Stretched Cluster and 2 Node vSAN configurations require a vSAN Witness Host prevent split-brain scenarios when sites are isolated from each other due to loss of connectivity or other outage.
The Stretched Cluster Guide and 2 Node Guide state that any physical vSphere host with appropriate RAM and storage devices can be used, or the free vSAN Witness Appliance. The physical host approach will still require a licensed edition of vSphere, and the host must be capable of running the same build of vSphere as the vSAN Cluster it is joined to.
The vSAN Witness Appliance, not to be confused with a vSAN Witness Host, is a free virtual appliance that runs vSphere as the Guest OS, and does not require any licensing for itself. It does have to run on top of a vSphere 5.5 or higher installation, which could be either a licensed vSphere host, or a host running the free vSphere Hypervisor.
vSAN Witness Appliance Deployment
For vSAN Stretched Cluster configurations a single vSAN Witness Host is required. The same goes for 2 Node vSAN Clusters. Typically vSAN Witness Appliances are deployed during the creation of the cluster and they maintain the same lifecycle as the cluster.
Deploying a vSAN Witness Appliance typically consists of deploying an OVA, providing a password as well as selecting switch and storage parameters. Networking and adding the vSAN Witness Host to vCenter is accomplished post deployment. It has been a relatively simple, manual process.
Administrators who have desired to more easily deploy the vSAN Witness Appliance have used custom scripts, such as Vsan-WitnessDeploy.ps1, to streamline the deployment process.
Easier vSAN Witness Appliance Deployment in vSAN 6.7 P01
With the release of vSAN 6.7 P01, most of the manual steps have been added to the deployment workflow. Network settings are prompted for during deployment and configured during the initial boot process of the vSAN 6.7 P01 Witness Appliance.
In addition to the previously prompted for root password and switch configuration, the OVA deployment also prompts for the following information:
- System Configuration
- root password
- vSAN Traffic
- Management network – For configurations where customers wish to use vmk0 for vSAN Traffic
- Typically doesn’t require any static routing
- Secondary network (Default) – Once called the Witness Network, this Secondary network is the default
- Still requires static routing to be configured when addressing the vSAN Witness Host over Layer 3 configurations
- Management network – For configurations where customers wish to use vmk0 for vSAN Traffic
- Management Network
- IP Address / Netmask / Gateway
- Hostname, DNS Domain
- DNS Search Order, DNS Server Addresses (comma separated)
- NTP hosts (comma separated)
- Secondary Network (previously known as WitnessPg)
- IP Address / Netmask / Gateway (though gateway is not supported yet)
The inclusion of these additional settings being prompted for in the OVF Deployment, streamlines the deployment process. With the exception of setting any static routes, the vSAN Witness Appliance boots fully configured. It only needs to be added to vCenter and any static routes configured. What used to require approximately 15 steps, is now accomplished in roughly 3-4 steps.
Deploy vSAN Witness Appliances at any Scale Easily
What about use cases where multiple vSAN Witnesses need to be deployed quickly? Such as a use case where a large retail chain is rolling out vSAN Witness Appliances to 200 stores?
Because the vSAN 6.7 P01 Witness Appliance accepts OVF Properties, the OVF Tool or PowerCLI can be used to easily deploy multiple vSAN Witness Appliances from a command line or script.
Below is an example OVF Tool deployment of a vSAN 6.7 P01 Witness Appliance. *Note: Each argument is displayed on an individual line for clarity. The arguments should be on the same command line.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
ovftool.exe --acceptAllEulas --allowAllExtraConfig --name="WITNESS" --prop:"guestinfo.ipaddress0"="10.198.7.201" --prop:"guestinfo.gateway0"="10.198.7.253" --prop:"guestinfo.netmask0"="255.255.252.0" --prop:"guestinfo.hostname"="witness-67p01" --prop:"guestinfo.dnsDomain"="satm.eng.vmware.com" --prop:"guestinfo.ipaddress1"="172.16.1.201" --prop:"guestinfo.gateway1"="172.16.1.1" --prop:"guestinfo.netmask1"="255.255.255.0" --prop:"guestinfo.vsannetwork"="Management" --prop:"guestinfo.passwd"="VMware1\!" --prop:"guestinfo.dns"="10.198.16.1,10.198.16.2" --prop:"guestinfo.ntp"="10.198.16.1,10.198.16.2" --datastore="DATASTORE" --net:"Management Network"="VM Network" --net:"Secondary Network"="Cloud Network" /path/to/appliance/VMware-vSAN-Witness-6.7.0.P01.ova vi://vcsa.satm.eng.vmware.com/Datacenter/host/Cluster |
**Note: deploying the new vSAN Witness Appliance via the vSphere Client, OVF Tool, or PowerCLI does not automatically create any static routes, which may be required for some deployments.
The Vsan-WitnessDeploy.ps1 PowerCLI script found on the VMware Code site has also been updated to work with vSAN 6.7 P01 appliances, as well as previous releases. This custom PowerCLI script will deploy vSAN Witness Appliances old & new, as well as add them to vCenter so they may be used by 2 Node or Stretched vSAN Clusters. It will even add static routes if desired.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
PS /Users/jase/PowerCLI> ./Vsan-WitnessDeploy.ps1 Name PowerState Num CPUs MemoryGB ---- ---------- -------- -------- WITNESS PoweredOff 2 16.000 Adjusting the deployment process for VCSA 6.7 for the tiny deployment size Adjusting the capacity disk for use with the tiny profile Adjusting the RAM allocation for the tiny profile WITNESS PoweredOn 2 8.000 Waiting for VM Tools to Start ...................... VM Tools have started .Pinging 10.198.7.201 [10.198.7.201] with 32 bytes of data: Reply from 10.198.7.201: bytes=0 time=9ms TTL= Reply from 10.198.7.201: bytes=0 time=1ms TTL= Reply from 10.198.7.201: bytes=0 time=1ms TTL= Reply from 10.198.7.201: bytes=0 time=2ms TTL= Ping complete. Witness Hostname & DNS Entry Match Adding witness.satm.eng.vmware.com to the Witness Datacenter Setting Static Routes for the Witness Network Starting NTP Client |
***Note: Never deploy a vSAN Witness Appliance with vmk0 and vmk1 on the same network when vSAN Traffic is tagged on vmk0 (Management). This creates a vSphere Multi-Homing issue, detailed in KB 2010877. This is not a supported configuration.
More information about using a vSAN Witness Appliance with 2 Node or Stretched Cluster vSAN can be found in the vSAN 2 Node Guide and the vSAN Stretched Cluster Guide respectively.
The vSAN 6.7 P01 Witness Appliance can be downloaded here.
Take our vSAN 6.7 Hands-On Lab here, and our vSAN 6.7 Advanced Hands-On Lab here!
