VMware Archives - In Balance IT

For more than two decades VMware was the safe bet. You could build on it, staff around it, and trust it to keep running.

Since Broadcom completed its $61 billion acquisition in late 2023, that trust has been eroding on every front. The pricing increases have grabbed the headlines, with customers reporting renewal hikes of 800 to 1,500%. But underneath the sticker shock is a more urgent concern: a growing list of critical security vulnerabilities, a support organization that struggles to keep pace, and a patching process that has left customers exposed for months.

Your Hypervisor is a Top Target

With many organizations, the ESXi hypervisor is the foundation that every virtual machine in your environment sits on. If an attacker compromises it, they don’t just take down one system, but potentially hundreds or thousands of systems. In March 2025, Broadcom disclosed three zero-day vulnerabilities in ESXi attackers exploited before patches were available. The most critical carried a CVE severity score of 9.3 out of 10. When chained together, the three flaws allowed attackers to break out of a virtual machine, take control of the host, and move laterally across the environment. By early 2026, CISA confirmed attackers were actively using these vulnerabilities in ransomware campaigns.

Researchers at Huntress subsequently published analysis of a sophisticated exploit toolkit targeting 155 different ESXi configurations, with forensic evidence showing attackers built it more than a year before public disclosure. At the time, roughly 30,000 ESXi instances remained exposed on the public internet leaving many companies scrambling to patch.

These aren’t isolated events.

Additional critical advisories hit vCenter Server, VMware Cloud Foundation, and other portfolio products throughout 2025 and into 2026. Huntress data showed hypervisor-targeted ransomware incidents roughly quadrupled in the second half of 2025. In April 2025, a ransomware attack targeting Marks & Spencer’s ESXi environment caused an estimated $400 million in damages.

Broadcom is Nowhere to be Found When You Need Help Most

Fast-moving vulnerabilities demand fast-acting support. But the post-acquisition experience tells a different story.

Customers report longer response times, more escalation layers, and less technical depth with support engineers. Many smaller organizations say they can no longer reach VMware engineers directly and are routed through third-party distributors instead. What used to be a same-day conversation with a knowledgeable engineer has, for many, become a weeklong waiting game and ticking time bomb of frustration.

The most consequential failure, however, intersects with security teams trying to keep their heads above water with the volume of vulnerabilities in their environments. In mid-2025, multiple outlets reported that perpetual license holders without active Broadcom support contracts could not download security patches through the Broadcom portal. Broadcom’s own support staff acknowledged the issue, with some customers told patches could take up to 90 days to become available.

This occured despite a public commitment from Broadcom’s CEO to provide free access to critical security patches for supported vSphere versions. The situation was serious enough that a Dutch court ordered Broadcom to continue providing support to the Netherlands’ Ministry of Infrastructure after the agency declined a subscription model that would have increased costs by 85%.

Four Reasons Why Enough is Enough

Your security posture should never depend on your licensing status. When the ability to patch actively-exploited vulnerabilities is gated behind a portal that may or may not grant access based on your entitlement type, your licensing posture and your exposure window are directly linked. The documented 90-day patch delay for perpetual license holders is not abstract. It is a vendor-acknowledged gap in your ability to remediate known threats.

Degraded support directly extends your exposure window. When a critical advisory drops and your first call routes through a distributor, then to a generalist, then to a specialist who may not be available, your organization absorbs every hour of that delay as additional risk. Slower vendor response times translate directly into longer periods where your business sits exposed.

You need a plan with options, not just a plan to stay. This is not about abandoning VMware tomorrow. It is about making sure that staying is an active, informed choice rather than a default one. Organizations that have mapped out credible alternatives enter every renewal negotiation and every incident response from a position of strength. Those that have not are subject to whatever terms and timelines their vendor dictates.

Cloud migration deserves evaluation on its own merits. Public cloud does not eliminate security risk, and anyone who says otherwise is not being straight with you. What it does change is the operating and shared responsibility models. Cloud eliminates per-core licensing traps and forced bundling allowing organizations to focus on what actually matters, delivering applications and services to the business. It introduces its own complexity around cost governance, but the question worth asking is whether those tradeoffs are better than the ones you are making today?

Ready to Start the Conversation?

At In Balance IT Solutions, we help organizations chart a practical path to what we call VMware Freedom. Whether that means building a cloud migration roadmap, designing a hybrid architecture, or developing a contingency plan that gives your organization real leverage at the negotiating table, our cloud and security teams are ready to help.

Don’t wait for the next advisory or the next renewal shock to force your hand. Reach out to In Balance IT Solutions today.

Schedule a 15-minute call

Michael Caplan is the Chief Technology Officer for In Balance IT Solutions.

What’s happening with VMware right now is not a refresh cycle, even though some organizations are treating it that way. A refresh cycle typically doesn’t come as a surprise and usually comes with expanded capabilities at a smaller relative price.

Broadcom is sending a bill, a stopwatch, and a ransom note.

But here’s the uncomfortable truth: For organizations willing to look past the panic, this moment isn’t just disruption—it’s an opportunity. Let’s not minimize it:

Costs went up—materially. We are seeing increases of 5X, 8X, to 10X in some cases.
Timelines shrank. Most refresh cycles have likely been cut in half (at least).
Choice narrowed. Low-end options (vSphere Essentials and Enterprise Plus) have been removed, forcing modest footprints into higher tiers.
Emergency Timing. Teams are reacting to unbudgeted, unplanned activity, many times for workloads and infrastructure that may not be strategic.

The technical debt clock is ringing, and it’s getting the CFO’s attention. That is where the opportunity begins.

Step One: Take the Pressure Off

Most customers have a desire to re-platform, refactor, or leverage public cloud, but they share a common challenge: Time.

For customers with perpetual licensing, this is where Third-Party Support (TPS) enters the chat—quietly, pragmatically, and without pretending it’s a silver bullet. Third-party VMware support doesn’t modernize your stack or magically fix architectural sins committed in 2013.

What it does do is:

Remove immediate renewal pressure.
Potentially reduce support costs (over the current run rate).
Decouple technical decisions from vendor deadlines.
Buy time—12–36 months of runway.
Provide space to rationalize workloads instead of forklift-migrating them in a panic.

This isn’t avoidance; it’s control and leverage.

Resource: Learn how to regain control at our VMware Freedom hub.

Step Two: Explore Creative Financial Options

Old habits die hard, and many infrastructure teams will be tempted to view this crisis as “just another form of refresh.” But many organizations have value in their stack that can be purchased and leased back, clearing up budget and transitioning some of the estate from CapEx to OpEx.

Under the right circumstances, this approach can:

Re-hydrate IT budgets instead of draining them.
Create opportunities to leverage savings into tech-debt removal.
Be open to new ideas—some customers are even selling their data centers through this approach!

This isn’t “sexy,” unless you like reducing budgets and freeing up capital … wait, that is sexy.

Step Three: Let’s Be Honest… It’s Just a Hypervisor

There was a time when virtualization was Jedi magic, but now it’s easily replaced, even with open source. A meaningful percentage of VMware workloads are near end-of-life, kept alive by inertia, not value.

VMware footprints can be reduced, or hypervisors can be replaced:

Reduce your footprint to run on fewer cores.
Replace your hypervisor with lower-cost or open-source options.
Migrate to managed or hosted versions of your VMware stack.

Sometimes, you don’t modernize for elegance; you look for the easiest way to support workloads that don’t deserve modernization.

Conclusion: Be Open, Curious, and Creative

Many VMware customers will pay the ransom and plan a move to an alternative commercial on-premises solution (e.g., Nutanix, Hyper-V) or the public cloud. But for those open to being creative, there is an opportunity to completely transform how you finance, budget, and operate.

Broadcom didn’t create your technical debt; they invoiced you for it. Faced with 5X to 10X costs for yesterday’s tech stack, a crisis starts to resemble something far more exciting: an opportunity to build new muscles and operate differently.

Tim Currie is the Director of Strategy for In Balance IT Solutions. He helps IT leaders make the hard decisions that future-proof their organizations. Whether it’s navigating a hostile renewal or architecting a cloud exit, Tim provides the pragmatic, vendor-agnostic playbooks that teams need to move fast without breaking things.

Why CISOs Can No Longer Afford to Wait for VMware