Team!
It’s Sunday! Super Bowl Sunday, to be exact. And what better way to spend Super Bowl Sunday than to sit down at the computer and type up an article about VMware’s vSAN. Glad we’re on the same page with that one! For those that don’t know me, I love vSAN. I vouch for this product all the time. I’ve been using it since vSphere 6.0 and have probably deployed well over fifty clusters ranging from two-nodes from 5TB to 9+ with 300TB. It’s come a long way since its introduction into VMware’s arsenal and is just an all-around win, in my opinion. Easy to setup, deploy, and maintain. You get to reduce physical infrastructure footprint, rack space, cooling, and power consumption. You can make use of dedupe and compression, encryption, and now with vSAN 7.0, file services such as NFS and SMB (we’ll talk more about that in another article). I want to talk about a different enhancement that came along with vSphere 7.0.
Witness Appliance Resource Sprawl
As I previously mentioned, I’ve deployed a good amount of vSAN clusters. One company was putting two-node clusters in almost all their remote locations to replace antiquated supply chain management infrastructures. Well, much like any other type of two-node cluster you need that third medium to help with potential split-brain situations, whether is a shared quorum disk, file share, or even some point-to-point cabling. This is object, whatever it may be, is referred to as the cluster witness. I find it funny that I refer to them as two-node vSAN clusters because there’s technically no such thing (even though VMware labels it as a “Two-Node Cluster with a Witness”. The minimum node count for a vSAN cluster is three. “What’d he just say?” Yup! It’s true. That third node, however, can be a witness appliance, which doesn’t provide you additional compute or capacity. The witness node is a dummied down ESX install that runs vSAN components and only stores metadata. This appliance requires 2 IP addresses – one for management and one for vSAN traffic to/from the cluster it is a part of. The sizing depends on the amount of VMs and/or objects in the vSAN. Here’s a quick break down of the options:
| Name | Max VM Count | Max Object Count | vCPUs | RAM (GB) | Total Storage (GB) |
| Tiny | 10 | 750 | 2 | 8 | 37 GB |
| Medium | 500 | 21,000 | 2 | 16 | 372 GB |
| Large | 500 | 45,000 | 2 | 32 | 372 GB |
The catch with the witness appliance is that it had a 1:1 deployment ratio (one witness appliance per two-node vSAN cluster). Once you “attached” a witness to a cluster, that witness couldn’t be used again unless you removed it from the existing cluster first. Now let’s think about that for a moment. I mentioned that I had deploy oodles of vSAN clusters to a lot of remote sites. A decent portion were 2-nodes with a ranging number of VMs. If you do the math you can easily see that the amount of resources invested into the witness appliances can add up quickly. Ten remote sites, we’ll go with 5 small and 5 medium, equates to the following:
- 20 IP addresses
- 20 vCPUs
- 120 GB of RAM
- 2TB of storage (obviously we can thin provision to save here)
Can I Get *A* Witness?
A few years back I met with a few of the members (at the time) of VMware’s South Florida region Storage/HCI team. We were discussing the VMware’s plan to combat against the previous paragraph – resource sprawl due to witness appliances. They mentioned the “Global Witness” concept to me but had no date of availability for it. So, I waited, and waited, and waited. I checked in with reps and engineers that I knew every so often to see if there were any updates. One glorious day, vSphere 7.0 Update 1 was announced with this amazing feature called the “Shared Witness for 2-Node vSAN Deployments”. Now, the shared witness does have limitations of supporting a maximum of 64 2-node clusters and 64,000 witness components, or 1,000 objects per cluster. If for whatever reason you hit this capacity, you can just deploy another. Even if you wind up having two or even three of these, the savings in resources is amazing compared to the previous 1:1 restriction.
The Catch
Well, to be short and sweet, your vSAN cluster must be running vSAN 7 U1 to be able to make use of this feature. Once you meet that, you can click on the witness host that you’ve added to vCenter > Monitor tab > Under vSAN, click Two Node Clusters. Then, in the right pane, click “Assign to this witness”.
Your vSAN clusters will enumerate in the selection list and you and do a compatibility check by clicking the link at the bottom. As you can see below, these clusters are not compatible with the shared witness as they are running vSphere 6.7 Update 3. Not for long!
Thanks for reading. If you enjoyed the post make sure you check us out at dirmann.tech and follow us on LinkedIn, Twitter, Instagram, and Facebook!
References:
https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vmware-vsan-701-release-notes.html
Paul Dirmann (vExpert PRO*, vExpert***, VCIX-DCV, VCAP-DCV Design, VCAP-DCV Deploy, VCP-DCV, VCA-DBT, C|EH, MCSA, MCTS, MCP, CIOS, Network+, A+) is the owner and current Lead Consultant at Dirmann Technology Consultants. A technology evangelist, Dirmann has held both leadership positions, as well as technical ones architecting and engineering solutions for multiple multi-million dollar enterprises. While knowledgeable in the majority of the facets involved in the information technology realm, Dirmann honed his expertise in VMware’s line of solutions with a primary focus in hyper-converged infrastructure (HCI) and software-defined data centers (SDDC), server infrastructure, and automation. Read more about Paul Dirmann here, or visit his LinkedIn profile.
