The cloud operating model is defined by agility, self-service, and isolation. With VMware Cloud Foundation (VCF) 9, Broadcom has delivered a massive leap forward by integrating Virtual Private Cloud (VPC) capabilities natively into the private cloud experience. This isn’t just a renaming of NSX features even though the concept is relatable.

Historically, setting up networking for a new tenant or application in a private cloud required deep NSX knowledge. VCF 9’s VPC fundamentally changes this:

The VPC model is integrated directly into vCenter and VCF Automation. Application teams can now provision their own isolated subnets, network services (like NAT), and security rules within pre-defined guardrails.

VPCs introduce a Transit Gateway construct, simplifying inter-VPC routing and external connectivity. This model clearly defines how traffic flows between isolated VPCs and the physical network, mirroring the hub-and-spoke efficiency of public cloud designs.

VPCs simplify network consumption by offering three distinct subnet types, making connectivity intent crystal clear:

• Private VPC: Isolated within the VPC (requires NAT for external access).
• Private Transit Gateway: Routable only within the Transit Gateway domain (allows inter-VPC communication).
• Public: Directly routable to the external physical network.

Key Pointers:

1. External Connectivity Types can be configured in two different ways:
   a. Centralized Network Connectivity – This requires Tier-0 Gateway inbetween Transit Gateway of VPC and Physical Gateway.
   b. Distributed Network Connectivity – routes directly to the physical network on the ESXi hosts (no dedicated NSX Edge VMs required)
   
2. The VPC inerits the External IP Block and Private Transit Gateway IP Block specified while configuring the centralized or distributed network connectivity type
   
3. You can create VPC directly from vCenter Inventory -> Networks -> Virtual Private Clouds -> ADD VPC
   
4. New NSXCLI’s introduced for VPC: get vpcs (on NSX Edge to get info about VPCs), get tgws (on NSX edge node to get info about transit gateway)
   
5. Subnets can be created by right clicking the VPC -> New Subnet. As part of the subnet configuration settings, you can configure access mode (private, public or transit gateway), IP block allocation type automatic or manual, gateway connectivity and DHCP settings.

Reference links:

https://blogs.vmware.com/cloud-foundation/2025/07/02/vmware-virtual-private-cloud/

https://techdocs.broadcom.com/us/en/vmware-cis/vcf/vcf-9-0-and-later/9-0/building-your-private-cloud-infrastructure/managing-virtual-private-clouds-in-vcenter/add-a-virtual-private-cloud-in-vcenter.html