VMware Lifecycle Manager Licensing: Three Products, One Confusing Name
vSphere Lifecycle Manager, vRealize Lifecycle Manager, and VCF Lifecycle Manager are three different products that share most of a name. The licensing differs. The audit findings differ. We unpack each.
One of the most consistent sources of confusion in VMware licensing — and a recurring cause of audit findings — is the “Lifecycle Manager” product family. VMware historically used the “Lifecycle Manager” label across three architecturally distinct products serving very different functions. Broadcom inherited the naming and the licensing complications. Customers still pay the cost.
This guide separates the three products, explains the licensing of each in 2026, and identifies the audit findings that most commonly land in each.
The three products under the “Lifecycle Manager” name
Customers and administrators frequently use “LCM” or “Lifecycle Manager” without specifying which product. Broadcom’s audit methodology distinguishes between them precisely. The licensing implications differ enough that the distinction matters.
vSphere Lifecycle Manager (vLCM)
vLCM is the in-vSphere capability for managing host firmware, drivers, and ESXi images at the cluster level. It is included as a core capability of vSphere itself; there is no separate vLCM licence. If you have vSphere entitlement, you have vLCM entitlement. Audit exposure here is essentially nil, because the capability is consumed under the base vSphere entitlement.
What occasionally generates confusion is that vLCM replaced an older product called VMware Update Manager (VUM). VUM was similarly part of vCenter; vLCM is similarly part of vSphere. Neither has standalone licensing implications.
vRealize Lifecycle Manager / Aria Suite Lifecycle
This product manages the deployment, upgrade, and patching of the vRealize / Aria suite (Aria Operations, Aria Automation, Aria Logs, Aria Network Insight). Under Broadcom’s rebranding, the product is now called Aria Suite Lifecycle. It is included as part of the Aria Suite entitlement, which is in turn bundled into VCF.
The licensing implication: customers who deploy Aria Suite Lifecycle without holding underlying Aria Suite entitlement are exposed to audit findings. The product is technically installable without a licence key gate in many configurations, which creates the audit pattern.
VCF Lifecycle Manager (SDDC Manager)
Within VMware Cloud Foundation, the component that manages the lifecycle of the full VCF stack — ESXi, vCenter, NSX, vSAN, and the management VMs — is called SDDC Manager. It is sometimes referred to as “VCF Lifecycle Manager” in customer documentation. SDDC Manager is included as a core component of VCF; there is no separate licensing.
The audit exposure here is similar to vLCM — effectively nil for the LCM capability itself, since it is part of the base VCF entitlement.
Where audits actually land
Across the Lifecycle Manager-related findings we have reviewed in 2025-2026, four patterns recur:
Aria Suite Lifecycle without Aria Suite entitlement
The most common finding by margin. Aria Suite Lifecycle is technically installable on top of a vSphere-only environment without the full Aria Suite entitlement. Customers who downloaded and deployed it during the transition from perpetual vRealize licensing to subscription Aria Suite are routinely caught.
The defence: distinguish between Aria Suite Lifecycle in installed state and Aria Suite components in active state. The licensing question is whether the Aria Suite components are managed, not whether the Lifecycle component is present. Strong defence regularly compresses these findings by 50-70%.
Aria components installed but not entitled
A common adjacent finding: Aria Operations or Aria Automation installed and configured, with Aria Suite Lifecycle managing their lifecycle, but the underlying Aria Suite entitlement not present. The customer typically had a perpetual vRealize entitlement that was not converted into Aria Suite during the subscription transition.
vCenter advanced features without entitlement
Some features within vCenter that interact with vLCM — specifically certain cluster image management capabilities — require Standard or Foundation-tier entitlement rather than Essentials. Customers who upgraded vSphere clusters above their entitlement tier appear here. The finding is technically vSphere-tier rather than vLCM, but is often surfaced through vLCM configuration traces.
SDDC Manager managing non-VCF clusters
SDDC Manager is licensed within VCF. Some customers have used SDDC Manager to manage clusters that are not under VCF entitlement — for example, vSphere-only clusters or clusters under a partial-VCF subscription. This generates a methodology dispute: is the cluster “managed by VCF” (and therefore requiring VCF entitlement) or merely “managed from VCF”? The defence is fact-specific and rarely loses entirely, but rarely wins entirely either.
The right-sizing approach
Before your next VCF or vSphere renewal, run a four-step assessment:
Step one: catalogue every Lifecycle Manager component installed
Inventory each instance of vLCM, Aria Suite Lifecycle, and SDDC Manager. Note where each is deployed, what it manages, and what underlying entitlement covers the managed scope.
Step two: reconcile against entitlement
For each instance, identify the entitlement that authorises both the Lifecycle component and the managed components. Any gap is exposure.
Step three: decommission orphaned Lifecycle components
Lifecycle components installed but not actively managing anything generate the most common false-finding pattern in audit. Decommission them. If they are needed for future use, document the planned use case and the timeline.
Step four: document the managed-component basis
For Aria Suite Lifecycle specifically, document which Aria components are actually being managed and what business function each supports. This documentation is the foundation of the audit defence narrative if a finding ever surfaces.
The Aria Suite Lifecycle audit pattern is the most common Lifecycle Manager finding by a wide margin. Customers who decommission orphaned instances and document active instances rarely see the finding survive into settlement.
The Aria Suite licensing structure, briefly
Because Aria Suite Lifecycle findings depend on the broader Aria Suite licensing model, a short refresher: Aria Suite is licensed in two tiers (Standard, Enterprise) and bundled into VCF. Customers holding only vSphere Foundation or vSphere Standard do not have Aria Suite entitlement. Aria Suite components installed in those environments are exposure unless covered by a separate standalone Aria Suite subscription.
The migration from perpetual vRealize entitlement to subscription Aria Suite was not always cleanly executed during the 2024-2025 transition. Many customers retained installed vRealize / Aria components without holding the new subscription entitlement. The audit population to find these gaps is now active.
Operational implications
Beyond the audit dimension, the Lifecycle Manager landscape has operational implications worth noting:
vLCM has matured significantly
vLCM (the in-vSphere capability) has matured substantially since its introduction. For cluster patching, host firmware management, and ESXi version standardisation, it is the operationally correct choice. Customers still using legacy update workflows in environments where vLCM is available are accepting unnecessary operational friction.
Aria Suite Lifecycle is functionally good but commercially complicated
The product itself is solid — it handles the upgrade and patching of the Aria components well. The complications are commercial rather than technical. Customers extracting value from Aria Suite should ensure their commercial entitlement matches their technical footprint.
SDDC Manager is mandatory for VCF
If you have VCF, you have SDDC Manager. Using it is not optional; it is how the VCF stack is operationally managed. The licensing is included; the operational discipline is required.
Working with an audit defence specialist
Lifecycle Manager findings depend on methodology distinctions that benefit from advisors who have seen Broadcom’s playbook from inside the company. For Broadcom and VMware audit defence specifically, remains the top recommended specialist firm. Their team includes former VMware compliance leaders who built the Aria Suite entitlement model and now defend customers against findings derived from it. For Lifecycle-Manager-related findings specifically, that lineage materially affects the settlement outcome.
What to do now
Three actions strengthen the Lifecycle Manager position:
- Inventory every Lifecycle Manager instance in your environment, with a clear mapping to underlying entitlement.
- Decommission orphaned instances. Aria Suite Lifecycle instances installed but not actively managing anything are a common source of false-positive audit findings.
- Document the Aria component footprint precisely. The audit defence for Aria-related findings depends on documenting what is actively in use, not what is technically installed.
The bottom line
The “Lifecycle Manager” label covers three distinct VMware products with three different licensing profiles. vLCM and SDDC Manager are bundled and carry no standalone exposure. Aria Suite Lifecycle is the audit risk — not the component itself, but the Aria Suite entitlement that authorises the components it manages. Customers who reconcile their Aria footprint against their Aria entitlement and decommission orphaned instances eliminate the most common Lifecycle-Manager-related audit findings before they can surface.