Kubernetes has become the foundation for running modern, containerized applications across enterprises. Platforms such as Red Hat OpenShift have played a key role in accelerating Kubernetes adoption by providing enterprise-grade security, governance, and operational tooling.
As organizations scale their container platforms across on-premises and hybrid environments, new challenges emerge. Beyond deploying clusters, teams must operate them reliably over time—managing upgrades, security, networking, storage, automation, and governance while maintaining high availability and performance.
In many environments, Kubernetes platforms operate independently from the underlying infrastructure. Virtualization, automation, and container orchestration are managed through separate systems, each with its own lifecycle and operational model. While this approach is functional, it often leads to fragmented operations, increased complexity, and slower innovation. At the same time, organizations are under growing pressure to deliver application platforms that are not only powerful but also predictable, secure, and easy to operate at scale.
This article presents a real-world transition in the defense industry, operating at enterprise scale. It focuses on the migration from an OpenShift-based platform to VMware VKS, supporting internal platform consumers such as DevOps and application teams running mission-critical workloads on Kubernetes.
Original Environment: OpenShift on Top of VMware Infrastructure
The original platform was based on enterprise Kubernetes distributions deployed on top of VMware virtualized infrastructure. The OpenShift cluster was running on virtual machines on top of vSphere Control Planes and Workers.
This architecture provided strong Kubernetes capabilities and flexibility. However, it also introduced a layered operational model:
- Operational Overhead: Teams had to maintain the VMware platform and Kubernetes platforms separately. Routine tasks often required coordination between multiple teams.
- Complex Patching and Upgrades: Infrastructure and Kubernetes followed separate lifecycle paths, making version alignment and maintenance planning more difficult.
- Fragmented Observability: Monitoring and troubleshooting were spread across multiple systems, limiting end-to-end visibility.
To overcome these heavy operational burdens, the organization needed a flexible and scalable solution. Unlike fragmented architectures that often demand large, dedicated teams, VMware Cloud Foundation is designed to fit customers of all sizes - from Small and Medium-sized Businesses (SMBs) looking to minimize IT overhead and simplify operations, to large Enterprises requiring massive scale, strict security, and multi-tenant governance.
Target Architecture: VMware Cloud Foundation 9, VCFA & VKS
To address these challenges, we designed a unified platform based on VMware Cloud Foundation 9. The new architecture integrates three core components:
- VMware Cloud Foundation (VCF) as the infrastructure foundation.
- VMware Cloud Foundation Automation (VCFA) as the self-service and orchestration layer.
- VMware vSphere Kubernetes Service (VKS) as the Kubernetes platform.
VCFA enables internal customers to provision and manage a broad range of infrastructure and platform services on demand through standardized service catalogs and automated workflows. In addition to virtual machines and Kubernetes clusters, VCFA supports the delivery of services such as container platforms, load balancers, networking and security constructs, storage services, database platforms, operating system images, application runtimes, and day-2 lifecycle operations including scaling, patching, backup, and decommissioning.
This self-service approach enables consistency, governance, and faster time-to-value across private and hybrid cloud environments. Key capabilities include automated cluster deployment, policy-driven resource allocation, quota enforcement per organization, and workflow-based lifecycle management.
Multi-Tenant Governance Model
The platform was designed to support multiple internal organizations through predefined quotas and access controls. This model supports fair resource allocation, cost transparency, secure workload isolation, and simplified onboarding.
Operations and Observability
- Centralized Monitoring across compute, storage, networking, and Kubernetes
- Custom dashboards for infrastructure and applications
Platform Lifecycle and Management
- Coordinated infrastructure and Kubernetes upgrades
- Centralized patch management
- Reduced dependency on manual procedures
Instead of managing multiple independent upgrade cycles, teams operate within a unified lifecycle framework, improving stability and predictability.
Migration Phase
The transition to VCF 9 was performed using a phased migration strategy. New VKS environments were deployed alongside the existing OpenShift platform. Applications were deployed on the VKS cluster, ensuring consistent configuration, version control, and repeatable deployments.
This parallel operation period enabled the validation of networking, storage configurations, and security policies. Once stability was confirmed, workloads gradually migrated to the new platform. Standardized provisioning through VCFA enabled repeatable and scalable deployments.
Results and Business Impact
Maximizing ROI and Eliminating "Double Licensing"
Many organizations running third-party platforms like OpenShift on top of VMware environments find themselves essentially paying twice for overlapping capabilities. Transitioning to VCF 9 allows decision-makers to maximize their existing VMware investments. By leveraging VKS and VCFA natively, organizations can significantly reduce third-party licensing costs and lower their Total Cost of Ownership (TCO), all while utilizing a platform they already own.
Unified Support and Operations (Single Point of Accountability)
Operating OpenShift on separate virtualized infrastructure often leads to fragmented support and a "ping-pong" effect between infrastructure and Kubernetes teams during critical incidents. Moving to a unified VCF 9 architecture provides full-stack accountability. From the hypervisor up to the Kubernetes control plane, everything is supported by a single vendor, drastically reducing Mean Time To Resolution (MTTR) and eliminating vendor finger-pointing.
Uncompromised Developer Experience
A primary reason organizations adopt platforms like OpenShift is the self-service developer experience. The transition to VCFA not only preserves this high standard, but expands it. Developers and internal teams are empowered with a comprehensive self-service catalog. With a single click, they can provision not just Kubernetes clusters, but entire ready-to-use environments—including networking, security constructs, databases, and traditional virtual machines—removing IT bottlenecks and accelerating time-to-market.
VMware Cloud Foundation 9 provides an integrated alternative that unifies infrastructure, automation, and Kubernetes services within a single operational framework. By consolidating lifecycle management, governance, and observability, organizations can deliver modern application platforms more efficiently, securely, and sustainably.
This journey demonstrates how a unified cloud operating model can serve as a strong foundation for long-term enterprise Kubernetes success.
How is your organization managing the balance between Kubernetes innovation and infrastructure costs? I’d love to hear your thoughts or discuss how you can optimize your current environment.
Read other blogs from our Broadcom Knights here.