As a Cloud Service Provider, your value proposition is shifting. It’s no longer just about providing “space” for workloads; it’s about providing a secure, high-performance platform for the AI era. With the launch of VMware Cloud Foundation (VCF) 9.1, VMware vDefend introduces critical enhancements that allow you to deliver self-service, high-performance lateral security across both VMs and Kubernetes, creating new revenue streams while reducing operational overhead.
1. Enhanced Throughput for High-Performance AI and Non-AI Workloads AI Workloads
AI and high-performance computing (HPC) workloads demand massive distributed throughput. Traditional, centralized, appliance-based security often becomes a bottleneck for modern distributed workloads, both from cost and operational perspectives, forcing you to choose between security and performance.
vDefend 9.1 introduces IDPS Turbo Mode, which triples threat-prevention throughput:
- Performance: Increases from 3 Gbps to 9 Gbps per host.
- Scale: Delivers up to 9 Tbps per VCF domain using a distributed architecture
CSP Benefit: This allows you to secure even the most resource-intensive AI training and inference workloads, as well as high-performance non-AI workloads, without incurring the expensive hardware-appliance-based security costs, thereby directly improving your Total Cost of Ownership (TCO).
2. Multi-Tenant Self-Service: Security on Demand
One of the biggest friction points for CSPs is the manual configuration of firewall rules for every new tenant. vDefend 9.1 automates this with VPC Simplified Security.
- System-Defined Profiles: You can now offer five pre-defined Security Profiles within VCF Automation.
- One-Click Posture: Tenant Admins can select a profile for their Virtual Private Cloud (VPC), automatically applying foundational Distributed Firewall (DFW) rules.
CSP Benefit: This “plug-and-play” security model allows you to provide a consistent security posture to your customers while empowering them to manage their own security policy, reducing your support tickets and accelerating time-to-value for new tenants.
3. Unified Protection for Mixed-Mode Environments
Your customers are increasingly running “mixed” environments—legacy applications in VMs alongside modern microservices in Kubernetes.
vDefend 9.1 extends its hypervisor-native IDS/IPS capabilities to vSphere Kubernetes Service (VKS) workloads via CNI integration. This allows you to offer:
- Pod-Level Inspection: Continuous threat inspection for container-to-container and container-to-VM traffic.
- Simplified Policy: A consistent security policy across VM and VKS workloads. .
- Virtual Patching: Protect tenants quickly against software vulnerabilities at the network layer using IDPS signatures before software patches are rolled out.
- Compliance: Meet compliance requirements (PCI-DSS and HIPAA)
CSP Benefit: You can market a “Unified Security Fabric” that protects the entire application infrastructure, regardless of how customers choose to architect and deploy their software in addition, as AI-driven exploitation of software vulnerabilities becomes a major concern for enterprises, you have an opportunity to offer a new virtual patching service to protect your customers’ applications and to offer compliance as a value-added service for your compliance-sensitive customers.
4. Granular Control and Efficiency: “Exempt Actions”
Not all traffic needs deep inspection. Large-scale operations like nightly backups or massive data migrations can consume security resources unnecessarily.
The new Exempt Actions feature allows your security admins to exclude trusted traffic (like backup streams) from inspection.
CSP Benefit: This optimizes CPU utilization across your fleet, ensuring that security processing power is reserved for high-risk traffic, further lowering your operational costs.
5. Advanced L7 Visibility
With a 5x increase in Application Identification (~4,000 new App IDs), vDefend 9.1 provides unprecedented Layer 7 visibility.
CSP Benefit: This simplifies security operations by streamlining rule creation with App ID, rather than relying on complex ports and protocols. In addition, it provides granular visibility into application traffic that CSPs can offer to customers as a value-added service.
Conclusion: Upgrade for AI-Ready Secure Infrastructure
For Cloud Service Providers, vDefend in VCF 9.1 isn’t just a security update—it’s a platform for growth. By moving security into the hypervisor and automating the tenant experience, you can provide the lateral security required for the AI era at a scale that traditional hardware-based solutions simply cannot match.
