Adam Schmitt

VCF 9.1 Express Patch 01 dropped today. If you're on 5.2.1 — you can't go straight there. 5.2.1 → 5.2.2 or 5.2.3 first. Then 9.1. Miss that hop and your change window becomes a rollback debrief at 2am. The release notes have the path. Read them before the CAB meeting, not during it. #VCF91 #VMware #VCF

This is the diagram your network team asks for before they'll approve a multi-site VCF design. The latency boundaries between the Primary and Secondary instances aren't just guidance — they're the difference between a healthy fleet and one that silently degrades under operations collector load. Print it. Laminate it. Tape it to the wall next to your CAB process.

That 5.2.1 → 5.2.2/5.2.3 prerequisite is the one teams skip. We've seen it in the field: someone reads "upgrade to 9.1" in the CAB deck but missed the intermediate hop in the release notes. The patch fails, the change window burns, and now you're explaining a rollback at 2am. If you're on 5.2.1 — read the release notes before the CAB meeting, not during it.

This is the one that trips up brownfield deployments. Most shops deployed VCFA on the management network by default and never revisited it. Moving to a non-mgmt network means touching firewall rules, re-validating certificates, and re-registering integrations — all during a change window. The gotcha we hit: IPAM and CMDB integrations that hardcoded the old endpoint. Test your round-trips before you cut over. Good write-up as always.

The burst traffic problem for AI workloads is one that doesn’t show up cleanly in pre-deployment capacity planning — it surfaces under inference load when your Kubernetes ingress wasn’t sized for it. Software-defined elasticity at the load balancer layer is the right answer for VCF environments running VKS supervisor clusters. The alternative is retrofitting network capacity decisions you should have made at Day 0. This is the infrastructure layer most teams underspecify.

The governance gap Krish is describing is the one that shows up in production, not in the architecture review. Consolidating AI workloads onto a unified Kubernetes-native private cloud platform closes the tooling gap. The harder close is the operational gap — teams still running AI workload governance from VM-era runbooks on infrastructure that’s moved well past them. VCF 9.1 gives you the platform to close both. In that order.

Congrats Kaz — vExpert VCF is a meaningful recognition, especially for someone contributing at the VMUG community level. The VCF practitioner community is where the real deployment knowledge lives. The vendor docs give you the steps. People like you give the community the judgment to use them well. Looking forward to following your contributions this year.

Everyone's talking about VCF 9.1 features. Nobody's talking about the skills gap it creates. VCF 9.1 isn't just an upgrade. It's a new operating model. Teams that treat it like a patch cycle are going to struggle with: — Workload domain design decisions they've never had to make before — VKS supervisor cluster placement that doesn't map to anything in their previous runbooks — NSX topology that now has to account for AI workload traffic patterns — Day 2 automation that assumes a VCF Automation skill set most ops teams don't have yet The platform is ready. The question is whether your team's architecture thinking is ready for what the platform enables. Broadcom Knight certified. Skills gaps show up at go-live. #VCF91 #VMware #BroadcomKnight #EnterpriseIT #PrivateCloud

An ultimate deployment guide for VCF 9.1.x from a practitioner perspective is exactly what’s missing from most upgrade runbooks. The vendor docs give you the steps. A deployment guide from someone who’s actually run it in production gives you the decisions you have to make before the first step — and the ones most teams skip. Bookmarked.

VM network placement through VCF Automation Network Profiles is exactly where the operational model for consistent workload domain networking either holds or drifts over time. Manual VM network placement decisions compound fast across environments — getting this automated before your first production workload domain is built is the difference between a repeatable model and a one-off configuration you spend months rationalizing. Adding this to the reference stack.

The partner validation on VCF 9.1 replacing hypervisor, storage, networking, and security silos simultaneously is the conversation that lands in executive briefings. Enterprise teams are used to hearing this from Broadcom. Hearing it from an independent partner CEO who has deployed it in production is a different kind of signal. This is the reference architecture story enterprise architects actually need.

Zero Touch Provisioning from Bare Metal to ESX Install in VCF 9.1 changes the deployment conversation for enterprise teams managing distributed edge infrastructure. Auto Deploy modernization + vSphere Configuration Profile integration is the combination that makes repeatable, consistent node provisioning at scale actually achievable — not just documented. Edge to DC ZTP is the right direction. More of this.

A dedicated upgrade planning tool for VCF 9.1 changes the pre-upgrade conversation with enterprise teams. The hardest part of VCF 9.1 upgrades isn’t knowing the path — it’s doing the pre-work that makes the path safe to walk: NSX topology documentation, VKS placement decisions, protection policy alignment before migration. The tool gives you the map. The pre-work is still on you.

Broadcom just released a VCF 9.1 Upgrade Planning Tool. This is genuinely useful. And it still won't save teams that skip the pre-work. Here's what the tool can't do for you: — Document your NSX segment topology before you start — Decide where your VKS supervisor clusters land post-upgrade — Align your VM vs K8s protection policies before you migrate — Validate your PPDM failback, not just failover A planning tool shows you the path. It doesn't build the foundation you need to walk it safely. Broadcom Knight certified. The tool is the map. Pre-work is the terrain. #VCF91 #VMware #BroadcomKnight #EnterpriseIT

A VCFDT cheatsheet is the kind of reference that saves 45 minutes on every deployment the first time you actually need it under pressure. The download and staging workflow is one of those steps that looks simple until you’re managing it across multiple air-gapped or disconnected environments. The “reference for myself” framing is exactly right — this is the content that gets bookmarked and shared in Slack channels.

Secure Boot Cert expiration is exactly the kind of issue that surfaces at the worst possible moment — mid-upgrade validation, when you least want an unexpected failure mode. VCF 5.2.4 + vSphere 8.0u3j landing together makes the patching decision easier to justify to ops teams waiting to consolidate changes. This should be in every VCF admin’s feed today.

The VCF 9.1 API surface is where the operational model for enterprise automation either gets built right or bolted on later. Getting the API Access and Client/Token model right before workload domains are deployed is the difference between automation that scales and scripts that break every update cycle. Fleet Mgmt APIs for Cert and Password management are the ones that show up in security audits. Day 0 thinking, not Day 2 scramble.

Most VCF teams have a backup strategy. Almost none of them have tested recovery inside a workload domain under ransomware conditions. Those are completely different things. What the gap looks like in practice: — Backups run. Recovery procedures were never validated end-to-end. — PPDM policies were written for VMs. Nobody updated them for VKS workloads. — The air-gap vault exists. The failback runbook doesn't. — Recovery was tested once at deployment. The environment has changed 6 times since. VCF 9.1 gives you the isolation architecture to contain a ransomware event. PPDM + CyberRecovery gives you the recovery path. But only if you've validated the full round trip — not just failover. Dell CyberRecovery certified. Dell PPDM certified. Broadcom Knight. Test the round trip. #VCF91 #CyberRecovery #VMware #PPDM #BroadcomKnight #Ransomware