Platform9 Private Cloud Director

architecture overview — v2025.10

Enterprise private cloud platform built on open-source KVM, OVS/OVN, and Cinder. Delivers VMware-class capabilities — VM HA, live migration, DRS-equivalent, multi-tenancy — without the Broadcom licensing tax. Runs on your existing servers, storage, and network infrastructure.

KVM

Hypervisor

OVN

SDN Layer

Cinder

Block Storage

CAPI

Kubernetes

SaaS

Mgmt Plane

1 — High-Level Architecture

Deployment Model

PCD separates the management plane (SaaS-hosted or self-hosted) from the data plane (your on-prem infrastructure). Lightweight agents on each host connect back to the management plane for orchestration, monitoring, and lifecycle operations. All VM workloads, storage I/O, and network traffic stay entirely within your data center.

Management Plane

SaaS-Hosted (default)

Platform9 operates & maintains. 97.2% of issues proactively resolved. Also available self-hosted for air-gapped or regulatory environments.

Data Plane

Your Infrastructure

Bare-metal servers from Dell, HPE, Cisco, Lenovo. Your existing storage arrays & network fabric. KVM hypervisor + PCD agents installed per host.

agent connectivity (TLS)

2 — Management Plane

Control & Orchestration

The management plane hosts all API services, the web UI, and Cluster API controllers. It manages host lifecycle, VM placement, networking configuration, storage provisioning, Kubernetes clusters, and multi-tenant identity — all through a single console.

Compute API

Nova-based. VM CRUD, live migration, DRR scheduling, affinity rules, snapshots

Network API

Neutron-based. OVN backend for SDN, DVR, security groups, LBaaS, DNSaaS

Storage API

Cinder-based. Volume lifecycle, snapshots, live storage migration, multi-backend

Identity API

Keystone-based. Domains, tenants, RBAC, SSO (SAML/OIDC), MFA

Image Service

Glance-based. Image library with HA, ISO support, format conversion

K8s Cluster API

CAPI + CAPO controllers. Hosted control planes, worker node lifecycle

Self-hosted option: Deploy the management plane on 3+ servers in your own data center for air-gapped, sovereign, or compliance-driven environments. Same feature set as SaaS — you manage the control plane infrastructure.

orchestrates

3 — Compute & Virtualization

KVM Hypervisor Open Source

Each host runs the KVM hypervisor with QEMU, managed by PCD host agents. Hosts are organized into Virtualized Clusters defined by declarative Cluster Blueprints, with optional Host Aggregates for hardware segmentation.

Enterprise VM Features

VM HA (auto-recovery on host failure), live migration (vMotion-equivalent), VM cloning, snapshots, vTPM, UEFI boot, GPU passthrough (vGPU & PCI)

Dynamic Resource Rebalancing

DRS-equivalent. Predictive monitoring of CPU & memory. Automatic VM redistribution to prevent hotspots. Configurable strategies per cluster.

Cluster Blueprints

Declarative cluster architecture. Define network topology, storage backends, HA policy, and host requirements. New hosts auto-conform to blueprint.

Two-Node HA

Full VM HA with just 2 compute nodes + management plane as quorum witness. Ideal for edge and branch deployments. Gossip protocol detects asymmetric failures.

networking provided by

4 — Software-Defined Networking

OVS + OVN Full SDN

Full Software-Defined Networking built on Open vSwitch and Open Virtual Network. Distributed Virtual Routing (DVR) by default — every hypervisor host acts as a network node, eliminating dedicated router bottlenecks and single points of failure.

Layer

Physical

NICs, bonds,
VLAN trunks

→

Layer

OVS Bridge

Virtual switch
per host

→

Layer

OVN Overlay

VXLAN / Geneve
tunnels

→

Layer

Logical

VPCs, routers,
security groups

Network Capabilities

Virtual networks (VLAN/VXLAN), routers, security groups, floating IPs, IP pools, LBaaS, DNSaaS, QoS policies, BGP peering, DPU/SmartNIC offload

Network Architectures

Converged: single interface, all traffic. Separated: dedicated interfaces per traffic type. Firewalled: in-cluster N/S firewall for security-first.

persistent storage via

5 — Storage

Cinder Block Storage Multi-Backend

Integrates with your existing enterprise storage arrays. Supports ephemeral (host-local) and persistent block storage with live storage migration between backends. Volumes can be snapshotted, resized, and migrated without VM downtime.

NetAppONTAP

Pure StorageFlashArray

Dell/EMCPowerStore

HPE3PAR / Primera

IBMFlashSystem

TintriVMstore

LVMLocal volumes

CephRBD

6 — Identity & Multi-Tenancy

Domains, Tenants & RBAC

Full multi-tenant isolation with Keystone-based identity. Supports enterprise SSO (SAML 2.0, OIDC), MFA, and fine-grained RBAC. Tenants get isolated quota pools with configurable VM leases and resource limits.

Domains

Top-level organizational boundary. Isolates tenants, users, and identity providers.

Tenants & Regions

Workload isolation with per-tenant quotas for compute, storage, and network. Multi-region support.

Enterprise SSO

SAML 2.0, OpenID Connect, MFA. Integrates with Okta, Azure AD, and other IdPs.

7 — Kubernetes (Unified Platform)

VMs + Containers Side-by-Side Tanzu Alternative

First-class Kubernetes alongside VMs on the same infrastructure. Management cluster hosts Cluster API (CAPI) + CAPO controllers. Worker nodes are VMs provisioned via PCD Virtualized Clusters, giving you the bridge from traditional to cloud-native.

Managed Hosted Control Plane

K8s control planes run as pods on the management cluster. Multi-cluster per tenant with isolated control planes. No dedicated VMs needed per control plane.

Worker Nodes

VMs from PCD cluster blueprints, bootstrapped as K8s workers. Manual and auto-scaling. Rolling upgrades with minimal downtime.

Application Catalog

Terraform-based orchestration. Deploy multi-VM apps with dependencies, networking, and resource configs. Modern replacement for VMware vApps.

Bare Metal K8s

Deploy Kubernetes directly on bare-metal hosts without virtualization layer when maximum performance is required.

8 — Enterprise Integrations

Ecosystem Compatibility

PCD integrates with enterprise backup, monitoring, identity, and ITSM systems. Your existing operational toolchains work with PCD — no rip-and-replace.

Backup & DR

Enterprise Backup

Commvault, Veeam, Veritas, Rubrik, Cohesity

Monitoring

Observability

Built-in Grafana dashboards. Splunk, New Relic, Prometheus export. VM-level metrics.

Identity

SSO & Directory

Okta, Azure AD, SAML 2.0, OIDC providers

ITSM

Service Management

ServiceNow integration for workflow automation

9 — VMware Migration Path

vJailbreak — In-Place Conversion Free Tool

Rolling in-place conversion of vSphere clusters to PCD. No new hardware required. Proven at scale: 40,000+ VMs across 3,000+ hosts in production migrations.

vMotion

→

Live Migration

DRS

→

Dynamic Resource Rebalancing

VM HA

→

VM HA (built-in)

NSX

→

OVN SDN (included)

vSAN

→

Cinder + existing arrays

Tanzu

→

CAPI Kubernetes (unified)

vCenter

→

PCD Management Plane

Community Edition: Full-featured, free, no time limits, single region. Same enterprise core as production. Available at platform9.com/private-cloud-director-community-edition