Continuous Compliance in Private Cloud: VMware Salt

In this episode of the Virtually Speaking Podcast, hosts Pete Flecha and John Nicholson welcome Vincent Riccio, VMware automation expert, for a deep dive into SaltStack automation and its role inside VMware Cloud Foundation (VCF) Advanced Services.

Vincent explains how SaltStack, delivered through VMware’s Advanced Cyber Compliance (ACC) service, brings powerful configuration management, state enforcement, and automated remediation to modern private cloud environments. We explore how SaltStack continuously maintains desired system states, detects drift, and automatically corrects issues in seconds — all at scale.

You’ll learn:
• How SaltStack’s master–minion architecture enables secure inbound-only communication
• The difference between configuration management and state management
• How the reactor + beacon system enables real-time automated drift remediation
• Built-in compliance and vulnerability scanning using CIS benchmarks
• Resource requirements for SaltStack appliances in lab and production environments
• Multi-language automation support with YAML, Python, and JSON
• Robust Windows management with WinRepo
• How SaltStack integrates into VMware’s broader automation and VCF advanced services ecosystem

Vincent also shares real-world insights into scaling SaltStack, Postgres database sizing, compliance scanning depth (including hundreds of Ubuntu security checks), and how this modular, Python-based platform helps customers automate faster, safer, and smarter.

If you’re exploring VCF automation, private cloud operations, or infrastructure-as-code, this is an episode you don’t want to miss.