Tag Archives: VMware

VMware Private AI: Secure, Scalable AI Adoption for Healthcare

Posted on by
Reply

Demand for artificial intelligence (AI) is nearly universal with approximately 98% of healthcare executives reporting a desire to implement or expand AI capabilities, yet most remain stalled at the starting line. The barrier is not a lack of ambition, but rather the complexity of execution. Fragmented platforms, unclear procurement pathways and the difficulty of integrating AI with sensitive patient data have made deployment feel out of reach for many care teams. Broadcom’s VMware Private AI, now natively embedded within VMware Cloud Foundation (VCF) 9, is designed to change that equation.

From Add-On to Foundation: The VCF 9 Integration

The most significant architectural shift in Broadcom’s AI strategy over the past year is the evolution of VMware Private AI from a standalone service into a core component of the platform. With VCF 9, organizations that already hold VCF licensing have immediate access to Private AI capabilities without separate procurement or added complexity.

This shift is especially meaningful for healthcare IT leaders tasked with balancing innovation and compliance in highly regulated environments. By embedding AI capabilities directly into the foundational infrastructure layer, VMware Private AI eliminates the “moving parts” that have historically made AI deployments costly and unpredictable. Healthcare organizations can now activate and govern AI workloads within an environment they already operate and trust.

Five Components Built for Production-Ready AI

VMware Private AI is organized around five functional pillars, each designed to address a specific stage of the AI lifecycle, from model governance to real-world deployment:

  • Model Store: A secure repository where models are curated, tested and governed before entering production, ensuring only validated and policy-compliant models used in clinical or administrative environments.
  • Service Infrastructure: Templatized deep learning virtual machines (VMs) that can be provisioned on demand, accelerating deployment timelines while maintaining standardization and security controls.
  • Model Runtime: The generative AI (GenAI) execution layer handles active model inference, forming the operational core of the Private AI environment.
  • Model Insights and Action: Tools that support model interaction, response logic and fine-tuning, enabling teams to continuously refine AI performance using real operational data.
  • Vector Databases with Retrieval Augmented Generation (RAG): Instead of retraining base models with proprietary data, RAG enables AI systems to retrieve and reference internal knowledge in real time, delivering accurate, contextually relevant outputs without exposing sensitive data externally.

Keeping Healthcare Data Where It Belongs

Data sovereignty remains a non-negotiable priority in healthcare. Patient records, clinical notes and operational data are governed by strict regulatory requirements, and any AI solution that routes this information through public cloud services or third-party providers introduces significant compliance risk.

VMware Private AI addresses this directly through its RAG-based architecture. By connecting AI models to internal data sources—including SharePoint repositories, local file systems and internal databases—and processing information within the organization’s own infrastructure, the solution ensures that sensitive data never leaves the controlled environment. Documents are segmented into discrete chunks that the model can reference contextually, producing outputs grounded in the organization’s actual knowledge base rather than generic training data.

Additionally, new observability tools provide administrators with real-time visibility into model health, capacity utilization and Application Programming Interface (API) access patterns, supporting both operational continuity and security monitoring.

Healthcare Use Cases: From Clinic to Back Office

 VMware Private AI supports a broad range of healthcare applications across four primary domains:

  • Clinical Decision Support: AI-assisted tools that help clinicians navigate complex case data supports precision medicine and population health initiatives.
  • Administrative Automation: Automated documentation, clinical annotation and digital chat assistance for care teams reduces clerical burden, staff burnout and documentation backlogs.
  • Patient Engagement: AI-powered digital assistants that guide patients through post-discharge treatment plans improve adherence and reduce readmission risk.
  • Operational Efficiency: Predictive maintenance for medical equipment and AI-driven resource allocation optimizes capacity management for healthcare systems.

The broader vision is a shift toward ambient intelligence, AI that monitors, learns and assists in real time without requiring manual prompting, freeing care teams to focus on patients and less on administrative systems.

A Practical Framework for Getting Started

Not all AI use cases offer the same balance of value and implementation complexity. Broadcom recommends a prioritization framework that evaluates each potential application against two key dimensions:

  • The value delivered to patients or the organization
  • The complexity required for deployment

By starting with high-value, low-complexity use cases, such as administrative automation or patient communication, organizations can build momentum, demonstrate Return on Investment (ROI) and develop internal expertise before advancing to more complex clinical applications.

This phased approach reflects a broader evolution in healthcare AI. It is no longer confined to research environments; it is now an operational capability. Organizations that approach AI with deliberate governance, clear prioritization and secure foundational infrastructure will be best positioned to realize its full potential.

Explore how VMware’s Private AI capabilities can support your organization’s clinical and operational goals.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including VMware, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Building a DevSecOps Culture

Posted on by
Reply

As software becomes more sophisticated, it plays an increasingly important role in all aspects of government operations. However, given the complexity and intertwined nature of modern software, any vulnerability could have wide-ranging consequences, which makes security of vital importance. The federal government has taken notice. A number of recent policy directives address issues related to the software supply chain, and key agencies are leading a governmentwide effort to promote secure software development, including the Executive Order on Transforming Federal Customer Experience and Service Delivery to Rebuild Trust and the Executive Order on Improving the Nation’s Cybersecurity. Learn how you can implement DevSecOps to support your journey to secure, innovative software in Carahsoft’s Innovation in Government® report.

 

The Mindset Shift that Enables DevSecOps

“In an ideal world, technology and processes support team members’ ability to deliver on their particular talents. Before agencies implement DevSecOps methodologies, they should identify where their processes are getting bottlenecked and forcing people to either work around them or fundamentally change their behavior. Instead, we want to make it easy for employees to do the right thing. The goal is to enable people to focus on what they do best — regardless of where they operate in the stack or the tools they are using — so that agencies can build and deploy secure, modern apps.”

Read more insights from Alex Barbato, Public Sector Solutions Engineer at VMware.

 

How Generative AI Improves Software Security  

Carahsoft FCW July DevSecOps Blog Embedded Image 2023“Generative AI tools are becoming increasingly prevalent, providing interactive experiences that captivate the public’s imagination. These tools are accessible to anyone, offering a unique opportunity to engage and explore the creative possibilities enabled by AI technology. The technology doesn’t just train a model to recognize patterns. It can create things that are easy to understand: images, text, even videos. Sometimes the results are hilariously wrong, but other times the results are quite impressive, such as clear, concise answers to complex questions. Generative pre-trained transformer (GPT) technology, such as ChatGPT, has opened the doors for everyone to be an evaluator because the output is accessible and easy to critique.”

Read more insights from Robert Larkin, Senior Solutions Architect at Veracode.

 

Open Source is at the Heart of Software Innovation

“Embedding security into applications from the start is essential for streamlining and strengthening the entire development life cycle. Securing the software supply chain is a related effort that is of vast importance to government operations. Beyond securing individual applications, the ultimate goal is to build security into the pipeline itself. At each step and every handoff, we must be able to verify who has touched the software and who did what to ensure that the end result is what we intended to build and that nothing malicious has been injected along the way.”

Read more insights from Chris Mays, Staff Specialist Solutions Architect at Red Hat.

 

DevSecOps Needs Tool Diversity and Collaboration

“As DevSecOps methodologies and software factories grow in prevalence, agencies are recognizing that software development is a team sport — inside the agency, across departments and with external stakeholders. It touches many different teams, but getting everyone on the same page with tooling can be difficult. Different teams prefer different tools, and that makes collaboration hard. Modern software development brings security practices forward in the timeline while reducing duplication of efforts and improving real-time accountability. Success hinges on removing blockers, creating visibility and making sure collaboration is happening at every stage. In addition, encouraging input from different areas of the organization from the beginning and throughout development is vital for innovation.”

Read more insights from Ben Straub, Head of Public Sector at Atlassian.

 

Observability Speeds Zero Trust and Application Security

“In response to increasing cyberthreats, the government is speeding up the move to zero trust. This security model assumes that every user, request, application and non-human entity is not to be trusted until its identity can be verified. Zero trust principles require a layered defense that is more effective when rooted in observability. To develop an architecture that validates and revalidates every entity on the network, it is necessary to know what those entities are, how they’re communicating and how they typically behave so we can recognize deviations. Zero trust and observability technologies work together to create a more secure and resilient network environment by assuming that all requests for access are untrusted and continuously monitoring the network to detect and respond to potential threats.”

Read more insights from Willie Hicks, Public Sector Chief Technologist at Dynatrace.

 

The Role of a Service Mesh in Zero Trust Success

“For large companies and government agencies, it’s safe to assume that a committed attacker is already inside their networks. Executive Order 14028 mandates that every federal agency develop a Zero Trust architecture because it is the most effective approach to mitigating what attackers can do once they’ve made their way inside. What does Zero Trust look like at runtime? One of the key considerations is identity-based segmentation, which involves conducting five policy checks for every request in the system: encrypted connection between service endpoints, service authentication, service-to-service authorization, end user authentication, and end user-to-resource authorization.”

Read more insights from Zack Butcher, Founding Engineer at Tetrate and co-author of the NIST SP 800-200 series and SP 800-207A.

 

AI and the Journey to Secure Software Development

“By automating and optimizing DevSecOps workflows, we can still shift security left while relieving developers from the burden of some complex remediation. It begins with a workflow that leverages fully automated security scanning to rapidly identify vulnerabilities as well as providing suggested remediation for vulnerabilities and on-demand remediation training to educate developers on what they are getting into. The rapid evolution of artificial intelligence is making new advances possible. The opportunities go well beyond AI-assisted code creation. AI features are being expanded across the entire software development life cycle. When it comes to security, having AI assist by making code functionality clear or explaining a vulnerability in detail reduces the time required to remediate risk.”

Read more insights from Joel Krooswyk, Federal CTO at GitLab.

 

Scaling App Development While Meeting Security Standards

“The dream for any software development team is constant, stable releases. The faster teams get the work they’ve created into production, the faster the agency can derive value from that work. When app development is stymied by cumbersome security reviews and stability testing and by the need to wait for a deployment window, innovation is stifled and the return on investment is delayed. If agencies want to have efficient, value-driving software development teams, those teams must be able to move with agility. A trustworthy, scalable DevOps pipeline that brings together testing and security in a seamless way allows teams to push out new apps and improvements quickly so government employees and citizens can have a seamless digital experience and the most up-to-date tools and information.”

Read more insights from Kyle Tobener, Head of Security and IT at Copado.

 

Join us in-person for our must-attend DevSecOps Conference—an exciting day of exhibits, speaking sessions, and networking events. We look forward to showcasing new DevSecOps updates from our supporting panels featuring government, systems integrators, and industry thought leaders.

Download the full Innovation in Government® report for more insights from DevSecOps thought leaders and additional industry research from FCW.

Making the Most of MultiCloud

Posted on by
Reply

Experts make a clear distinction between hybrid and multicloud environments. The General Services Administration’s MultiCloud and Hybrid Cloud Guide notes that a multicloud architecture reflects the deliberate integration of services from multiple cloud service providers. By contrast, a hybrid architecture integrates public cloud, private cloud and on-premises infrastructure.

In a recent pulse survey of FCW readers, 49% of respondents said their agencies rely on hybrid cloud environments that combine public and private clouds with on-premises systems, and 39% said their cloud environments were based on private clouds. Only 8% identified themselves as multicloud. Multicloud environments are the natural evolution of the government’s move to the cloud. As technologies become more targeted and sophisticated, it is clear that a single product cannot meet all agency needs. Multicloud represents a highly individualized, fluid approach to capitalizing on everything cloud has to offer. Regardless of where they are on their journeys, agencies continue to benefit from advances in cloud technology. That’s because the same spirit of innovation that gave rise to the cloud is giving rise to new solutions for securing and managing cloud environments. Learn how your agency can determine an optimal cloud strategy in Carahsoft’s Innovation in Government® report.

 

How the Mission Drives MultiCloud Success

IIG FCW MultiCloud JanFeb Blog Embedded Image 2023“For government agencies, security is a key consideration when adopting cloud technologies. The latest solutions can actually help agencies improve their security posture because of the specialized and deep focus that cloud providers bring to their mission of providing scalable and secure compute, network and storage infrastructure. At Google, we take a defense-in-depth approach to security and have over 1,000 professionals whose sole job is to ensure the security of our customers’ data and systems. They have made it their mission to prevent bad actors — whether people, companies or nation-states — from accessing customers’ data.”

Read more insights from Scott Frohman, Head of Defense Programs at Google Cloud.

 

Choosing the Right Cloud Tool for the Job  

“Adding multicloud environments into an agency’s IT portfolio does come with challenges. In particular, it can create complexity for security teams that must protect the agency’s identities, devices, data, applications and infrastructure. Traditional cybersecurity tools weren’t designed for multicloud environments, and it can be difficult to transition from existing tools to platform-specific and cloud-native ones, but doing so is essential for taking full advantage of cloud’s market-leading security capabilities.”

Read more insights from Jason Payne, CTO at Microsoft Federal.

 

Seamlessly Embracing a MultiCloud Environment

“Choosing the right cloud solutions can be a daunting task, but knowing what steps to take can significantly streamline the process. Agencies should begin by clearly identifying their business and functional requirements and considering their security needs. Doing so will make it possible to evaluate which cloud service provider (CSP) is positioned to offer the best capabilities for the best cost. Throughout the process, agencies should keep in mind that enterprise data is their single most important asset.”

Read more insights from James Donlon, Director of Solution Engineering for Government and Education at Oracle.

 

The Move to MultiCloud by Default  

“Automation is essential for multicloud management. Agencies can begin by automating activities and sharpening their skills in their own data centers. Once government IT professionals work with a platform to automate activities in the data center, they can then automate deployments to various clouds and make the process as efficient as possible. When automation is done correctly, agencies also give themselves the ability to move workloads smoothly between environments, whether they want to bring a workload back into the data center or move it to another cloud. The fact that the workload was built on an automation platform means agencies are already a step ahead when it comes to getting that deployment done and reaping the benefits of a multicloud environment.”

Read more insights from Adam Clater, Chief Architect of the North America Public Sector at Red Hat.

 

A Smarter Approach to Cloud Adoption

“The cloud-smart strategy is to migrate then modernize most workloads because the speed of cloud adoption and the consolidation of operating constructs is crucial. Such an approach also reduces costs, migration manpower and training burdens. In fact, most workloads can move to the optimized cloud of choice as-is if the right abstraction and workload management capabilities are employed. Once applications are in the cloud, they are easier to modernize.”

Read more insights from Jeremiah Sanders, Senior Transformation Strategist at VMware.

 

Download the full Innovation in Government® report for more insights from these cloud thought leaders and additional industry research from FCW.