<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=58103&amp;fmt=gif">
Skip to content
Let's Talk
Search icon
Let's Talk
All posts

HR Firm Escapes VMware Price Hike with OpenShift Virt in 255 Hours

  Shadow-Soft Team  ·  3 minute read

Summary:

Under pressure from Broadcom’s VMware price hikes, the client needed to switch to a secure alternative quickly. Shadow-Soft delivered a secure, production-ready OpenShift Virt environment despite major infrastructure gaps, limited access, and no in-house Kubernetes expertise.

The Challenge

Broadcom’s acquisition of VMware created a clear financial pressure: rising licensing costs with no strategic upside. The client needed out quickly and without disruption. Otherwise, there was an increased risk of locking themselves into a platform that was too expensive to justify.

But the exit wasn’t simple. 

The internal team lacked experience with Kubernetes and had limited infrastructure capacity. Worse, their data centers were connected by a 40Mbps link, too slow for standard migration tooling. 

Without a new approach, they faced delays, downtime, and rising costs with no end in sight. The client reached out because of our experience migrating other firms away from VMware.

Our Solution

Shadow-Soft deployed a production-grade OpenShift Virt environment that aligned with the client’s security, compliance, and scalability needs. What began as a pilot was adapted into a live production system, with the architecture hardened early to support long-term use.

To meet security and compliance requirements, the team integrated Portworx for high-availability storage and HashiCorp Vault for encrypted secrets management. 

Networking was configured for FIPS compliance, and infrastructure services were deployed across a three-node bare metal cluster.

The solution was designed to be stable, resilient, and extensible, giving the client a viable path off VMware without over-engineering for capabilities they weren’t ready to adopt.

Our Process

This engagement began as a tightly scoped pilot. However, it shifted early into a full production rollout. Shadow-Soft adjusted quickly, building a secure, resilient environment while mentoring the client’s team along the way.

Key milestones included:

  • Validated platform design for OpenShift Virt and Red Hat Enterprise Linux, matched to the client’s infrastructure capacity and compliance needs.
  • Deployed OpenShift 4.15* on bare metal across a three-node cluster, with high availability baked into control and worker nodes.
  • Integrated Portworx storage and enabled OpenShift Virtualization to support workload migration from VMware.
  • Configured HashiCorp Vault for secure secrets management and FIPS-compliant networking to meet government-related security standards.
  • Upgraded to OpenShift 4.16 to coach the client through best practices around rolling updates and deprecated APIs.
  • Adapted to physical VM transfers when bandwidth limitations made standard migration tools unusable.

Each step was structured to deliver value quickly while accounting for real-world constraints the client faced internally.

*We deploy one version behind the latest OpenShift release to coach clients through a real upgrade, helping them understand API changes, upgrade risks, and how to manage versioning in production.

The Roadblocks

What began as a short-term pilot became the foundation for a production environment. The shift meant rethinking the deployment to ensure security, monitoring, encryption, and high availability were all in place from day one. We pivoted quickly, adjusting the architecture mid-flight.

A critical infrastructure limitation emerged mid-project: the client’s virtual machines resided in a separate data center connected by a 40 Mbps link. Migration tools like MTV were unusable. The only viable workaround was a manual export that involved physically transporting workloads between sites using external drives. It wasn’t ideal, but necessary.

The Toolstack

OpenShift (4.15 upgraded to 4.16): Core platform for virtualization.

OpenShift Virtualization: Replaced VMware as the virtualization layer. Enabled live VM operations inside OpenShift and formed the foundation of the client's production environment.

Portworx: Delivered the high-availability, software-defined storage needed to support OpenShift Virtualization and live migration.

HashiCorp Vault: Used for secure secrets management and encryption, enabling compliance with internal security policies and FIPS networking standards.

The Results

The client now runs a secure, production-grade OpenShift Virt environment. They’ve eliminated their reliance on VMware and avoided rising licensing costs.

The environment meets internal security requirements, supports future growth, and is fully operated by the client’s team. In under six weeks (255 delivery hours), Shadow-Soft built a compliant, scalable infrastructure.

The internal team also gained hands-on experience managing a live OpenShift upgrade, reducing future platform risk and giving the team confidence in ongoing operations.

Key Results:

  • Replaced VMware with OpenShift Virt
  • Avoided ongoing licensing increases
  • Met FIPS and internal security requirements
  • Built a scalable, production-ready platform
  • Delivered in 255 hours across six work weeks
  • Trained internal team through live upgrades and mentorship

What’s Next?

The client is continuing to port additional workloads to OpenShift Virt. Once the migration is complete, they plan to explore automation, template-based VM provisioning, and tighter integration with service desk tools.

This project also laid the foundation for broader platform adoption across infrastructure and security teams as they move away from legacy systems.

Client Overview:

The client is a U.S.-based, mid-sized HR services firm operating in tightly regulated and government-adjacent sectors. 

They specialize in managing workforce processes and compliance for public-sector organizations, emphasizing data security and operational reliability