vSAN Frequently Asked

Questions (FAQ)
November 20, 2017

Copyright 2017 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

Table of Contents

1. vSAN FAQ
1.1.Introduction
1.2.Architecture
1.3.Availability
1.4.Security
1.5.Performance
1.6.Operations

Copyright 2017 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

1. vSAN FAQ
.

Copyright 2017 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

1.1 Introduction

This document provides answers to frequently asked questions (FAQ) regarding VMware vSAN.
vSAN is enterprise-class storage for hyper-converged infrastructure (HCI). Native to the VMware
vSphere hypervisor, vSAN delivers ash-optimized, secure storage. It utilizes commodity x86 server
components to lower costs up to 50% versus traditional server and storage array architectures.

Seamless integration with vSphere and the VMware ecosystem makes it the ideal storage platform for
business-critical applications, disaster recovery sites, remote oce and branch oce (ROBO)
implementations, test and development environments, management clusters, security zones, and
virtual desktop infrastructure (VDI). Today, customers of all industries and sizes trust vSAN to run their
most important applications.

1.2 Architecture

What are the hardware requirements for running

vSAN?
vSAN requires at least two physical servers congured with hardware that is in the VMware
Compatibility Guide for Systems/Servers and VMware Compatibility Guide for vSAN . Using hardware
that is not certied may lead to performance issues and/or data loss. The behavior of non-certied
hardware cannot be predicted. VMware cannot provide support for environments running on non-
certied hardware.

A vSAN cluster must have at least two physical hosts with local storage devices dedicated to vSAN. A
vSAN cluster containing hosts with magnetic drives in the capacity tier is commonly called a hybrid
cluster or conguration. A cluster with hosts containing ash devices in the capacity tier is referred to
as an all-ash cluster or conguration.

Hosts participating in a vSAN cluster must be connected to the network using at least one network
interface card (NIC). Multiple NICs are recommended for redundancy. Hybrid vSAN congurations can
use 1Gb or higher networks although 10Gb or higher is recommended. All-ash vSAN congurations
require 10Gb or higher networks. Multicast network trac is required for vSAN 6.5 and previous
versions. vSAN 6.6 and newer versions do not require multicast network trac.

Cluster Size
A vSAN cluster supports any number of physical hosts from two up to a maximum of 64 hosts in a
cluster. Multiple clusters can be managed by a single VMware vCenter Server instance. vSAN 2-node
congurations have two physical hosts. A stretched cluster can have up to 30 physical hosts (15 at
each site).

Hardware Deployment Options

A vSAN ReadyNode is an x86 server, available from all the leading server vendors, which is pre-
congured, tested, and certied for vSAN. vSAN ReadyNodes provide an open, exible approach
when considering deployment methods. Organizations can continue to use their server vendor(s) of
choice. Each ReadyNode is optimally congured for vSAN with the required amount of CPU, memory,
network, I/O controllers, and storage devices.

Turn-key appliances such as Dell EMC VxRail provide a fully integrated VMware hyper-converged
solution for a variety of applications and workloads. Simple deployment enables customers to be up
and running in as little as 15 minutes. Dell EMC VxRack SDDC powered by VMware provides an easy
path to a VMware software-dened data center supporting a wide variety of enterprise workloads.

Copyright 2017 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

Custom congurations using jointly validated components from all the major OEM vendors is also an
option. The vSAN Hardware Quick Reference Guide provides some sample server congurations as
directional guidance. All components should be validated using the VMware Compatibility Guide for
vSAN.

What is a vSAN disk group?

The ash device in the cache tier and the capacity device(s) are collectively known as a disk group.
Each host has a minimum of one up to a maximum of ve disk groups. Each disk group consists of
exactly one cache device and a minimum of one up to a maximum of seven capacity devices.

Can I mix all-ash disk groups and hybrid disk

groups in the same host or cluster?
Mixing disk group types (all-ash and hybrid) is not supported. This complicates operational aspects
such as balancing workloads, synchronizing components, and capacity management. All hosts in the
cluster must be congured with the same type of disk groups (hybrid or all-ash).

What are the software requirements for running

vSAN?
vCenter Server is required to congure and manage a vSAN cluster. vSAN is native to the VMware
vSphere Hypervisor. There is no need to install additional software or deploy storage controller
virtual appliances to every host in the cluster as commonly found in other hyper-converged
infrastructure (HCI) solutions. vSAN is enabled in a matter of minutes with just a few mouse clicks in
the vSphere Web Client.

Witness Host Virtual Appliance

In certain implementation scenarios such as a vSAN stretched cluster and 2-node congurations, the
deployment of a witness host virtual appliance is required to provide resiliency against "split-brain"
scenarios. This virtual appliance is easily deployed using an OVA le provided by VMware. The witness
virtual appliance is a pre-congured virtual machine (VM) running vSphere.

How much memory is required in a vSAN host?

Hosts participating in a vSAN cluster should be congured with a minimum of 32GB of RAM. Higher
amounts of RAM are recommended depending on application requirements, VM-to-host consolidation
ratio goals, and other factors. More information can be found in Understanding vSAN 6.x memory
consumption (2113954) .

Copyright 2017 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

What are the processor requirements for vSAN

hosts?
Processors in the VMware Compatibility Guide for Systems/Servers must be used in supported
congurations. vSAN typically uses less than 10% of CPU resources on a host. The use of vSAN space
eciency features such as deduplication and compression can increase CPU utilization by
approximately 5-10%. vSAN is supported with hosts that have a single CPU. Hosts with multiple CPUs
are recommended for redundancy, performance, and higher VM-to-host consolidation ratios.

Why does vSAN require a ash device for the

cache tier?
The ash device in the cache tier of each disk group is used as a write buer in all-ash vSAN
congurations. These cache devices are typically higher-endurance, lower-capacity devices. Data is
de-staged from the cache tier to the capacity tier. Capacity tier devices are more commonly lower-
endurance, higher capacity ash devices. The majority of reads in an all-ash vSAN cluster are served
directly from the capacity tier. An all-ash conguration provides a good balance of high performance,
low latency, endurance, and cost-eectiveness.

The ash device in the cache tier of a hybrid vSAN conguration is used for read caching and write
buering. 70% of the capacity is allocated for read cache and 30% for buering writes. Data is de-
staged from the cache tier to the capacity tier. The ash device in the cache tier enables very good
performance for a hybrid conguration.

Can vSAN use traditional VMFS or NFS datastores?

vSAN is a shared object datastore that is created using local storage devices in each host of the
cluster. It does not support the use of other shared storage types such as SAN and NAS.

Does vSAN use VMware vSphere Virtual Volumes?

VMware vSphere Virtual Volumes is designed for use with external storage arrays. vSAN uses local
disks to create a shared datastore. Virtual Volumes and vSAN can be used in the same cluster and both
provide the benets of storage policy-based management .

Can I use existing SAN and NAS storage in the

same cluster as vSAN?
Yes, vSphere can access and use traditional VMFS and NFS datastores with vSAN and vSphere Virtual
Volumesall in the same cluster. If your SAN or NAS solution is compatible with vSphere Virtual
Volumes, management is easier and more precise as storage policies can be used to manage all of
your storage on a per-VM basis.

Copyright 2017 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

In most cases, vSphere Storage vMotion can be used to migrate VMs between these various datastore
types. This feature makes it easy to migrate existing workloads when there is a need to perform
maintenance or retire and older storage solution. The rst part of this click-through demo shows how
simple it is to migrate VMs to a vSAN datastore using vSphere Storage vMotion: Migrating VMs to
vSAN .

Where can I nd guidance on sizing a vSAN

cluster?
To evaluate an existing environment for migration to vSAN, the vSAN Assessment tool , and Dell
Performance Analysis Collection Kit (DPACK) are recommended options. It is best to request
assistance with an assessment from your preferred VMware reseller. Data collected can be used along
with the vSAN ReadyNode Sizer to help determine suitable vSAN ReadyNode server congurations.
Additional guidance can be found in the vSAN Design and Sizing Guide .

What is "slack space" and why do I need it?

vSAN slack space is free space that is set aside for operations such as host maintenance mode data
evacuation, component rebuilds, rebalancing operations, and VM snapshots. Activities such as
rebuilds and rebalancing can temporarily consume additional raw capacity. Host maintenance mode
temporarily reduces the total amount of raw capacity a cluster has. This is because the local drives on
a host that is in maintenance mode do not contribute to vSAN datastore capacity until the host exits
maintenance mode. The recommendation is 25-30% slack space when designing and running a vSAN
cluster. For example, a vSAN datastore with 20TB of raw capacity should always have 5-6TB of free
space available for use as slack space. This recommendation is not exclusive to vSAN. Most other HCI
storage solutions follow similar recommendations to allow for uctuations in capacity utilization
without disruption. See this blog article for more information: vSAN Operations: Maintain Slack Space
for Storage Policy Changes

Are there recommendations for vSAN network

connectivity?
The vSAN Network Design guide contains more information and recommendations for network
connectivity in a vSAN cluster. Also, see the vSAN Stretched Cluster Bandwidth Sizing guide for
information specic to stretched clusters.

What is network multicast used for in vSAN 6.5 and

earlier versions?
Multicast is used primarily for vSAN metadata updates such as object creation and status changes. It is
also used for automatic discovery of new nodes. Recent advances in network and CPU technologies
along with updates in vSAN 6.6 and newer versions remove the dependency on multicast. This change
simplies deployment of vSAN in on-premises and cloud environments.

Copyright 2017 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

Do NIC teaming solutions improve performance?

Generally speaking, NIC teaming can provide a marginal improvement in performance, but this is not
guaranteed. The complexity and additional expense rarely justify the use of NIC teaming for the vSAN
network. More details can be found in the vSAN Networking Design guide .

Can I add a host that does not have local disks to a

vSAN cluster?
A host with no local storage can be added to a vSAN cluster. Note that all hosts in a vSAN cluster
require vSAN licensing to use the vSAN datastore regardless of whether they contribute storage to the
vSAN datastore.

Is it possible to deploy a vCenter Server Appliance

(VCSA) to a single host when building a new vSAN
cluster?
With the release of vSAN 6.6, the VCSA deployment wizard includes the ability to claim disks and turn
on vSAN on a single host. This enables administrators to deploy vCenter Server to a new environment
where vSAN will be the only datastore. This deployment option is typically referred to as "Easy Install".

Can I mix dierent hosts, controllers, drives, and so

on in a cluster?
Consistent hardware and software congurations across all hosts in a vSAN cluster are recommended.
However, mixing various host congurations in a vSAN cluster is supported as long as all components,
rmware versions, drivers and so on are listed in the VMware Compatibility Guide for Systems/Servers
and VMware Compatibility Guide for vSAN for the versions of vSphere and vSAN you are using. This
exibility enables organizations to upgrade and replace hosts and storage in an incremental fashion,
which is commonly less expensive and easier than replacing entire storage arrays.

Recommendation : Implement consistent hardware and software congurations across all hosts in a
vSAN cluster. Verify vMotion compatibility across all of the hosts in the cluster - see this VMware
Knowledge Base (KB) Article: Enhanced vMotion Compatibility (EVC) processor support (1003212) .

Does vSAN require storage fabric host bus

adapters (HBAs)?
No, vSAN uses standard network interface cards (NICs) found in nearly every x86 server platform.
There is no need to provision and implement specialized storage networking hardware to use vSAN.
See the VMware vSAN Network Design guide for more information.

Copyright 2017 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

Does vSAN use iSCSI or NFS to provide shared

storage to vSphere hosts?
It does not use storage controller VMs on every host like most other HCI solutions to provide shared
storage. vSAN uses a proprietary method to provide storage to all of the hosts in a vSAN cluster. Since
vSAN is native to vSphere, it is able to deliver excellent performance with minimal overhead.

Are there vSphere features that are not supported

with vSAN?
Nearly all vSphere features such as VMware vSphere vMotion, VMware vSphere Distributed
Resource Scheduler (DRS), VMware vSphere High Availability, VMware vSphere Network I/O Control,
and VMware vSphere Replication are compatible and supported with vSAN. VMware vSphere Fault
Tolerance is supported for VMs running on vSAN with the exception of stretched clusters.

The following vSphere features are not supported with vSAN:

VMware vSphere Distributed Power Management

VMware vSphere Storage DRS
VMware vSphere Storage I/O Control

Can I share a single vSAN datastore across multiple

vSphere clusters?
No, a vSAN datastore is directly accessible only by the hosts and VMs in the vSAN cluster.

vSAN includes an iSCSI service to provide access to vSAN storage for non-VM workloads. Certied
solutions for le services are available through the VMware Ready for vSAN program. Organizations
can deploy these solutions with condence to extend HCI environments with proven, industry-leading
solutions. Using these solutions with vSAN provides benets such as simplied setup and
management, documented recommendations, and robust support.

How does vSAN store objects such as VM

conguration les and virtual disks?
vSAN is an object datastore with a primarily at hierarchy. Items such as a VMs conguration (VMX)
and virtual disks (VMDKs) are stored as objects. An object consists of one or more components. The
size and number of components depend on several factors such as the size of the object and the
storage policy assigned. The following gure shows an example. A 40GB virtual disk with a RAID-1
mirroring storage policy consists of three componentstwo mirrored data components and a witness
distributed across three hosts in the cluster.

Copyright 2017 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

Note : The witness component should not be confused with the witness host virtual appliance
discussed earlier in this document as they are two dierent items.

How does vSAN store a virtual disk that is larger

than any one of the capacity drives in the cluster?
Objects such as a virtual disk consist of one or more componentsusually multiple components
distributed across hosts for availability purposes. The maximum size of a component is 255GB, which
is smaller than most server storage devices in use today.

Multiple concatenated components are created for objects larger than 255GB. For example, a 750GB
virtual disk object consists of a minimum of three components.

If storage devices smaller than 255GB are used in the capacity tier, vSAN breaks the component down
into smaller parts. The image below shows the component distribution for a 250GB virtual disk with a
storage policy assigned that contains these rules:

RAID-1 mirroring
FTT=1
100% object space reservation

The cluster contains three hosts, one disk group per host, and each disk group has two 200GB
capacity drives. Note that the virtual disk is smaller than the maximum component size of 255GB.
Normally, there would be two 250GB components distributed across two hosts (plus a witness
component on a third host). In the scenario shown here, the capacity drives are 200GB each. vSAN
concatenated two smaller componentsone on each capacity drive of a host.

10

Copyright 2017 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

When a VM is migrated to another host, is the VMs

objects migrated with the VM?
This concept is often referred to as data locality. vSAN does not require data locality to achieve
excellent performance. vSAN does not tax the vSAN backend network with moving multiple gigabytes
of data every time a VM is migrated to another host. There is no need to do this considering a 10Gb
network has latencies from ve to 50 microseconds (1). Flash devices such as a solid state drive (SSD)
have higher latencies ranging from 90 microseconds to eight milliseconds under heavy load (2). The
few microseconds of latency added by reading data across a 10Gb network connection has no impact
on performance.

vSAN also features a local read cache, which is kept in memory on the host where the VM is running.
This helps avoid reads across the network and further improves performance considering the speed of
reading from memory is exponentially faster than reading from persistent storage devices.

1 http://www.qlogic.com/Resources/Documents/TechnologyBriefs/Adapters/
Tech_Brief_Introduction_to_Ethernet_Latency.pdf

2 http://www.intel.com/content/dam/www/public/us/en/documents/product-specications/ssd-dc-
p3700-spec.pdf

When a VM is migrated to another host, does the

vSAN cache need to be re-warmed?
As discussed in the previous question, the storage objects belonging to a VM are not migrated with
the VM. Therefore, data in the cache tier is not lost and does not need re-warmed.

1.3 Availability

What happens if a host fails in a vSAN cluster?

vSAN will wait for 60 minutes by default and then rebuild the aected data on other hosts in the
cluster. The 60-minute timer is in place to avoid unnecessary movement of large amounts of data. As
an example, a reboot takes the host oine for approximately 10 minutes. It would be inecient and
resource intensive to begin rebuilding several gigabytes or terabytes of data when the host is oine
briey.

vSphere HA is tightly integrated with vSAN. The VMs that were running on a failed host are rebooted
on other healthy hosts in the cluster in a matter of minutes. A click-through demonstration of this
scenario is available here: vSphere HA and vSAN 50 VM Recovery.

Recommendation: Enable vSphere HA for a vSAN cluster.

How does vSAN handle a network partition?

vSAN uses a quorum voting algorithm to help protect against split-brain scenarios and ensure data
integrity. An object is available for reads and writes as long as greater than 50% of its components are
accessible.

As an example, a VM has a virtual disk with a data component on Host1, a second mirrored data
component on Host2, and a witness component on Host 3. Host1 is isolated from Host2 and Host3.

11

Copyright 2017 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

Host2 and Host3 are still connected over the network. Since Host2 and Host3 have greater than 50%
of the components (a data component and a witness component), the VMs virtual disk is accessible.

However, if all three hosts in our example above are isolated from each other, none of the hosts have
access to greater than 50% of the components. vSAN makes the object inaccessible until the hosts are
able to communicate over the network. This helps ensure data integrity.

Recommendation: Build your vSAN network with the same level of resiliency as any other storage
fabric.

What happens if a storage device fails in a vSAN

host?
VMs are usually protected by storage policies that include failure tolerance. For example, a storage
policy with a Primary Level of Failures to Tolerate (PFTT) rule set to one with RAID-1 mirroring will
create two copies of an object with each copy on a separate host. This means the VMs with this policy
assigned can withstand the failure of a disk or an entire host without data loss.

When a device is degraded and error codes are sensed by vSAN, all of the vSAN components on the
aected drive are marked degraded and the rebuilding process starts immediately to restore
redundancy. If the device fails without warning (no error codes received from the device), vSAN will
wait for 60 minutes by default and then rebuild the aected data on other disks in the cluster. The 60-
minute timer is in place to avoid unnecessary movement of large amounts of data. As an example, a
disk is inadvertently pulled from the server chassis and reseated approximately 10 minutes later. It
would be inecient and resource intensive to begin rebuilding several gigabytes of data when the disk
is oine briey.

When failure of a device is anticipated due to multiple sustained periods of high latency, vSAN
evaluates the data on the device. If there are replicas of the data on other devices in the cluster, vSAN
will mark these components as absent. Absent components are not rebuilt immediately as it is
possible the cause of the issue is temporary. vSAN waits for 60 minutes by default before starting the
rebuilding process. This does not aect the availability of a VM as the data is still accessible using one
or more other replicas in the cluster. If the only replica of data is located on a suspect device, vSAN will
immediately start the evacuation of this data to other healthy storage devices.

Note: The failure of a cache tier device will cause the entire disk group to go oine. Another similar
scenario is a cluster with deduplication and compression enabled. The failure of any disk (cache or
capacity) will cause the entire disk group to go oine due to the way deduplicated data is distributed
across disks.

Recommendation: Consider the number and size of disk groups in your cluster with deduplication and
compression enabled. While larger disk groups might improve deduplication eciency, this also
increases the impact to the cluster when a disk fails. Requirements for each organization are dierent
so there is no set rule for disk group sizing.

What if there is not enough free capacity to

perform all of the component rebuilds after one or
more host failures?
In cases where there are not enough resources online to comply with all storage policies, vSAN 6.6 and
newer versions will repair as many objects as possible. This helps ensure the highest possible levels of

12

Copyright 2017 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

redundancy in environments aected by the unplanned downtime. When additional resources come
back online, vSAN will continue the repair process to comply with storage policies.

Recommendation: Maintain enough free capacity or "slack space" for rebuild operations and other
activities such as storage policy changes, VM snapshots, and so on. 25-30% of the vSAN datastore
capacity is recommended. Example: If the vSAN datastore capacity is 20TB, slack space should be
approximately 5-6TB.

Is it possible to stop vSAN resynchronization

operations?
Completely stopping resynchronization operations is not currently supported. In nearly all cases, this
would not be recommended - especially in cases where vSAN is building new components to restore
object redundancy after a disk or host failure. However, it is possible to throttle these operations in
vSAN 6.6 and newer versions, if needed.

Recommendation: Do not throttle resynchronization trac unless advised to do so by VMware

Support as this will delay the remediation of VMs out of compliance with their storage policies.

How is vSAN impacted if vCenter Server is oine?

When vCenter Server is oine, vSAN continues to function normally. VMs continue to run and
application availability is not impacted. Management features such as changing a storage policy,
monitoring performance, and adding a disk group are not available.

vSAN has a highly available control plane for health checks using the VMware Host Clienteven if
vCenter Server is oine. Hosts in a vSAN cluster cooperate in a distributed fashion to check the health
of the entire cluster. Any host in the cluster can be used to view vSAN Health. This provides
redundancy for the vSAN Health data to help ensure administrators always have this information
available.

How do I backup VMs on vSAN?

Many third-party data protection products use VMware vSphere Storage APIs - Data Protection to
provide ecient, reliable backup and recovery for virtualized environments. These APIs are compatible
with vSAN just the same as other datastore types such and VMFS and NFS. Nearly all of these
solutions should work with vSAN. It is important to obtain a support statement for vSAN from the data
protection product vendor you use. Best practices and implementation recommendations vary by
vendor. Consult with your data protection product vendor for optimal results.

Recommendation: Verify your data protection vendor supports the use of their product with vSAN.

13

Copyright 2017 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

What are my options for redundancy in a vSAN

stretched cluster conguration?
vSAN 6.5 and previous versions mirror data across sites for redundancy. If a disk, host, or an entire site
goes oine, the data is still available at the other site. When the oine disk, host, or site comes back
online, data is resynchronized to restore redundancy.

vSAN 6.6 also includes local failure protection. RAID-1 mirroring or RAID-5/6 erasure coding can be
implemented within each stretched cluster site to provide local resiliency to disk and host failures. In
addition to providing higher levels of redundancy, this minimizes production and resynchronization
trac across the intersite link.

Does vSAN work with VMware Site Recovery

Manager?
Yes, VMware Site Recovery Manager is compatible with vSAN to automate data center migration
and disaster recovery. vSphere Replication is used to perform per-VM replication. Site Recovery
Manager is integrated with vSphere Replication.

1.4 Security

Is encryption supported with vSAN?

Yes, vSAN Encryption for data-at-rest is an option for vSAN 6.6 datastores to further improve security
and provide compliance with increasingly stringent regulatory requirements. vSAN datastore
encryption uses an AES 256 cipher. vSAN Encryption is hardware-agnostic, meaning it can be
deployed on any supported hardware in all-ash or hybrid congurations. Self-encrypting drives
(SEDs) are not required. Turning on encryption is a simple matter of clicking a checkbox. Encryption
can be enabled when vSAN is enabled or after, with or without virtual machines (VMs) residing on the
datastore.

A Key Management Server (KMS) is required to enable and use vSAN encryption. Nearly all KMIP-
compliant KMS vendors are compatible, with specic testing completed for vendors such as HyTrust,
Gemalto, Thales e-Security, CloudLink, and Vormetric.

For versions of vSAN prior to 6.6, self-encrypting drives (SEDs) can be used to encrypt data at rest.
vSphere VM encryption is also an option.

Note: VMs encrypted with vSphere VM encryption can be deployed to a vSAN datastore just like other
datastore types such as VMFS and NFS. However, vSAN space eciency features such as
deduplication and compression will provide little benet with these encrypted VMs.

Recommendation: Do not run the VMs that comprise a KMS cluster on the encrypted vSAN datastore.

14

Copyright 2017 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

Do items such as backup and recovery, vSphere

Replication, and so on work with vSAN encryption?
Yes, as vSAN encryption was designed to maintain compatibility with other vSAN and vSphere
features, as well as, 3rd-party products including data protection solutions. Data is encrypted or
decrypted just above the physical storage device layer. APIs such as vSphere Storage APIs for Data
Protection (VADP) and vSphere APIs for IO Filtering (VAIO) that are used for data protection and other
solutions are located higher in the storage stack. Data at this layer is not yet encrypted. Therefore,
compatibility with these solutions is maintained when vSAN encryption is enabled.

Is two-factor authentication supported with vSAN?

2-factor authentication methods, such as RSA SecurID and Common Access Card (CAC), are
supported with vSAN, vSphere, and vCenter Server.

Is vSAN part of a DISA STIG?

Yes, VMware vSAN is part of the VMware vSphere STIG Framework. The DISA STIG denes secure
installation requirements for deploying vSAN on DoD networks. VMware worked closely with DISA to
include vSAN in the existing vSphere STIG. See the Information Assurance Support Environment web
site for details.

1.5 Performance

What is the Number of Disk Stripes per Object rule

in a vSAN storage policy?
Setting this rule to a number other than the default of 1 instructs vSAN to stripe an object across
multiple drives in a RAID-0 conguration. For example, setting this rule to 4 instructs vSAN to stripe an
object with this policy assigned across four drives. This rule can be benecial especially in hybrid
congurations when there are higher numbers of read cache misses. Since a read cache miss in a
hybrid conguration causes vSAN to read directly from the capacity tier, which is magnetic disks,
striping those reads across multiple drives can improve read performance. However, it is best to
properly size the cache tier in a hybrid conguration rather than relying on striping objects across
multiple drives to achieve better performance. In most cases, it is best to leave the striping rule at its
default setting of 1 for hybrid and all-ash vSAN congurations.

Why does vSAN sometimes stripe an object across

multiple components even though the Number of
Disk Stripes per Object rule is set to 1?
This can occur for a few reasons. The maximum component size is 255GB. If an object such as a virtual
disk (VMDK) is larger than 255GB, vSAN will stripe this object across multiple components. As an

15

Copyright 2017 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

example, consider a virtual disk that is 600GB. vSAN will stripe this object across three components
that are approximately 200GB each in size. In this case, the components might reside on the same
drive, on separate drives in the same disk group, or across multiple drives in separate disk groups and/
or hosts (unlike the Number of Disk Stripes per Object rule where striped components are always
striped across separate drives). Another reason vSAN might stripe an object across multiple
components is to improve the balance of drive utilization across a cluster. Splitting large components
into smaller components enables more exibility in placing these components across drives with
higher capacity utilization. The gure below shows a basic example of this.

What is the recommended way to test vSAN

performance?
VMware provides a tool called HCIBench . It is essentially an automation wrapper around the popular
and proven Vdbench open source benchmark tool that makes it easier to automate testing in an HCI
cluster.

HCIBench simplies and accelerates proof-of-concept (POC) performance testing in a consistent and
controlled way. The tool fully automates the process of deploying test VMs, coordinating workload
runs, aggregating test results, and collecting data for troubleshooting purposes. The output from
HCIBench can be analyzed by the Performance Diagnostics feature in vSAN 6.6.1 and newer versions
of vSAN. See this VMware Knowledge Base article for more information: vSAN Performance
Diagnostics (2148770)

HCIBench can be used to evaluate the performance of vSAN and other HCI storage solutions in a
vSphere environment.

Recommendation : Use HCIBench to run performance tests versus running a workload from a single
VM. HCIBench can be congured to deploy and distribute multiple VMs across the hosts in an HCI
cluster to provide more realistic and accurate test results.

How do deduplication and compression aect

performance?
As with any storage solution that oers space eciency features, there can be a slight trade-o in
performance and/or additional resource utilization. The latest ash device and CPU technologies
mitigate the vast majority of perceivable performance impacts and resource utilization when
deduplication and compression are enabled. vSAN 6.6 introduced changes to the way data is destaged
from the cache tier to the capacity tier. These changes oer more predictable performance, especially
with sequential writes. However, latency-sensitive applications should be tested prior to production
deployment on any storage platform including vSAN where space eciency features such as
deduplication, compression, and erasure coding are enabled.

16

Copyright 2017 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

1.6 Operations

How is vSAN licensed?

See the vSAN licensing guide for details: VMware vSAN 6.6 Licensing Guide

Is vSAN ROBO licensing limited to 2-node vSAN

congurations?
vSAN ROBO licensing is not tied to a specic vSAN conguration. While 2-node clusters is a popular
design choice for remote oces, ROBO licensing can also be used with other congurations such as a
4-node cluster. More information is available in the licensing guide above.

How do I add storage capacity to a vSAN cluster?

It is easy and cost-eective to add capacity to a vSAN cluster. Storage capacity can be increased in a
few ways:

Hosts containing local storage devices can be added to a vSAN cluster. Disk groups must be
congured for the new hosts after the hosts are added to the cluster. The additional capacity is
available for use after conguration of the disk groups. This scale-out approach is most
common and also adds compute capacity to the cluster.
More storage devices can be added to existing hosts assuming there is room in the servers
chassis to add these devices. After the storage devices are added, additional disk groups can be
created or existing disk groups recongured to use the new devices. This is considered a scale-
up approach.
Existing storage devices can be replaced with new, higher-capacity devices. Data should be
evacuated from the existing storage devices before replacing them. The evacuation of data is
performed using vSphere maintenance mode. This is also considered a scale-up approach.

Unlike traditional storage solutions, vSAN enables a just-in-time provisioning model. Storage and
compute capacity can be quickly provisioned as needed.

How do I monitor the health of a vSAN cluster?

vSAN features a comprehensive health service appropriately called vSAN Health that actively tests and
monitors many items such as hardware compatibility, verication of storage device controllers,
controller queue depth, and environmental checks for all-ash and hybrid vSAN congurations. vSAN
Health examines network connectivity and throughput, disk and cluster health, and capacity
consumption. Proactive monitoring and alerting in vSAN Health helps ensure the environment is
optimally congured and functioning properly for the highest levels of performance and availability.

Customers enabling the Customer Experience Improvement Program (CEIP) feature with vSAN 6.6
receive additional benets through online health checks. These checks will be dynamically updated
from VMwares online system as new issues are identied, knowledge base articles are created, and
new best practices are discovered.

17

Copyright 2017 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

What vSphere maintenance mode option should I

use?
When a host that is part of a vSAN cluster is put into maintenance mode, the administrator is given
three options concerning the data (vSAN components) on the local storage devices of that host. The
option selected has a bearing on a couple of factors: The level of availability maintained for the objects
with components on the host and the amount of time it will take for the host to enter maintenance
mode. The options are:

Ensure accessibility (default)

Full data migration
No data migration

Details on how data is handled are provided in the vSAN documentation. In summary, the default
option, Ensure accessibility," is used when the host will be oine for a shorter period of time. For
example, during maintenance such as a rmware upgrade or adding memory to a host. Full data
migration is typically appropriate for longer periods (hours or days) of planned downtime or the host
is being permanently removed from the cluster. "No data migration" commonly allows the host to
enter maintenance mode in the shortest amount of time. However, any objects with Primary Level of
Failures to Tolerate (PFTT) set to zero with components on the host going into maintenance mode are
inaccessible until the host is back online.

How does vSAN report impact to a cluster when

putting a host into maintenance mode?
vSAN 6.6 reports the amount of data that must be moved, which depends on the maintenance mode
option selected. It veries there is sucient capacity in the cluster for the amount of data that will be
migrated. The number of objects with reduced redundancy is also reported for the Ensure Data
Accessibility and No Data Evacuation options. This helps administrators better understand the
impact Versions of vSAN prior to 6.6 do not report this information.

Note: As mentioned above, recent versions of vSAN take into account capacity when reporting cluster
impact. It does not factor in the number of fault domains. Entering host maintenance mode with the
"Full data migration" option will fail if there is an insucient number of fault domains available to
satisfy storage policies (after a host enters maintenance mode).

Is it possible to migrate a vSAN hybrid

conguration to an all-ash conguration?
Yes, a vSAN hybrid conguration can be migrated to an all-ash conguration. The details of this
process are discussed in the vSAN Operations Guide.

18

Copyright 2017 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

Can a standard vSAN cluster be converted to a

vSAN stretched cluster?
Yes, it is easy to convert a standard (non-stretched) vSAN cluster to a stretched cluster. This is
performed in the Fault Domains & Stretched Cluster section of the vSAN UI. More details can be
found in the vSAN Stretched Cluster Guide.

How do I upgrade vCenter Server for a cluster

where vSAN is enabled?
Upgrading vCenter Server in a vSAN environment is similar to any other vSphere environment. Follow
the process discussed in the vSphere Upgrade Guide, which can be found in VMware Documentation.

Recommendation: Read the vSphere Upgrade Guide and product release notes prior to performing an
upgrade.

What is the "vCenter state is authoritative" health

check?
This check veries that all hosts in the vSAN cluster are using a vCenter Server as the source of truth
for the cluster conguration. This includes the vSAN cluster membership list. During normal operation,
vCenter Server publishes the latest host membership list and updates the conguration for all hosts in
the cluster. This health check reports an error if vCenter Server conguration is not synchronized with
a member host, and is no longer accepted as the source of truth. See this VMware Knowledge Base
article for more information: vSAN Health Service - Cluster health vCenter state is authoritative
(2150916)

What does Allow Reduced Redundancy do when

enabling or disabling deduplication and
compression or encryption?
When deduplication and compression or encryption are enabled or disabled, vSAN performs a rolling
reformat of each disk group. All data on a disk group must be evacuated to other disk groups in the
cluster before the reformat process can proceed.

By default, vSAN will ensure data is compliant with storage policies during the operation. If there is not
enough free capacity in other disk groups, the operation will fail. Clicking Allow Reduced
Redundancy when enabling deduplication and compression or encryption allows vSAN to reduce the
number of copies of data temporarily, if needed, to complete the requested operation.

Allow Reduced Redundancy is more commonly required in small vSAN clusters such as three or four
hosts with one disk group each. This option might also be required if the free capacity in the cluster is
low.

19

Copyright 2017 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

Does data need to be migrated or rehydrated

when adding a disk to a disk group with
deduplication and compression enabled?
vSAN does not migrate or rehydrate deduplicated and compressed data when a disk is added to a
disk group. The conguration change takes only a few mouse clicks in the vSAN UI and the additional
capacity is available immediately for use. This makes it very easy to incremental add capacity to a
vSAN cluster with no disruption.

Is there integration with VMware vSphere Update

Manager?
vSAN 6.6.1 and newer versions include integration with vSphere Update Manager. vSphere Update
Manager generates automated build recommendations for vSAN clusters. Information in the VMware
Compatibility Guide and vSAN Release Catalog is combined with information about the currently
installed ESXi release. The vSAN Release Catalog maintains information about available releases,
preference order for releases, and critical patches needed for each release. It is hosted on the VMware
Cloud. When a new, compatible update becomes available, a notication is proactively displayed in
vSAN Health. This eliminates the manual eort of researching and correlating information from
various sources to determine the best release for an environment.

The upgrade process is automated. Simply use the Remediate option in vSphere Update Manager to
perform a rolling upgrade of the cluster. vSphere Update Manager migrates virtual machines from the
host being upgraded to other hosts in the cluster with no downtime.

What is the easiest method to perform storage

controller rmware updates?
While this is a manual process in vSAN 6.5 and previous versions, vSAN 6.6 includes a hardware
lifecycle management component. Firmware upgrades to storage controllers can be initiated by a
single click and orchestrated across the entire cluster. This eliminates the need for hardware vendor-
specic tools. Automatic downloads and notications reduce management overhead and lower the
risk associated with manual processes. The software can also be downloaded from an OEM website for
oine use.

Does vSAN support NFS and SMB protocols?

While vSAN does not oer this functionality natively, there are a number of third-party solutions that
enable vSAN storage to be consumed using SMB and NFS protocols. These are commonly virtual
appliances deployed to a vSAN datastore. An example of this is Dell EMC Unity VSA.

Note: CIFS is a dialect of SMB.

20

Copyright 2017 VMware, Inc. All rights reserved.