. (blogs.vmware.com, news.broadcom.com, canonical.com)
VMware’s messaging at the event was unapologetically combative: Broadcom’s CEO Hock Tan asserted that VCF 9.0 “now outperforms public cloud” on cost, security and control, urging customers to “embrace VCF and stay on-premise.” That rhetoric was accompanied by customer rollouts and testimonial stage time for names ranging from Walmart to Grinnell Mutual. (crn.com, globenewswire.com, ng.investing.com)

---

What Broadcom actually announced at VMware Explore​

Private AI baked into VCF (and why Broadcom says it matters)​

• VMware Private AI Services will be included with a VCF 9.0 subscription, Broadcom says, not sold as an optional add-on. The bundled capabilities listed by Broadcom include a model store, model runtime, GPU monitoring, an agent/assistant builder, vector database support and retrieval-indexing tools—software elements enterprises typically assemble piecemeal today. Broadcom says availability will begin in its Q1 FY26 window. (news.broadcom.com, investors.broadcom.com)
• Broadcom’s pitch is explicit: enterprises experimenting with LLMs and agentic AI in public clouds risk runaway spend and data exposure. By offering governed, GPU-aware AI services inside a private cloud platform, Broadcom argues organizations can more predictably budget AI projects and retain custody of training and production data. This is the single most important commercial pivot in the VCF messaging: they’re not just making private cloud better—they’re explicitly targeting the public cloud AI use case.

Containers, GPUs and Canonical partnership​

• Canonical and Broadcom announced an expanded partnership to tightly integrate Ubuntu chiseled containers, Ubuntu Pro support, and precompiled virtualized GPU drivers into the VCF stack. Canonical’s chiseled images are ultra-small, vendor-maintained OCI images that reduce attack surface and image size—attributes Broadcom says will appeal to security-conscious, air-gapped, and cost-aware private-cloud customers. Canonical documentation and Broadcom marketing both highlight the operational advantages of prebuilt GPU driver images for air-gapped deployments. (canonical.com, ubuntu.com)

Security and resilience upgrades​

• VCF Advanced Cyber Compliance: a new advanced service to enforce continuous configuration compliance at scale, perform automated cyber recovery to on‑premises clean rooms, and provide “push-button” VM isolation workflows for ransomware or outage recovery scenarios. That capability is explicitly framed for regulated industries where remote cloud recovery is legally or operationally unacceptable. (news.broadcom.com, blogs.vmware.com)
• vDefend updates and Zero Trust lateral security for agentic AI: Broadcom introduced a tech preview of lateral-zero-trust protections tailored for AI agents operating inside the private cloud—effectively applying the same micro‑segmentation and runtime verification approaches already used for classic workloads to agent-to-agent and agent-to-data flows. (news.broadcom.com, networkworld.com)

Developer productivity and storage features​

• Native vSAN S3 object store support, integrated Istio service mesh in the Kubernetes distribution, GitOps and Argo CD plumbing for VKS (vSphere Kubernetes Service), and cost and chargeback dashboards intended to give platform teams the same consumption telemetry developers expect in public clouds. These were presented as steps to make private cloud behave more like public cloud for app teams—without taking the data off-prem. (news.broadcom.com, blogs.vmware.com)

Marketplace/partner momentum and marquee customers​

• Broadcom displayed customer logos and announced engagements that included a Walmart strategic collaboration and multiple customer testimonials presented on stage. Broadcom also claims that nine of the top 10 Fortune 500 companies have committed to VCF and that over 100 million cores are licensed worldwide—figures the company uses to signal scale and enterprise traction. Grinnell Mutual’s on-stage testimonial emphasized cost savings on vSAN and developer productivity gains for a small IT team. (globenewswire.com, news.broadcom.com, ng.investing.com)

---

Why this matters: the tectonic context​

A reset in cloud strategy — not a return to mainframes​

The past decade’s run toward public clouds delivered agility but also produced predictable pain points: unbounded variable spend for some workloads, complex governance and proliferating data copies, and regulatory friction in cross-border or sensitive-data scenarios. Broadcom is staking a claim that private cloud, when modernized and instrumented for AI, can deliver the developer experience and operational velocity of public cloud while restoring cost predictability, data sovereignty and security assurances. Bundling private AI features into the VCF license is a direct attempt to change the economics and the procurement calculus for enterprise AI projects. (news.broadcom.com, investors.broadcom.com)

The AI stack is expensive — and vendors smell opportunity​

From GPUs to networking and model-serving infrastructure, the raw cost and operational complexity of running AI at scale provide a clear revenue opportunity for platform vendors. Broadcom’s messages align with that reality: by offering an integrated stack that claims to reduce operational overhead and to run on multiple accelerator types (NVIDIA and AMD), Broadcom is positioning VCF as the easiest procurement path for enterprises that want to keep AI in‑house. The vendor framing is simultaneously technical and commercial: buy a unified private stack and avoid multi‑vendor, elastic-cloud line-item surprises.

---

Critical analysis — strengths, risks, and the unanswered questions​

Strengths: what Broadcom / VCF really brings to the table​

• Integrated, turnkey private AI capability. Packaging model stores, runtimes, vector DB and agent builders into the same subscription materially reduces integration burdens for customers who want on-prem AI platforms. Enterprises that are already VCF customers will see immediate lift if the promised services deliver as advertised.
• Data sovereignty and compliance fit. For regulated industries, being able to run cyber recovery and model training entirely on-prem—even inside air‑gapped clean rooms—answers compliance requirements that many public clouds cannot satisfy without complex contractual arrangements. The Advanced Cyber Compliance and on-prem clean room messaging map cleanly to real regulatory constraints in finance, healthcare and government. (news.broadcom.com, blogs.vmware.com)
• Operational predictability and cost telemetry. Native chargeback, cost dashboards, and resource accounting are the kinds of features that help enterprises budget for AI and could reduce surprises compared with pay‑as‑you‑go public cloud exposure. Giving operators an integrated view of cost/consumption decreases the cognitive load on platform teams.
• Concrete partner work for edge/air‑gapped needs. Canonical’s chiseled containers and precompiled GPU drivers address a practical pain: many regulated deployments cannot or will not pull drivers or images from the public internet. Built-in, vendor-supported minimal images and GPU stacks are meaningful wins for those customers. (canonical.com, ubuntu.com)

Risks and caveats: where the rhetoric runs ahead of reality​

• Performance and TCO claims need independent validation. Bold statements such as “VCF now outperforms public cloud” are marketing-friendly but require granular, reproducible benchmarking across representative AI workloads and networking topologies. Broadcom cites architectural advantages and in-house tests; independent third-party benchmarks will be necessary to validate those claims for specific workloads and at varying scales. Until then, those statements should be considered aspirational marketing rather than settled fact. (crn.com, investors.broadcom.com)
• Operational overhead is not zero. The promise of public-cloud elasticity is not merely about cost — it’s also about operational outsourcing: patching, global scale of telemetry, multi-region replication, and managed services. Running AI at low latency and high throughput on-premises demands capital investment in GPUs, DPUs, cooling and specialized networking—costs that are often obscured in vendor demos. Organizations must compare total lifecycle costs, including depreciation, space, power and staffing, against cloud rates for comparable SLAs. Broadcom’s cost-predictability claim is persuasive if customers have the scale and maturity to operate their own AI platforms.
• Vendor lock-in and commercial consolidation concerns. Broadcom has centralized more of VMware’s product strategy, and critics have worried that consolidation and margin-seeking could affect release cadence, add-on pricing, or partner ecosystems. Broadcom has publicly adjusted VCF’s release cadence and support model—moving to a 3‑year major release cadence with fewer majors and longer minor-release support windows—which reduces upgrade churn but raises questions about feature velocity and ecosystem openness for customers who prefer faster innovation cycles. Some channel partners have also raised alarms about program changes. These commercial dynamics should factor into any long-term architecture decision. (blogs.vmware.com, techradar.com)
• Security trade-offs with centralization. Centralizing AI models and agent services on-premises reduces external data exposure, but it also concentrates risk inside an organization’s network. Poorly implemented governance, lax RBAC policies, or weak segmentation could amplify the impact of an insider attack or a misconfigured model that accesses sensitive data. Broadcom’s vDefend and zero‑trust lateral security moves mitigate some risks, but the security story will be defined by operational discipline in customer environments, not by vendor features alone.

Unverifiable or still-to-be-proven claims​

• Broadcom’s broad numerical claims—“nine of top 10 Fortune 500 committed” and “100 million cores licensed”—are company statements that indicate scale, but they are not independently verified in the public domain and should be treated as vendor-supplied metrics until corroborated. The company has publicly repeated them in press materials; customers should ask for contract-level proof or references relevant to their industry and regulatory posture. (investors.broadcom.com, news.broadcom.com)

---

Practical advice for IT decision-makers evaluating VCF for Private AI​

• Audit the workloads you plan to move: classify them by performance sensitivity, data residency needs, and regulatory constraints. Use that to estimate on‑prem GPU footprint and TCO versus cloud alternatives.
• Demand proof points: ask Broadcom/VMware for reproducible benchmarks for your stack (models, dataset sizes, concurrency) and for references from customers in your industry. (news.broadcom.com, investors.broadcom.com)
• Validate the security posture end-to-end: don’t assume product claims equal secure operations—assess configuration drift tooling, patch cadences, role-based access controls and incident response playbooks for private AI scenarios.
• Plan for lifecycle: hardware refresh timelines, power/cooling needs, and vendor support commitments (including any extended support purchase options) should be budgeted up front. VCF’s new release cadence promises stability, but it also changes upgrade timelines.
• Consider hybrid models: for many organizations, a mix of on‑prem AI for sensitive workloads and public cloud for bursty, experimental projects will remain the most pragmatic approach. Look for unified governance and data access control across both surfaces.

---

Competitive and ecosystem dynamics to watch​

• Microsoft (and other public-cloud vendors) are not standing still. Microsoft previewed a VM Conversion tool inside Windows Admin Center aimed at streamlining migrations from VMware to Hyper‑V, targeting the same regulated or compliance-driven customers who might favor on-premise solutions. That tool reduces the friction of moving off VMware stacks and represents a channel-level countermove to Broadcom’s on-prem thrust. Enterprises evaluating VCF should also track how hyperscalers continue to improve on-prem or hybrid offerings (managed VMware environments in the cloud and sovereign-cloud partnerships). (learn.microsoft.com, techcommunity.microsoft.com)
• Partnerships matter. Broadcom’s Canonical collaboration is tactical: secure, small images and supported drivers address air‑gapped and supply‑chain concerns. These engineering partnerships reduce integration work and make adoption smoother for customers with strict compliance regimes. Expect other vendor tie‑ups—NVIDIA, AMD, hardware OEMs and systems integrators—to be crucial to delivering the full promise of private AI. (canonical.com, news.broadcom.com)
• Channel and partner program changes are a double-edged sword. Broadcom has re-shaped VMware’s partner landscape, and some smaller VCSPs and integrators could be squeezed. Customers reliant on a particular partner should confirm continued support eligibility and channel roadmaps. Changes to partner programs can affect service continuity and negotiated rates, particularly for managed offers.

---

The bottom line​

Broadcom’s Explore keynote was a deliberate strategic move: position VMware Cloud Foundation not just as a private‑cloud replacement for fragmented datacenter tooling, but as the default on-premises platform for enterprise AI. The vendor has stitched together a credible technical story—native private AI services, improved security and recovery options, Canonical’s chiseled containers and driver support, and developer-oriented features that mimic public-cloud consumption models. Those combined capabilities will appeal to organizations that must keep data in‑house, face strict compliance requirements, or who can economically justify owning and operating AI infrastructure. (news.broadcom.com, canonical.com)
Yet the promise is not the same as delivered reality. Claims of outperforming public clouds and of cost superiority require careful, context‑specific financial and technical validation. Operational complexity, capital costs, and the risk of vendor consolidation or partner-program disruption are real considerations. For most enterprises the pragmatic path will be hybrid: test private AI for sensitive/high‑volume production workloads while using public cloud for experimentation and elasticity. The vendor race between on‑prem integration and cloud convenience is intensifying—and Broadcom has placed a major bet that many enterprises will prefer to keep the new generation of AI workloads close to home. (crn.com, investors.broadcom.com)

---

What to watch next​

• VCF Private AI Services general availability timing and real-world performance/price comparisons against major cloud providers. Ask for workload-specific benchmarks and independent third-party testing.
• Early customer deployments (Walmart, Grinnell Mutual, and others) and the detailed outcomes they report on cost, developer velocity and recovery time objectives. Vendor PR is useful—but customer case studies with numbers and technical architecture details are the gold standard. (globenewswire.com, ng.investing.com)
• Release cadence and partner program changes: how Broadcom balances enterprise stability against the demand for faster feature rollouts and how that affects long-term innovation in the VMware ecosystem. (blogs.vmware.com, techradar.com)

Broadcom’s message at VMware Explore is simple and provocative: if you care about data control, steady budgets, and sovereign AI, put the infrastructure back where you can see, measure, and govern it. The claim that private cloud can now match public cloud for AI workloads is worth taking seriously—but only after an evidence-based procurement cycle that separates compelling marketing from deployable reality.

---

Source: theregister.com Broadcom calls for tech to go back where it belongs: On-prem