Native File Services in vSAN 7 Update 1
The introduction of vSAN 7 included the debut of native file services. This not only provides an extraordinary level of flexibility for administrators, but it provided a key element to serving up cloud native applications in vSAN: Persistent, read-write many (RWM) volumes. vSAN 7 Update 1 improves on the capabilities of file services even further with support for SMB v2.1 and v3, Active Directory integration and Kerberos Support. With these foundational elements in place, VMware believes customers can consolidate their files on HCI, as vSAN 7 Update 1 supports the most common NFS and SMB protocols, and they can be on the same cluster.
Introducing support for Server Message Block (SMB)
vSAN 7 Update 1 now supports SMB Protocol v2.1 and v3. (SMB v1 is deprecated and therefore not supported). Now, SMB shares created in vSAN can be accessed by both Windows clients (8/2012) and Mac clients (OS 10 and later). The support of SMB, paired with Activity Directory integration makes it an ideal solution for various use cases – including, but not limited to:
• VDI use cases, where VDI instances may prefer user/home directory redirection to a dedicated shared storage location.
• File/resource locations serving various topologies (e.g. branch offices, etc.) managed directly in vSAN, instead of using a dedicated Windows VM providing file shares
File share data is visible using the Windows MMC. Admins can:
• View # of client connections to a share
• View # of files open
• Manage share permissions and security
• Close client connections
• Close open files
File shares created in vSAN also support NTFS style folder permissions.
Kerberos Support for NFS Shares
The addition of Kerberos support for vSAN general purpose NFS shares, was a welcome enhancement for NFS admins. Support of Kerberos authentication helps prevent access of NFS clients through other, more vulnerable methods such as auth_sys. vSAN supports all 3 Kerberos authentication modes, KRB5, KRB5I and KRB5P.
• KRB5, which limits its role to secure authentication. (only on NFSv4.1)
• KRB5I includes security authentication + checksum.
• KRB5P includes secure authentication + checksum + encryption.
vSAN 7 U1 also improves the scalability of file services using up to 32 hosts to contribute to the processing of the file service as the cluster scales up to a maximum of 64 hosts. Clusters larger than 32 hosts can still use file services, but only 32 hosts will contribute to the availability and management of file shares.
Health, Performance and Capacity Monitoring
There have been significant enhancements to the monitoring of health, performance and capacity of vSAN file shares for NFS and SMB.
Skyline Health (previously known as “vSAN Health”) has additional cluster-based health checks for Infrastructure health, file server health and share health.
• Infrastructure health checks whether the FSVM is deployed, VDFS daemon is deployed or whether the root file system is present on the host. If any of these conditions are not met the health check is marked red. Otherwise, it is marked green.
• File Server Health checks whether the file server is healthy on the individual hosts and whether the root file system is present on the host. If these conditions are not met the health check is marked red. Otherwise, it is marked green.
• Share Health checks the status of the objects backing the file share. If an object is marked red or the protocol service is not running for this object, the share health will also be marked red. If the object health is in a warning state, the share health will be marked yellow. Otherwise it will be marked green.
Performance as well as historical performance of backing objects for vSAN file shares can be monitored in the vSAN UI. Administrators can monitor throughput, IOPS, and latency at an individual share level in real time. Increasing the time range will display the specified historical performance metrics. These metrics are also available via API, so solutions like vRealize Operations are able to consume as well.
vSAN file share capacity can be monitored in the combined vSAN Capacity view or at the individual share level view.
Clicking on “File shares overview” at the bottom left shows detailed capacity information for each share. The image below shows a mixture of SMB and NFS shares. The colors indicate the proximity to the share’s hard quota. Orange indicates the share is more than 75% full. Red indicates the share is near capacity. Hard and soft limits can be adjusted nondisruptively at the individual share level. It appears I may need to increase the size limit of my “Top-Secret” file share.
Native file services for vSAN helps ease the burden of management when vSAN environments require file level services. Instead of using a legacy physical storage array, or deploying VMs to provide file services, an administrator can simply enable this cluster level service on a vSAN cluster. VMware took a very careful approach in how best to provide file services that can easily scale, and support a broad variety of conditions. The file services provided in vSAN 7 was an exciting step in that direction. vSAN 7 Update 1 expands on file services capabilities significantly by adding multiprotocol support, Active Directory integration, and improved scalability. For more information on vSAN File Services be sure to check out the vSAN File Services TechNote.