I recently had some discussions with a customer trying to decide on some design decisions for a VMware Validated Design (VVD) being deployed. While a lot of design decisions are fairly straight forward, (The Distributed Switch is arguably superior to the standard switch) a lot of vSAN data services decisions require some nuance and understanding of the workload. This blog is the first of a series that will examine some of the vSAN-related decisions that can be made on the VVD management and workload domains.
For the management should I use Hybrid or All Flash?
Let’s review the factors and data services that would influence the management domain:
Host Count: If the minimum of 4 hosts is used, it is possible to use RAID 5, but you would be unable to automatically repair from a failure. The vSAN all flash RAID 5 feature requires 4 hosts at a minimum and 5 hosts are recommended to enable self-healing if a host fails. As a result, larger clusters (5 hosts for RAID 5, and 7 hosts for RAID 6) may make all flash vSAN more attractive from a cost to capacity factor.
Scale: If the vRealize Operations and LogInsight management domain are collecting logs and performance metrics for a relatively small environment hybrid should be more than capable of delivering performance. Inversely if the environment is scaled up, and a large number of searches are being used, and custom dashboards and monitoring are being used the performance consistency under sustained load demands may shift the design to all flash.
Disk Groups and Cache Devices: It’s worth noting that more disk groups increase performance with vSAN. While hybrid is slower than all flash by sticking with the vSAN recommended the practice of 2 disk groups at a minimum and make sure to size plenty of cache you can help offset the slower speeds of the capacity devices.
Deduplication and Compression: This all flash feature benefits from duplicate data or data that compresses well. Most of the growth and data in a management cluster comes in the form of performance metrics and log events. Given some platforms such as long insight already compress logs and events or metrics with time stamps will fail to pattern match with deduplication the benefits of these features may be less evident than with a workload domain running hundreds of a VM from the same template. If a large number of workload domains exist, the OS and application binaries used may see increased benefits from deduplication. For more information see the space efficiency guide.
vSAN Encryption: Can I encrypt the management domain? Is there a chicken egg problem encrypting a vCenter that runs on a cluster that it manages? This is a common question, but one with a simple response. While vSphere encryption does not support this configuration, vSAN encryption does. The key difference is that with vSAN encryption the hosts can communicate with the KMS servers directly. It is critical in this configuration to make sure the KMS cluster or clusters (you should always have more than one KMS server) are running external to the management domain to enabled a “cold boot” scenario where you can power back on the cluster. For more information see the vSphere and vSAN encryption FAQ.
The operational SLAs: While hybrid vSAN is certainly fast, one of the biggest benefits of all flash vSAN is consistency especially for cold data. If your operations staff often requires pulling up old data that may not be in the cache you may find that all flash vSAN is a better option for providing consistently fast responses to read requests for older blocks.
