Cloud strategy is no longer an either-or decision. Most organizations need both a private datacenter and a public cloud, so each application can run where it performs best and costs the least. Customers have asked us how to structure a successful hybrid approach, so here is a solid solution:
VMware Cloud Foundation (VCF) 9.0 is the software that powers a company’s private datacenter. Microsoft Azure is Microsoft’s public cloud that rents computing power, storage, and AI services over the internet. The two are designed to work together and complement each other.
This article explains, how VCF 9.0 and Microsoft Azure combine to cut costs, reduce complexity and maximize value.
Why is the hybrid cloud more crucial than ever before?
A few years ago, many companies believed they should move everything into the public cloud. While the public cloud remains the main option, it is not an either-or-decision: Today, most enterprises run a mix of both worlds, because each side has clear strengths and clear limits.
Enterprises now face several persistent challenges:
- Different workloads belong in different places
- Some applications run better on-premises: for example, when they need fast response times, must follow strict regulations, or have steady, predictable usage that is cheaper to host in your own datacenter (which has become more seldom with increased hardware costs since 2025).
- Other applications run better in a public cloud: for example, when demand swings up and down, when users are spread around the world, or when modern AI services are needed.
- AI is changing infrastructure decisions
- Sensitive company and customer data often must stay inside the company’s own walls for legal or privacy reasons. At the same time, Azure AI services have become important productivity tools. Both needs have to be served.
- Operational complexity must be reduced
- Running two completely separate technology stacks (one on-premises, one in the cloud) is expensive and slow. Customers want one consistent way of working that covers both.
- Skilled people are scarce
- A hybrid model only works if the on-premises and cloud sides use the same tools and the same skills. This alignment of tools reduces the need for completely separate skillsets.
In practice this means:
- Pure public cloud can create compliance issues in heavily regulated or sensitive environments.
- Pure on-premises misses out on the global reach, flexibility and AI services that Azure provides.
- Hybrid done right requires real expertise on both platforms so that the two halves behave like one system.
Under these conditions, integrating VCF 9.0 with Microsoft Azure becomes a primary value lever for the business. Let’s explore how you can combine these two solutions to get the best of both worlds:
How VMware Cloud Foundation (VCF) 9.0 and Microsoft Azure work together
1) Run VMware natively in Azure with Azure VMware Solution (AVS)
Azure VMware Solution (AVS) is a Microsoft service inside Azure that runs VMware Cloud Foundation directly on Microsoft’s own datacenters. It uses the same building blocks your IT team already knows from on-premises: vSphere, vSAN, and NSX.
In simple terms: vSphere is the engine that runs virtual computers. vSAN takes the hard drives sitting inside your servers and combines them into one big shared storage pool, so every virtual computer can use the same space. NSX handles networking and security between those virtual computers.
Maximize value through consistency
- No application rewrite when moving to Azure
- A virtual machine (VM) is a software-based computer that runs on top of physical hardware. With AVS, those VMs move to Azure as they are: you need almost no code changes, re-engineering, or re-testing of every application.
- Same skills on both sides
- Administrators use the identical tools and dashboards on-premises and in Azure. That significantly reduces additional training needs compared to heterogeneous stacks.
- Disaster recovery and burst capacity become simple
- Workloads can fail over to Azure during an outage, or temporarily expand into Azure when demand spikes. This works without building and paying for a second physical datacenter.
Result: lower migration risk and faster cloud adoption, while keeping the existing on-premises VCF investment fully usable.
2) Manage everything in one place with Azure Arc
Azure Arc is a Microsoft management layer that extends Azure governance, policies, security, and monitoring to systems that are not inside Azure (including a VCF 9.0 environment that runs on-premises).
Azure Arc acts as the cockpit from which everything is configured and watched. The actual workloads keep running where they are; only the management view becomes one.
Reduce complexity through unified management
- Single inventory across VCF and Azure
- Servers, virtual machines, Kubernetes clusters (the standard environment for modern container-based applications), and SQL databases all appear in one Azure portal view. This eliminates the need to log into separate tools.
- Consistent policy enforcement
- Security baselines, naming and tagging rules apply the same way no matter where the workload runs. The same goes for Role-Based Access Control (RBAC), which defines who is allowed to do what.
- Centralized monitoring and security
- Azure Monitor (the central health and performance dashboard) and Microsoft Defender for Cloud (the central security tool) keep an eye on both the on-premises VCF estate and the Azure estate.
Result: lower operational complexity and a stronger compliance posture, without forcing any workload to move.
3) Run AI workloads end-to-end with VCF Private AI Foundation and Azure AI
VCF 9.0 includes VMware Private AI Foundation with NVIDIA, which lets companies run AI models on their own hardware, using sensitive internal data that should never leave the building. Microsoft Azure adds the complementary side (Azure OpenAI, Azure AI Foundry, and Azure AI Search) for AI tasks that benefit from public cloud scale.
Accelerate AI without compromising data control
- Sensitive AI workloads stay on VCF
- Customer data, contracts, financial records, and other confidential information never leave the customer’s perimeter. This keeps your company aligned with regulatory and confidentiality requirements such as GDPR or sector-specific rules.
- Generative AI applications use Azure AI services
- Generative AI produces text, summaries, images, or code from a prompt. And with more advanced AI agents you can perform whole tasks that otherwise a human would do. For this productivity booster, companies need enormous capacity that Azure can provide on demand.
- A single AI strategy spans both environments
- Customers do not have to choose one or the other: Private and public AI work together, each handling what it does best.
Result: AI adoption accelerates without sacrificing data control or regulatory alignment.
4) Strengthen resilience with Azure Backup and Azure Site Recovery
VCF 9.0 environments can use Azure Backup (a managed backup service) and Azure Site Recovery (a service that brings systems back up after an outage) as off-site protection. For many customers, this removes the need to build and maintain a second physical datacenter just for safety reasons.
Lower the cost of resilience
- Geographic redundancy without a second site
- Backup copies and Disaster Recovery (DR) data live in Azure regions around the world, so a fire, flood, or power outage at the main location does not mean lost data.
- Predictable consumption pricing
- Customers pay for what they actually use, instead of idle standby hardware that sits unused for years waiting for an emergency.
- Tested recovery workflows
- Recovery procedures are integrated with the Azure portal and can be rehearsed regularly, so the team knows the plan works before a real incident happens.
Result: lower cost of resilience, and simpler audit evidence for business-continuity reviews.
5) Unify identity and security with Microsoft Entra ID
Microsoft Entra ID (formerly known as Azure AD) is Microsoft’s identity service: the digital passport that proves who a user is and what they may access. On the VMware side, VCF 9.0 includes three security and operations tools that work together with Entra ID:
- NSX is the built-in network and firewall inside the datacenter. It controls which virtual computers are allowed to talk to each other and blocks the traffic that should not be happening.
- vDefend is the threat-protection layer that sits on top of NSX. It watches for suspicious behavior between virtual computers (for example, an attacker trying to spread from one server to another) and blocks it automatically.
- Aria Operations is the monitoring and analytics dashboard for the VMware side. It shows how healthy each system is, how much capacity is left, and where problems are starting. It warns you before something breaks.
When Microsoft Entra ID is combined with NSX, vDefend, and Aria Operations, customers get one consistent set of guardrails across both environments. That includes the same identity, the same security rules, and the same health view on both the VMware and Azure sides.
Close security gaps through unification
- One identity provider for users and administrators on both VCF and Azure, so people use a single login and IT only manages one source of accounts.
- Conditional Access rules (which can block or challenge logins based on location, device health, or risk signals) apply to the management entry points on both sides.
- End-to-end security telemetry (the stream of security-relevant events) flows into one Security Information and Event Management (SIEM) system that collects and analyzes events from many sources to spot threats early.
Result: fewer security gaps and lower compliance overhead.
The Broadcom partner landscape has changed significantly
After Broadcom’s integration of VMware, the partner ecosystem has been strongly consolidated. Far fewer companies are allowed to sell, deploy, and support VMware products on Broadcom’s behalf. We are proud to remain a leading Broadcom partner with an expanded team of VMware-focused specialists.
On April 2, 2026, Broadcom:
- Offboarded more than 90 percent (%) of former partners. Customers have to look for new registered Broadcom partners.
- Shifted to a small, highly specialized partner model. This is to focus on a limited number of firms with deep expertise.
- Required certified teams of experts with professionals specialized in licensing, planning, and implementation.
In a hybrid model, customers also need a certified Microsoft partner to design, license, and operate the Azure side correctly alongside VCF. Expertise from a partner across both Microsoft and VMware is essential to maximize the value for your business.
SCHNEIDER IT MANAGEMENT’s role in the hybrid Broadcom + Microsoft ecosystem
SCHNEIDER IT MANAGEMENT is one of only three (3) registered Broadcom partners in Luxembourg following the April 2, 2026 partner consolidation, and support organizations globally. We are also one of the less than 200 Microsoft Licensing Solution Providers (LSP) worldwide, authorized to consult and sell across all Microsoft licensing programs. This is an industry-leading added-value for our customers, as we optimize across vendors and licensing programs to really maximize cost savings and productivity.
Our specialists cover the entire lifecycle on both sides: We optimize both Broadcom and Microsoft contracts to deliver maximum value at minimum cost.
This specialization is rare in the market and gives customers one accountable partner to rely one.
Summary
The cloud landscape has matured: a hybrid cloud approach combines the best of both worlds: on-premises workloads and a public cloud.
VMware Cloud Foundation (VCF) 9.0 and Microsoft Azure combine through:
- Azure VMware Solution (AVS) for consistent infrastructure (the same VMware tools and VMs, just running in Azure).
- Azure Arc for unified governance (one cockpit for all workloads, no matter where they run).
- VCF Private AI Foundation + Azure AI services for end-to-end AI (sensitive data stays private, while scale-out tasks use the cloud).
- Azure Backup and Site Recovery for resilience (off-site protection without a second datacenter).
- Microsoft Entra ID for unified identity and security (one login, one set of rules, and end-to-end visibility).
In a highly consolidated Broadcom partner landscape, achieving these benefits requires both deep Broadcom expertise and deep Microsoft expertise, ideally from the same partner.
Ready to design your hybrid VCF 9.0 + Azure strategy?
As a leading Broadcom and Microsoft partner, SCHNEIDER IT MANAGEMENT supports organizations in licensing hybrid VCF 9.0 + Azure environments, with a clear focus on value, performance, and long-term sustainability.