SMBs should be aware that VMware / Broadcom ’s new rules could be a big blow to your budget. With a 72-core minimum license requirement, you could end up paying for more than you use. And that’s not the only bad news.
VMware/Broadcom did harden the rules, again. The fact that an organization has to purchase minimum 72 cores per contract puts many in a situation where the expenses for licensing are just not worthy anymore. In fact, since April 10, 2025, the minimum number of cores required for VMware licenses will increase from 16 to 72 cores.
Additionally, Broadcom has introduced penalties for customers who has not renewed their subscription licenses on the anniversary data. Those penalties represent 20% of the price of the first year of subscription and will be applied retroactively.
Now, back to the 72 cores requirements. As an example, imagine customer who is using only a single-CPU server with 8 cores. The license required to cover such an installation is 72 cores. However, if customer has 5-dual CPUs installed within his datacenter with 16 cores per CPU, then the total number of cores is 160. In this case, VMware/Broadcom will license 160 cores.
It means that every environment with anything less than 72 cores will waste money on renewals because of non-utilization of cores.
Update: Apparently VMware is rolling back to 16 cores. We don’t know for how long, but the latest news says that 16 cores minimum is back again.
VMware is locking down updates and patches
Usually, when you want to patch a VMware environment, you use an URL depot.vmware.com configured within your VMware products across the line. From that url you usually pull your patches for vCenter/ESXi etc.
Well, now VMware/Broadcom has introduced a unique ID (SiteID) tightened to your customer’s organization ID. All updates will require a new token that will be generated on a new SiteID of the customer.
The new SiteID is a new ID (new construct) for VMware licensing, that ties your organization with its licensing and support. Any downloads, from now on, are checked for the SiteID, before pulled down.
Quote from VMware:
Downloads will be authorized through a unique token. The new URLs are embedded with the token to verify that you, as an authorized user/party, are the one downloading the file.
These URLs will continue to work until 4/23/2025. After this, they will no longer work without the unique tokens as part of the download request.
VMware says that the public facing repository URLs and authentication mechanisms are changing. Download URLs are no longer common but unique for each customer therefore will require to be re-configured.
You can read the official KB article here: VCF Authenticated downloads Configuration Update Instructions.
Note: VMware provides a script (Check the VMwareKB here – Authenticated Download Configuration Update Script) that you can help you and update your virtual infrastructure. This script will ask you to enter
Products affected? Most of VMware products:
- VMware vCenter Server 7.x
- VMware vCenter Server 8.x
- VMware vSphere ESXi 7.x
- VMware vSphere ESXi 8.x
- SDDC Manager 4.5.x
- SDDC Manager 5.x
- Offline Bundle Transfer Utility (OBTU)
- Async Patch Tool (AP Tool)
- Update Manager Download Service (UMDS)
- vSAN File Services
Download critical VMware patches on expire contract
Just a quick note for customers that are not renewing their VMware contracts, but still needs to maintain their infrastructure up to date.
If you’re on older VMware infrastructure you still need patches, right. You need to make sure to still secure the environment for zero day (critical patches). You can check Broadcom [KB314603] – Zero Day (i.e., Critical) Security Patches for vSphere (7.x and 8.x) Perpetual License Customers with Expired Support Contracts.
We can read there that you CAN still install/download your patches for your version (according to that Broadcom KB) for supported vSphere version.
Quote:
On April 15, 2024, Broadcom announced via blog post that all customers, including those with expired support contracts, will have access to all patches for Critical Severity Security Alerts for supported versions of VMware vSphere.
Supported versions of VMware vSphere are versions 7.x and 8.x. Broadcom defines a zero-day security patch as a patch or workaround for Critical Severity Security Alerts with a Common Vulnerability Scoring System (CVSS) score greater than or equal to 9.0.
Final Words
The hardening of licensing and locking down patching via new SiteID construct does not really surprises me. VMware/Broadcom is not interested in SMBs. They only cares about their large customers and increase of their revenue for the shareholders. 1
It has been announced, executed, done. No more vSphere Essential packages, no perpetual license, only vSphere Cloud Foundation (VCF) moving forward. Now those patches tightening.
SMB customers that are currently running vSphere 7.x or 8.x are having choice to leave the VMware eco system and go for alternative hypervisor platform. There is Proxmox, XCP-NG or Hyper-V for Microsoft admins. Those solutions evolving rapidly because the compagnies that maintain those solutions (especially Proxmox and XCP-NG), do have more clients willing to use them. And who says more clients, means more funds available for development. For example, XCP-NG and Vates had tripled the size of their development teams so each 2 weeks there is a new release and the product is maturing at a rapid pace.
It feels that things are really changing rapidly for small customers indeed. I do continue to hear about organizations who feel Broadcom’s changes sees their costs rise to levels at which they feel they must migrate to an alternative platform.
Well, this does not mean that you should jump on and delete your VMware infrastructure. However, you should plan ahead and when the time comes to replace your existing aging hardware, use an alternate hypervisor platform to make a move from VMware. The sooner, the better.
Migration tools are provided by those hypervisors’ platforms too, and if not, there are tools to convert VMs via third party tools or via your existing backup software (you restore your backup directly to the alternative hypervisor format). As you can see, solutions exist.
As for VMware community, “homelabers”, this is certainly another nail in the coffin. It further reinforces the fact that all “freebies” are gone. ESXi free was discontinued last year and ended the preferred home lab solution for many VMware enthousiasts.
Update: ESXi FREE is back again! My blog post about it here.
