VMware to Red Hat OpenShift Migration: How a Leading KSA Bank Cut Infra Costs & Accelerated Time-to-Delivery

Introduction: Why a VMware to OpenShift Migration Made Sense

A leading bank in Saudi Arabia faced a common challenge: rising VMware licensing costs and slow delivery times for new digital products. It took weeks to provision new environments, capacity planning was a manual chore, and every change window carried significant risk.

To modernize its infrastructure, the bank decided on a VMware to Red Hat OpenShift migration. The goal was to achieve cloud-native agility, enable scalable operations, and enforce stronger governance that met strict local regulations, including PDPL, NCA ECC, and SAMA requirements.

Client Context & Goals

• Sector: Banking in Saudi Arabia, a highly regulated and security-focused industry.
• Key Drivers: Lowering operational costs, speeding up environment provisioning, and creating a consistent platform for both traditional virtual machines (VMs) and modern containerized applications.
• Must-Haves: Strict data residency, comprehensive encryption, robust identity and access management (IAM/RBAC), centralized logging for security monitoring (SIEM), and a fully auditable change control process.
• Primary Outcomes: Reduce ongoing infrastructure expenses, accelerate product release cycles, and create a more secure, stable operating environment.

The Migration Strategy

Senior consultants were brought in to create a structured assessment and a clear roadmap for the migration.

• TCO & Readiness Assessment: The first step was to take a full inventory of the existing VMware workloads, map their dependencies, and establish performance baselines. This data was used to create a 3-year Total Cost of Ownership (TCO) comparison.
• Platform Choice: The bank chose Red Hat OpenShift Virtualization. This allowed them to run both containers and VMs on a single, unified platform, reducing vendor lock-in and standardizing their tools.
• Architecture: A hybrid model was selected, using both on-premise infrastructure and a regional cloud. OpenShift Virtualization was used for legacy VMs, while new services were built using containers.
• Controls & Compliance: The architecture was designed to meet KSA’s strict regulations. This included data classification, end-to-end encryption, Single Sign-On (SSO) with Role-Based Access Control (RBAC), and policy-as-code for automated governance.
• Execution Plan: A “wave-based” migration plan was developed. This approach involved moving applications in controlled groups, starting with pilots and incorporating clear go/no-go decision points and rollback plans.

Why OpenShift: It provided a single platform for VMs and containers, offered enterprise-grade security, had a proven ecosystem of tools, and created a strategic exit from VMware that balanced risk with speed.

The Migration Journey (4 Phases)

Phase 1: Discovery & Assessment

• Inventory and Mapping: An automated discovery process cataloged all VMs, their operating systems, application stacks, and data flows. This information was used to create dependency graphs to group applications for migration.
• Performance Profiling: Baselines for CPU, memory, storage IOPS, and network usage were captured to correctly size the new OpenShift clusters and define storage requirements.
• Risk Assessment: A heatmap was created to identify compliance, disaster recovery (DR), and operational risks, forming a backlog of items to address.
• Business Case: A clear TCO model was built, along with a wave plan that prioritized migrating workloads with the highest return on investment.

Phase 2: Pilot Migration & Proof of Concept

• Pilot Scope: A low-risk internal business application (composed of a VM and supporting services) and one customer-facing microservice were selected for the pilot.
• Landing Zone: A secure OpenShift environment was built, complete with GitOps pipelines for automation, image scanning, secret management, and SSO/RBAC.
• PoC Results: The pilot successfully validated the VM import process using OpenShift Virtualization. It also confirmed the setup for golden images, storage classes, and network policies. For the pilot teams, provisioning time was reduced from weeks to hours.
• Acceptance Gates: Before moving forward, all security controls were verified, a DR runbook was drafted, and a full rollback rehearsal was completed.

Phase 3: Full-Scale Migration & Integration

• Wave-Based Execution: Applications were migrated in sequenced groups based on their dependencies and business priority. Blue/green deployment strategies were used where possible to minimize downtime.
• Data Migration: Both hot and cold data migration methods were used, with strict integrity checks to ensure data parity. Change windows were kept to a minimum.
• Tooling Integration: The new platform was integrated with existing CI/CD pipelines, container registries, monitoring dashboards, and automated compliance tools.
• Service Mesh & Policies: A service mesh was implemented to enforce east-west traffic encryption (mTLS) and apply zero-trust security principles using policy-as-code.
• Coexistence: While some legacy VMs were migrated to run on OpenShift Virtualization, application teams began the process of containerizing services for modernization.

Phase 4: Optimization & 24/7 Managed Operations

• Right-Sizing & FinOps: Continuous monitoring was implemented to tune resource requests and limits, enable autoscaling, and optimize storage tiers to prevent over-provisioning and control costs.
• SRE Practices: Site Reliability Engineering (SRE) principles were adopted, including defining SLOs, managing error budgets, and maintaining detailed runbooks. Monthly DR drills were conducted to ensure readiness.
• Team Enablement: Targeted training and certification paths were provided for the platform, security, and application teams to build internal expertise.
• Managed Services: 24/7 support, regular health checks, and a continuous improvement backlog were established to maintain a healthy and optimized platform.

Security, Compliance & Governance (KSA)

• PDPL: Data classification, residency controls, encryption in transit/at rest, consent/audit readiness.
• NCA ECC & SAMA: RBAC/least privilege, logging/SIEM with retention, vulnerability management, change management with approvals, DR/RTO-RPO drills.
• Evidence Packs: Automated reports (access changes, policy drift, patching, backup success) for internal/external audits.

Architecture Snapshot (High-Level)

• Platform: Red Hat OpenShift—containers and VMs on one hybrid cloud virtualization platform
• Networking: Namespaces, network policies, service mesh (mTLS), private ingress/egress controls
• Storage: Performance and capacity classes (RWO/RWX), snapshots, backup integration, encryption
• Identity & Policy: SSO (IdP), fine-grained RBAC, secrets management, policy-as-code
• Observability: Central dashboards (metrics/logs/traces), app SLOs, synthetic checks

Key Metrics & Outcomes (Directional)

• Infrastructure Cost Savings: An estimated 30–45% cost reduction compared to the previous VMware footprint, driven by hardware consolidation and resource right-sizing on OpenShift.
• Provisioning Time: New development environments can now be provisioned in hours or minutes, down from weeks.
• Platform Availability: The new platform achieves “three-nines” (99.9%) availability thanks to its multi-AZ design and automated failover capabilities.
• Developer Agility: The release cadence for new features increased 2–3x due to standardized CI/CD pipelines and self-service automation.
• Operational Risk Reduction: The number of incidents related to changes decreased significantly, thanks to GitOps workflows and rehearsed rollback procedures.

Lessons Learned

• Start with a clean landing zone. Lock in security, networking, and storage patterns before scaling.
• Prove it with a pilot. Use PoC results to refine templates, quotas, and controls.
• Keep VMs where they make sense. Use OpenShift Virtualization migration to avoid “big-bang” rewrites.
• Automate evidence. Treat audits as a running system, not a one-off project.
• Invest in enablement. Skills, certification, and internal champions accelerate adoption.

Conclusion — Ready for what’s next

This VMware to Red Hat OpenShift migration provided the bank with a compliant, scalable, and cost-effective platform. By running VMs and containers side-by-side, the bank can now accelerate delivery while modernizing its application portfolio at its own pace. With robust SRE and FinOps practices in place, the organization is well-positioned to launch new products faster and confidently meet all regulatory requirements in Saudi Arabia.