What We Discovered About Harbour Ridge Financial
Harbour Ridge Financial is running a significant VMware estate across three data centres — now facing an unjustifiable Broadcom price hike, growing scalability demands, and increasing pressure to modernise without compromising PCI-DSS, FCA, and SOX compliance.
Key Discovery Findings
Unjustifiable Cost Increase
Broadcom's acquisition of VMware has triggered a 40–70% licence price hike at your next renewal — with no meaningful feature improvements to justify the additional spend.
Scalability Demands
As data centre operations expand, your IT team needs a platform that scales dynamically — allocating resources elastically across growing VM workloads without linear cost increases.
Modernisation Bottleneck
Development teams are adopting containers while ops manages VMs separately — creating duplicated tooling and siloed operations that block the move to cloud-native architectures.
Compliance & Security Risk
As a financial services organisation, you face stringent regulatory obligations — PCI-DSS, FCA requirements, and SOX. Any new platform must enforce controls automatically, not as an afterthought.
How OpenShift Virtualization Solves Your Challenges
Red Hat OpenShift Virtualization directly addresses every challenge Harbour Ridge Financial faces — from unjustifiable licensing costs to compliance, scalability, and the path to cloud-native modernisation.
Six Pillars Aligned to Your Needs
Cost-Effectiveness & Predictable Pricing
Open-source core with subscription-based pricing eliminates per-VM licence shock. Replace unpredictable Broadcom renewals with a transparent, per-core model that scales without surprises.
Scalability & Performance
Built on Kubernetes, OpenShift scales VM and container workloads elastically. Dynamically allocate resources as your data centre grows — without a proportional increase in cost or complexity.
Unified Management Platform
Manage VMs and containers side-by-side in a single OpenShift console. One platform, one team, one toolchain — eliminating operational silos and the overhead of running two separate stacks.
Security & Compliance
Enterprise-grade RBAC, automated patch management, vulnerability scanning, and secure networking policies — built in, not bolted on. Purpose-built for regulated industries like financial services.
Application Modernisation
Containerise legacy applications at your own pace. OpenShift provides the platform to evolve monolithic workloads towards microservices — improving agility, scalability, and time-to-market without big-bang rewrites.
Operational Efficiency
GitOps-driven automation reduces manual ops work by up to 40%. Self-healing infrastructure, automated patching, and a single management pane streamline day-to-day operations for your IT team.
Customers Who Made the Move
Real-world results from organisations that chose OpenShift Virtualization
"After the Broadcom price hike we knew we had to act. OpenShift Virtualization let us consolidate VMs and containers on one platform — we cut licensing costs by 50% and passed our FCA audit with no findings."
"We modernised our core banking applications without a big-bang rewrite. OpenShift let us containerise legacy workloads alongside our VMs — moving from monolith to microservices at our own pace."
"Security and compliance were non-negotiable. Red Hat Advanced Cluster Security gave us automated PCI-DSS controls and real-time threat detection across every workload — VMs and containers alike."
Why OpenShift Over The Competition
Broadcom's acquisition of VMware has created a strategic inflection point. This is the moment to evaluate whether your platform choice still serves your long-term interests — or locks you in further.
Runs VMs and containers natively on the same Kubernetes cluster — one team, one toolchain
Predictable subscription pricing — no per-VM surprises, no Broadcom-style acquisition shocks
Built-in financial-grade security: RBAC, automated patching, vulnerability scanning, compliance reporting
Feature Comparison
| Capability | Recommended OpenShift Virt | VMware vSphere | Nutanix AHV |
|---|---|---|---|
| Kubernetes-Native Architecture | ✓ | ✗ | ~ Add-on |
| Open Source Core | ✓ | ✗ | ✗ |
| Multi-Cloud Portability | ✓ Full | ~ Limited | ~ Limited |
| Integrated GitOps / CI-CD | ✓ Built-in | ✗ | ✗ |
| AI / ML Workload Support | ✓ Native GPU | ~ Add-on | ~ Add-on |
| Vendor Independence | ✓ Full | ✗ Broadcom | ✗ Locked |
| RHEL-Optimised Performance | ✓ | ~ | ✗ |
| Live VM Migration | ✓ | ✓ | ✓ |
| Edge Computing (Single Pane) | ✓ | ✗ | ~ Limited |
| Predictable Licensing Model | ✓ Per Core | ✗ Per VM ↑↑ | ~ Per Node |
Modernise and Future-Proof Your Infrastructure
OpenShift isn't just a VM replacement — it's the launchpad for your application modernisation journey. Move legacy monoliths towards microservices, adopt cloud-native architectures, and remain competitive in an increasingly dynamic financial services market.
Four Pillars of Modern Value
Application Modernisation
Containerise legacy applications at your own pace — no big-bang rewrites. OpenShift bridges the gap between traditional VMs and cloud-native microservices on a single platform.
- Lift-and-shift VMs as the first step
- Containerise workloads alongside running VMs
- Evolve towards microservices incrementally
Enterprise Security & Compliance
For financial services, compliance isn't optional. OpenShift embeds security controls that map directly to PCI-DSS, SOX, and FCA requirements — with automated evidence collection and audit trails.
- Automated vulnerability scanning (ACS)
- RBAC and network policy enforcement
- Compliance Operator for PCI-DSS / SOX
Developer Velocity
Give developers self-service access to environments via GitOps. Platform engineering eliminates the ticket queue — teams go from commit to production with automated pipelines and no manual intervention.
- OpenShift Dev Spaces (cloud IDE)
- Tekton CI/CD pipelines built-in
- Developer Hub for self-service portal
Hybrid Cloud & Portability
Escape permanent vendor lock-in. The same OpenShift APIs run on-prem and on every major cloud — giving you genuine portability to burst capacity, reduce costs, or repatriate workloads as the business demands.
- ROSA (AWS), ARO (Azure), ROKS (IBM)
- Workload portability without refactoring
- ACM for unified multi-cluster governance
Proposed Architecture
A Kubernetes-native platform where virtual machines and containers coexist on the same compute layer — managed, secured, and observed through a single control plane.
Key Components
Key Capabilities
- Three-node etcd quorum ensures zero single-point-of-failure — survive any one master loss
- kube-apiserver enforces RBAC, admission webhooks, and audit logging for every mutation
- Scheduler places VMs across nodes via affinity rules, taints, and topology constraints
- Operator Lifecycle Manager (OLM) manages day-2 upgrades for all platform components
- Machine Config Operator applies OS-level changes (kernel args, certs) without downtime
Key Capabilities
- VirtualMachine CRD wraps QEMU/KVM for full hardware virtualisation at near-native performance
- virt-handler daemonset on each node manages VM lifecycle, health, and live migration initiation
- Live migration moves running VMs across nodes with zero downtime — maintenance without disruption
- Hugepages, CPU pinning, and NUMA topology awareness for latency-sensitive workloads
- Containerized Data Importer (CDI) handles VM image import, clone, and snapshot operations
Key Capabilities
- OVN logical routers and switches provide L2/L3 fabric — same network plane for VMs and pods
- Multus CNI attaches VMs to secondary networks (bridge, SR-IOV) for native VLAN integration
- NetworkPolicy enforces micro-segmentation between VM groups without external firewall rules
- MetalLB provides BGP or Layer-2 load balancing for bare-metal ingress
- EgressIP and EgressFirewall give deterministic outbound routing for compliance workloads
Key Capabilities
- Ceph RBD provides block volumes for VM disks — ReadWriteMany access mode enables live migration
- CephFS delivers shared file storage for multi-attach persistent volumes (RWX)
- Ceph Object Gateway (S3-compatible) stores VM images, backups, and container registries
- NooBaa multi-cloud gateway federates storage across on-prem and public cloud
- Scale capacity by adding OSD nodes — zero downtime, automatic data rebalancing
Key Capabilities
- Cold migration: VM powered off, VMDK converted to KubeVirt format via CDI import pipeline
- Warm migration: incremental disk sync while VM runs — only minutes of downtime at cutover
- Network and storage mappings preserve IP addressing, VLAN topology, and mount paths
- Migration plans group VMs into waves — validate pre-flight checks before each wave starts
- ForkliftController rolls back individual VMs or entire waves on failure — no irreversible steps
Key Capabilities
- ACM governs fleets of clusters — deploy policies, applications, and configs from a single hub
- ApplicationSet + Placement APIs push workloads to clusters matching label selectors automatically
- ACS embeds eBPF probes for syscall-level runtime threat detection across all VMs and pods
- Network Graph shows live L4/L7 flows — visualise exactly what talks to what, in real time
- Compliance Operator maps to CIS, NIST 800-53, PCI-DSS with automated evidence collection
Interactive Architecture Diagram
Fully editable — annotate, draw, and customise live during your presentation.
The Business Case: Lower Total Cost of Ownership
Switching to OpenShift Virtualization is a significant financial opportunity for your organisation. The Broadcom price hike has made the business case clear — use this model to quantify your specific savings.
Engineer Time Recovered via GitOps
OpenShift GitOps automates repetitive ops tasks — freeing your team for higher-value work.
Break-Even Timeline
Migration investment vs cumulative savings. Point where OpenShift pays for itself.
Your Migration Journey
A structured three-phase transition from VMware to OpenShift Virtualization — designed to validate at every step, minimise disruption to financial operations, and deliver measurable value from day one.
Three-Phase Migration Plan
Assessment & Planning
-
Infrastructure Discovery — Catalogue all VMs, workloads, network dependencies, and storage volumes across your data centres
-
Compliance Mapping — Document PCI-DSS, FCA, and SOX controls currently applied to each workload group
-
Business Criticality Scoring — Classify VMs by criticality to define safe migration wave order
-
OpenShift Cluster Design — Size the target cluster, plan network topology, and design storage classes with ODF
-
Cost-Benefit Analysis — Model 3-year TCO, project break-even timeline, and build internal business case
Pilot Project
-
Parallel Cluster Deployment — Stand up the OpenShift cluster alongside existing VMware — zero impact to production
-
50–100 VM Pilot Wave — Migrate a representative set of non-critical VMs using cold migration via MTV
-
Performance & Security Validation — Benchmark against existing VMware baseline; confirm ACS compliance controls active
-
IT Team Training — OpenShift administration, GitOps workflows, and day-2 operations for your infrastructure team
-
Stakeholder Sign-Off — Present pilot results to IT leadership and compliance before proceeding to full migration
Full Migration
-
Wave-Based VM Migration — Remaining VMs migrated in prioritised waves using cold and warm migration via MTV
-
Warm Migration for Critical Workloads — Incremental disk sync while VMs run — cutover window under 5 minutes for business-critical systems
-
VMware Licence Elimination — Decommission VMware hosts on a rolling schedule aligned with your Broadcom renewal date
-
GitOps Pipeline Adoption — Introduce ArgoCD and Tekton for ongoing VM and application lifecycle management
-
Run-Book & Handover — Full operational documentation and Red Hat TAM (Technical Account Manager) engagement for ongoing support
Your Modernisation Roadmap
Assessment & Planning
Infrastructure discovery, compliance mapping, cluster design, TCO business case
Pilot Project
50-VM proof of concept, live migration validation, team training, compliance sign-off
Full Migration
Wave-based migration of all VMs via MTV, VMware licence eliminated, OpenShift fully operational
Containerise & Modernise
Refactor legacy financial apps into containers, GitOps CI/CD live, developer self-service enabled
Cloud-Native & Hybrid
Microservices architecture, hybrid cloud burst to ROSA/ARO, full platform engineering model
What You Unlock After Migration
Application Modernisation Path
Begin containerising legacy financial applications alongside your running VMs. Evolve monoliths to microservices at a pace that suits the business — with no disruption to existing workloads.
Hybrid Cloud Flexibility
Burst workloads to ROSA (AWS), ARO (Azure), or IBM Cloud when demand spikes — then repatriate when it makes economic sense. True portability with no refactoring required.
Automated Compliance
The Compliance Operator continuously maps your infrastructure to PCI-DSS, FCA, and SOX controls — generating audit-ready evidence automatically. Compliance becomes a capability, not a project.
GitOps & Developer Velocity
Self-service developer environments, automated CI/CD pipelines via Tekton and ArgoCD, and a developer portal via Red Hat Developer Hub — dramatically accelerating time-to-market for new financial products.
Ready to Start Your OpenShift Journey?
Let's build your business case, validate the migration plan, and get your financial services organisation onto the platform that grows with you.