Summary:
Under pressure from Broadcom’s VMware price hikes, the client needed to switch to a secure alternative quickly. Shadow-Soft delivered a secure, production-ready OpenShift Virt environment despite major infrastructure gaps, limited access, and no in-house Kubernetes expertise.
Broadcom’s acquisition of VMware created a clear financial pressure: rising licensing costs with no strategic upside. The client needed out quickly and without disruption. Otherwise, there was an increased risk of locking themselves into a platform that was too expensive to justify.
But the exit wasn’t simple.
The internal team lacked experience with Kubernetes and had limited infrastructure capacity. Worse, their data centers were connected by a 40Mbps link, too slow for standard migration tooling.
Without a new approach, they faced delays, downtime, and rising costs with no end in sight. The client reached out because of our experience migrating other firms away from VMware.
Shadow-Soft deployed a production-grade OpenShift Virt environment that aligned with the client’s security, compliance, and scalability needs. What began as a pilot was adapted into a live production system, with the architecture hardened early to support long-term use.
To meet security and compliance requirements, the team integrated Portworx for high-availability storage and HashiCorp Vault for encrypted secrets management.
Networking was configured for FIPS compliance, and infrastructure services were deployed across a three-node bare metal cluster.
The solution was designed to be stable, resilient, and extensible, giving the client a viable path off VMware without over-engineering for capabilities they weren’t ready to adopt.
This engagement began as a tightly scoped pilot. However, it shifted early into a full production rollout. Shadow-Soft adjusted quickly, building a secure, resilient environment while mentoring the client’s team along the way.
Key milestones included:
Each step was structured to deliver value quickly while accounting for real-world constraints the client faced internally.
*We deploy one version behind the latest OpenShift release to coach clients through a real upgrade, helping them understand API changes, upgrade risks, and how to manage versioning in production.
What began as a short-term pilot became the foundation for a production environment. The shift meant rethinking the deployment to ensure security, monitoring, encryption, and high availability were all in place from day one. We pivoted quickly, adjusting the architecture mid-flight.
A critical infrastructure limitation emerged mid-project: the client’s virtual machines resided in a separate data center connected by a 40 Mbps link. Migration tools like MTV were unusable. The only viable workaround was a manual export that involved physically transporting workloads between sites using external drives. It wasn’t ideal, but necessary.
OpenShift (4.15 upgraded to 4.16): Core platform for virtualization.
OpenShift Virtualization: Replaced VMware as the virtualization layer. Enabled live VM operations inside OpenShift and formed the foundation of the client's production environment.
Portworx: Delivered the high-availability, software-defined storage needed to support OpenShift Virtualization and live migration.
HashiCorp Vault: Used for secure secrets management and encryption, enabling compliance with internal security policies and FIPS networking standards.
The client now runs a secure, production-grade OpenShift Virt environment. They’ve eliminated their reliance on VMware and avoided rising licensing costs.
The environment meets internal security requirements, supports future growth, and is fully operated by the client’s team. In under six weeks (255 delivery hours), Shadow-Soft built a compliant, scalable infrastructure.
The internal team also gained hands-on experience managing a live OpenShift upgrade, reducing future platform risk and giving the team confidence in ongoing operations.
The client is continuing to port additional workloads to OpenShift Virt. Once the migration is complete, they plan to explore automation, template-based VM provisioning, and tighter integration with service desk tools.
This project also laid the foundation for broader platform adoption across infrastructure and security teams as they move away from legacy systems.
The client is a U.S.-based, mid-sized HR services firm operating in tightly regulated and government-adjacent sectors.
They specialize in managing workforce processes and compliance for public-sector organizations, emphasizing data security and operational reliability