vSAN Frequently Asked

Questions (FAQ)
January 16, 2018

Copyright © 2018 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

Table of Contents

1. vSAN FAQ
1.1.Introduction
1.2.Architecture
1.3.Availability
1.4.Security
1.5.Performance
1.6.Operations
1.7.Hardware

Copyright © 2018 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

1. vSAN FAQ
.

Copyright © 2018 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

1.1 Introduction

This document provides answers to frequently asked questions (FAQ) regarding VMware vSAN™.
vSAN is enterprise-class storage for hyper-converged infrastructure (HCI). Native to the VMware
vSphere® hypervisor, vSAN delivers flash-optimized, secure storage. It utilizes commodity x86 server
components to lower costs up to 50% versus traditional server and storage array architectures.

Seamless integration with vSphere and the VMware ecosystem makes it the ideal storage platform for
business-critical applications, disaster recovery sites, remote office and branch office (ROBO)
implementations, test and development environments, management clusters, security zones, and
virtual desktop infrastructure (VDI). Today, customers of all industries and sizes trust vSAN to run their
most important applications.

1.2 Architecture

What are the hardware requirements for running

vSAN?
vSAN requires at least two physical servers configured with hardware that is in the VMware
Compatibility Guide for Systems/Servers and VMware Compatibility Guide for vSAN . Using hardware
that is not certified may lead to performance issues and/or data loss. The behavior of non-certified
hardware cannot be predicted. VMware cannot provide support for environments running on non-
certified hardware.

A vSAN cluster must have at least two physical hosts with local storage devices dedicated to vSAN. A
vSAN cluster containing hosts with magnetic drives in the capacity tier is commonly called a “hybrid”
cluster or configuration. A cluster with hosts containing flash devices in the capacity tier is referred to
as an “all-flash” cluster or configuration.

Hosts participating in a vSAN cluster must be connected to the network using at least one network
interface card (NIC). Multiple NICs are recommended for redundancy. Hybrid vSAN configurations can
use 1Gb or higher networks although 10Gb or higher is recommended. All-flash vSAN configurations
require 10Gb or higher networks. Multicast network traffic is required for vSAN 6.5 and previous
versions. vSAN 6.6 and newer versions do not require multicast network traffic.

Cluster Size
A vSAN cluster supports any number of physical hosts from two up to a maximum of 64 hosts in a
cluster. Multiple clusters can be managed by a single VMware vCenter Server™ instance. vSAN 2-node
configurations have two physical hosts. A stretched cluster can have up to 30 physical hosts (15 at
each site).

Hardware Deployment Options

A vSAN ReadyNode™ is an x86 server, available from all the leading server vendors, which is pre-
configured, tested, and certified for vSAN. vSAN ReadyNodes provide an open, flexible approach
when considering deployment methods. Organizations can continue to use their server vendor(s) of
choice. Each ReadyNode is optimally configured for vSAN with the required amount of CPU, memory,
network, I/O controllers, and storage devices.

Turn-key appliances such as Dell EMC VxRail™ provide a fully integrated VMware hyper-converged
solution for a variety of applications and workloads. Simple deployment enables customers to be up
and running in as little as 15 minutes. Dell EMC VxRack™ SDDC powered by VMware provides an easy
path to a VMware software-defined data center supporting a wide variety of enterprise workloads.

Copyright © 2018 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

Custom configurations using jointly validated components from all the major OEM vendors is also an
option. The vSAN Hardware Quick Reference Guide provides some sample server configurations as
directional guidance. All components should be validated using the VMware Compatibility Guide for
vSAN.

What is a vSAN disk group?

The flash device in the cache tier and the capacity device(s) are collectively known as a disk group.
Each host has a minimum of one up to a maximum of five disk groups. Each disk group consists of
exactly one cache device and a minimum of one up to a maximum of seven capacity devices.

Can I mix all-flash disk groups and hybrid disk

groups in the same host or cluster?
Mixing disk group types (all-flash and hybrid) is not supported. This complicates operational aspects
such as balancing workloads, synchronizing components, and capacity management. All hosts in the
cluster must be configured with the same type of disk groups (hybrid or all-flash).

What are the software requirements for running

vSAN?
vCenter Server is required to configure and manage a vSAN cluster. vSAN is native to the VMware
vSphere® Hypervisor. There is no need to install additional software or deploy “storage controller
virtual appliances” to every host in the cluster as commonly found in other hyper-converged
infrastructure (HCI) solutions. vSAN is enabled in a matter of minutes with just a few mouse clicks in
the vSphere Web Client.

Witness Host Virtual Appliance

In certain implementation scenarios such as a vSAN stretched cluster and 2-node configurations, the
deployment of a “witness host virtual appliance” is required to provide resiliency against "split-brain"
scenarios. This virtual appliance is easily deployed using an OVA file provided by VMware. The witness
virtual appliance is a pre-configured virtual machine (VM) running vSphere.

How much memory is required in a vSAN host?

Hosts participating in a vSAN cluster should be configured with a minimum of 32GB of RAM. Higher
amounts of RAM are recommended depending on application requirements, VM-to-host consolidation
ratio goals, and other factors. More information can be found in Understanding vSAN 6.x memory
consumption (2113954) .

Copyright © 2018 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

What are the processor requirements for vSAN

hosts?
Processors in the VMware Compatibility Guide for Systems/Servers must be used in supported
configurations. vSAN typically uses less than 10% of CPU resources on a host. The use of vSAN space
efficiency features such as deduplication and compression can increase CPU utilization by
approximately 5-10%. vSAN is supported with hosts that have a single CPU. Hosts with multiple CPUs
are recommended for redundancy, performance, and higher VM-to-host consolidation ratios.

Why does vSAN require a flash device for the

cache tier?
The flash device in the cache tier of each disk group is used as a write buffer in all-flash vSAN
configurations. These cache devices are typically higher-endurance, lower-capacity devices. Data is
de-staged from the cache tier to the capacity tier. Capacity tier devices are more commonly lower-
endurance, higher capacity flash devices. The majority of reads in an all-flash vSAN cluster are served
directly from the capacity tier. An all-flash configuration provides a good balance of high performance,
low latency, endurance, and cost-effectiveness.

The flash device in the cache tier of a hybrid vSAN configuration is used for read caching and write
buffering. 70% of the capacity is allocated for read cache and 30% for buffering writes. Data is de-
staged from the cache tier to the capacity tier. The flash device in the cache tier enables very good
performance for a hybrid configuration.

Can vSAN use traditional VMFS or NFS datastores?

vSAN is a shared object datastore that is created using local storage devices in each host of the
cluster. It does not support the use of other shared storage types such as SAN and NAS.

Does vSAN use VMware vSphere Virtual Volumes?

VMware vSphere Virtual Volumes™ is designed for use with external storage arrays. vSAN uses local
disks to create a shared datastore. Virtual Volumes and vSAN can be used in the same cluster and both
provide the benefits of storage policy-based management .

Can I use existing SAN and NAS storage in the

same cluster as vSAN?
Yes, vSphere can access and use traditional VMFS and NFS datastores with vSAN and vSphere Virtual
Volumes—all in the same cluster. If your SAN or NAS solution is compatible with vSphere Virtual
Volumes, management is easier and more precise as storage policies can be used to manage all of
your storage on a per-VM basis.

Copyright © 2018 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

In most cases, vSphere Storage vMotion can be used to migrate VMs between these various datastore
types. This feature makes it easy to migrate existing workloads when there is a need to perform
maintenance or retire and older storage solution. The first part of this click-through demo shows how
simple it is to migrate VMs to a vSAN datastore using vSphere Storage vMotion: Migrating VMs to
vSAN .

Where can I find guidance on sizing a vSAN

cluster?
To evaluate an existing environment for migration to vSAN, the vSAN Assessment tool , and Dell
Performance Analysis Collection Kit (DPACK) are recommended options. It is best to request
assistance with an assessment from your preferred VMware reseller. Data collected can be used along
with the vSAN ReadyNode Sizer to help determine suitable vSAN ReadyNode server configurations.
Additional guidance can be found in the vSAN Design and Sizing Guide .

What is "slack space" and why do I need it?

vSAN “slack space” is free space that is set aside for operations such as host maintenance mode data
evacuation, component rebuilds, rebalancing operations, and VM snapshots. Activities such as
rebuilds and rebalancing can temporarily consume additional raw capacity. Host maintenance mode
temporarily reduces the total amount of raw capacity a cluster has. This is because the local drives on
a host that is in maintenance mode do not contribute to vSAN datastore capacity until the host exits
maintenance mode. The recommendation is 25-30% slack space when designing and running a vSAN
cluster. For example, a vSAN datastore with 20TB of raw capacity should always have 5-6TB of free
space available for use as slack space. This recommendation is not exclusive to vSAN. Most other HCI
storage solutions follow similar recommendations to allow for fluctuations in capacity utilization
without disruption. See this blog article for more information: vSAN Operations: Maintain Slack Space
for Storage Policy Changes

Are there recommendations for vSAN network

connectivity?
The vSAN Network Design guide contains more information and recommendations for network
connectivity in a vSAN cluster. Also, see the vSAN Stretched Cluster Bandwidth Sizing guide for
information specific to stretched clusters.

What is network multicast used for in vSAN 6.5 and

earlier versions?
Multicast is used primarily for vSAN metadata updates such as object creation and status changes. It is
also used for automatic discovery of new nodes. Recent advances in network and CPU technologies
along with updates in vSAN 6.6 and newer versions remove the dependency on multicast. This change
simplifies deployment of vSAN in on-premises and cloud environments.

Copyright © 2018 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

Do NIC teaming solutions improve performance?

Generally speaking, NIC teaming can provide a marginal improvement in performance, but this is not
guaranteed. The complexity and additional expense rarely justify the use of NIC teaming for the vSAN
network. More details can be found in the vSAN Networking Design guide .

Can I add a host that does not have local disks to a

vSAN cluster?
A host with no local storage can be added to a vSAN cluster. Note that all hosts in a vSAN cluster
require vSAN licensing to use the vSAN datastore regardless of whether they contribute storage to the
vSAN datastore.

Is it possible to deploy a vCenter Server Appliance

(VCSA) to a single host when building a new vSAN
cluster?
With the release of vSAN 6.6, the VCSA deployment wizard includes the ability to claim disks and turn
on vSAN on a single host. This enables administrators to deploy vCenter Server to a new environment
where vSAN will be the only datastore. This deployment option is typically referred to as "Easy Install".

Can I mix different hosts, controllers, drives, and so

on in a cluster?
Consistent hardware and software configurations across all hosts in a vSAN cluster are recommended.
However, mixing various host configurations in a vSAN cluster is supported as long as all components,
firmware versions, drivers and so on are listed in the VMware Compatibility Guide for Systems/Servers
and VMware Compatibility Guide for vSAN for the versions of vSphere and vSAN you are using. This
flexibility enables organizations to upgrade and replace hosts and storage in an incremental fashion,
which is commonly less expensive and easier than replacing entire storage arrays.

Recommendation : Implement consistent hardware and software configurations across all hosts in a
vSAN cluster. Verify vMotion compatibility across all of the hosts in the cluster - see this VMware
Knowledge Base (KB) Article: Enhanced vMotion Compatibility (EVC) processor support (1003212) .

Does vSAN require storage fabric host bus

adapters (HBAs)?
No, vSAN uses standard network interface cards (NICs) found in nearly every x86 server platform.
There is no need to provision and implement specialized storage networking hardware to use vSAN.
See the VMware vSAN Network Design guide for more information.

Copyright © 2018 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

Does vSAN use iSCSI or NFS to provide shared

storage to vSphere hosts?
It does not use storage controller VMs on every host like most other HCI solutions to provide shared
storage. vSAN uses a proprietary method to provide storage to all of the hosts in a vSAN cluster. Since
vSAN is native to vSphere, it is able to deliver excellent performance with minimal overhead.

Are there vSphere features that are not supported

with vSAN?
Nearly all vSphere features such as VMware vSphere vMotion™, VMware vSphere Distributed
Resource Scheduler™ (DRS), VMware vSphere High Availability, VMware vSphere Network I/O Control,
and VMware vSphere Replication™ are compatible and supported with vSAN. VMware vSphere Fault
Tolerance is supported for VMs running on vSAN with the exception of stretched clusters.

The following vSphere features are not supported with vSAN:

• VMware vSphere Distributed Power Management™

• VMware vSphere Storage DRS™
• VMware vSphere® Storage I/O Control

Can I share a single vSAN datastore across multiple

vSphere clusters?
No, a vSAN datastore is directly accessible only by the hosts and VMs in the vSAN cluster.

vSAN includes an iSCSI service to provide access to vSAN storage for non-VM workloads. Certified
solutions for file services are available through the VMware Ready for vSAN™ program. Organizations
can deploy these solutions with confidence to extend HCI environments with proven, industry-leading
solutions. Using these solutions with vSAN provides benefits such as simplified setup and
management, documented recommendations, and robust support.

How does vSAN store objects such as VM

configuration files and virtual disks?
vSAN is an object datastore with a primarily flat hierarchy. Items such as a VM’s configuration (VMX)
and virtual disks (VMDKs) are stored as objects. An object consists of one or more components. The
size and number of components depend on several factors such as the size of the object and the
storage policy assigned. The following figure shows an example. A 40GB virtual disk with a RAID-1
mirroring storage policy consists of three components—two mirrored data components and a witness
distributed across three hosts in the cluster.

Copyright © 2018 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

Note : The witness component should not be confused with the witness host virtual appliance
discussed earlier in this document as they are two different items.

How does vSAN store a virtual disk that is larger

than any one of the capacity drives in the cluster?
Objects such as a virtual disk consist of one or more components—usually multiple components
distributed across hosts for availability purposes. The maximum size of a component is 255GB, which
is smaller than most server storage devices in use today.

Multiple concatenated components are created for objects larger than 255GB. For example, a 750GB
virtual disk object consists of a minimum of three components.

If storage devices smaller than 255GB are used in the capacity tier, vSAN breaks the component down
into smaller parts. The image below shows the component distribution for a 250GB virtual disk with a
storage policy assigned that contains these rules:

• RAID-1 mirroring
• FTT=1
• 100% object space reservation

The cluster contains three hosts, one disk group per host, and each disk group has two 200GB
capacity drives. Note that the virtual disk is smaller than the maximum component size of 255GB.
Normally, there would be two 250GB components distributed across two hosts (plus a witness
component on a third host). In the scenario shown here, the capacity drives are 200GB each. vSAN
concatenated two smaller components—one on each capacity drive of a host.

10

Copyright © 2018 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

When a VM is migrated to another host, is the VM’s

objects migrated with the VM?
This concept is often referred to as “data locality”. vSAN does not require data locality to achieve
excellent performance. vSAN does not tax the vSAN backend network with moving multiple gigabytes
of data every time a VM is migrated to another host. There is no need to do this considering a 10Gb
network has latencies from five to 50 microseconds (1). Flash devices such as a solid state drive (SSD)
have higher latencies ranging from 90 microseconds to eight milliseconds under heavy load (2). The
few microseconds of latency added by reading data across a 10Gb network connection has no impact
on performance.

vSAN also features a local read cache, which is kept in memory on the host where the VM is running.
This helps avoid reads across the network and further improves performance considering the speed of
reading from memory is exponentially faster than reading from persistent storage devices.

1 http://www.qlogic.com/Resources/Documents/TechnologyBriefs/Adapters/
Tech_Brief_Introduction_to_Ethernet_Latency.pdf

2 http://www.intel.com/content/dam/www/public/us/en/documents/product-specifications/ssd-dc-
p3700-spec.pdf

When a VM is migrated to another host, does the

vSAN cache need to be re-warmed?
As discussed in the previous question, the storage objects belonging to a VM are not migrated with
the VM. Therefore, data in the cache tier is not lost and does not need re-warmed.

1.3 Availability

What happens if a host fails in a vSAN cluster?

vSAN will wait for 60 minutes by default and then rebuild the affected data on other hosts in the
cluster. The 60-minute timer is in place to avoid unnecessary movement of large amounts of data. As
an example, a reboot takes the host offline for approximately 10 minutes. It would be inefficient and
resource intensive to begin rebuilding several gigabytes or terabytes of data when the host is offline
briefly.

vSphere HA is tightly integrated with vSAN. The VMs that were running on a failed host are rebooted
on other healthy hosts in the cluster in a matter of minutes. A click-through demonstration of this
scenario is available here: vSphere HA and vSAN 50 VM Recovery.

Recommendation: Enable vSphere HA for a vSAN cluster.

How does vSAN handle a network partition?

vSAN uses a quorum voting algorithm to help protect against “split-brain” scenarios and ensure data
integrity. An object is available for reads and writes as long as greater than 50% of its components are
accessible.

As an example, a VM has a virtual disk with a data component on Host1, a second mirrored data
component on Host2, and a witness component on Host 3. Host1 is isolated from Host2 and Host3.

11

Copyright © 2018 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

Host2 and Host3 are still connected over the network. Since Host2 and Host3 have greater than 50%
of the components (a data component and a witness component), the VM’s virtual disk is accessible.

However, if all three hosts in our example above are isolated from each other, none of the hosts have
access to greater than 50% of the components. vSAN makes the object inaccessible until the hosts are
able to communicate over the network. This helps ensure data integrity.

Recommendation: Build your vSAN network with the same level of resiliency as any other storage
fabric.

What happens if a storage device fails in a vSAN

host?
VMs are usually protected by storage policies that include failure tolerance. For example, a storage
policy with a “Primary Level of Failures to Tolerate” (PFTT) rule set to one with RAID-1 mirroring will
create two copies of an object with each copy on a separate host. This means the VMs with this policy
assigned can withstand the failure of a disk or an entire host without data loss.

When a device is degraded and error codes are sensed by vSAN, all of the vSAN components on the
affected drive are marked degraded and the rebuilding process starts immediately to restore
redundancy. If the device fails without warning (no error codes received from the device), vSAN will
wait for 60 minutes by default and then rebuild the affected data on other disks in the cluster. The 60-
minute timer is in place to avoid unnecessary movement of large amounts of data. As an example, a
disk is inadvertently pulled from the server chassis and reseated approximately 10 minutes later. It
would be inefficient and resource intensive to begin rebuilding several gigabytes of data when the disk
is offline briefly.

When failure of a device is anticipated due to multiple sustained periods of high latency, vSAN
evaluates the data on the device. If there are replicas of the data on other devices in the cluster, vSAN
will mark these components as “absent”. “Absent” components are not rebuilt immediately as it is
possible the cause of the issue is temporary. vSAN waits for 60 minutes by default before starting the
rebuilding process. This does not affect the availability of a VM as the data is still accessible using one
or more other replicas in the cluster. If the only replica of data is located on a suspect device, vSAN will
immediately start the evacuation of this data to other healthy storage devices.

Note: The failure of a cache tier device will cause the entire disk group to go offline. Another similar
scenario is a cluster with deduplication and compression enabled. The failure of any disk (cache or
capacity) will cause the entire disk group to go offline due to the way deduplicated data is distributed
across disks.

Recommendation: Consider the number and size of disk groups in your cluster with deduplication and
compression enabled. While larger disk groups might improve deduplication efficiency, this also
increases the impact to the cluster when a disk fails. Requirements for each organization are different
so there is no set rule for disk group sizing.

What if there is not enough free capacity to

perform all of the component rebuilds after one or
more host failures?
In cases where there are not enough resources online to comply with all storage policies, vSAN 6.6 and
newer versions will repair as many objects as possible. This helps ensure the highest possible levels of

12

Copyright © 2018 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

redundancy in environments affected by the unplanned downtime. When additional resources come
back online, vSAN will continue the repair process to comply with storage policies.

Recommendation: Maintain enough free capacity or "slack space" for rebuild operations and other
activities such as storage policy changes, VM snapshots, and so on. 25-30% of the vSAN datastore
capacity is recommended. Example: If the vSAN datastore capacity is 20TB, slack space should be
approximately 5-6TB.

Is it possible to stop vSAN resynchronization

operations?
Completely stopping resynchronization operations is not currently supported. In nearly all cases, this
would not be recommended - especially in cases where vSAN is building new components to restore
object redundancy after a disk or host failure. However, it is possible to throttle these operations in
vSAN 6.6 and newer versions, if needed.

Recommendation: Do not throttle resynchronization traffic unless advised to do so by VMware

Support as this will delay the remediation of VMs out of compliance with their storage policies.

How is vSAN impacted if vCenter Server is offline?

When vCenter Server is offline, vSAN continues to function normally. VMs continue to run and
application availability is not impacted. Management features such as changing a storage policy,
monitoring performance, and adding a disk group are not available.

vSAN has a highly available control plane for health checks using the VMware Host Client—even if
vCenter Server is offline. Hosts in a vSAN cluster cooperate in a distributed fashion to check the health
of the entire cluster. Any host in the cluster can be used to view vSAN Health. This provides
redundancy for the vSAN Health data to help ensure administrators always have this information
available.

How do I backup VMs on vSAN?

Many third-party data protection products use VMware vSphere Storage APIs - Data Protection to
provide efficient, reliable backup and recovery for virtualized environments. These APIs are compatible
with vSAN just the same as other datastore types such and VMFS and NFS. Nearly all of these
solutions should work with vSAN. It is important to obtain a support statement for vSAN from the data
protection product vendor you use. Best practices and implementation recommendations vary by
vendor. Consult with your data protection product vendor for optimal results.

Recommendation: Verify your data protection vendor supports the use of their product with vSAN.

13

Copyright © 2018 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

What are my options for redundancy in a vSAN

stretched cluster configuration?
vSAN 6.5 and previous versions mirror data across sites for redundancy. If a disk, host, or an entire site
goes offline, the data is still available at the other site. When the offline disk, host, or site comes back
online, data is resynchronized to restore redundancy.

vSAN 6.6 also includes local failure protection. RAID-1 mirroring or RAID-5/6 erasure coding can be
implemented within each stretched cluster site to provide local resiliency to disk and host failures. In
addition to providing higher levels of redundancy, this minimizes production and resynchronization
traffic across the intersite link.

Does vSAN work with VMware Site Recovery

Manager?
Yes, VMware Site Recovery Manager™ is compatible with vSAN to automate data center migration
and disaster recovery. vSphere Replication is used to perform per-VM replication. Site Recovery
Manager is integrated with vSphere Replication.

1.4 Security

Is encryption supported with vSAN?

Yes, vSAN Encryption for data-at-rest is an option for vSAN 6.6 datastores to further improve security
and provide compliance with increasingly stringent regulatory requirements. vSAN datastore
encryption uses an AES 256 cipher. vSAN Encryption is hardware-agnostic, meaning it can be
deployed on any supported hardware in all-flash or hybrid configurations. Self-encrypting drives
(SEDs) are not required. Turning on encryption is a simple matter of clicking a checkbox. Encryption
can be enabled when vSAN is enabled or after, with or without virtual machines (VMs) residing on the
datastore.

A Key Management Server (KMS) is required to enable and use vSAN encryption. Nearly all KMIP-
compliant KMS vendors are compatible, with specific testing completed for vendors such as HyTrust®,
Gemalto®, Thales e-Security®, CloudLink®, and Vormetric®.

For versions of vSAN prior to 6.6, self-encrypting drives (SEDs) can be used to encrypt data at rest.
vSphere VM encryption is also an option.

Note: VMs encrypted with vSphere VM encryption can be deployed to a vSAN datastore just like other
datastore types such as VMFS and NFS. However, vSAN space efficiency features such as
deduplication and compression will provide little benefit with these encrypted VMs.

Recommendation: Do not run the VMs that comprise a KMS cluster on the encrypted vSAN datastore.

14

Copyright © 2018 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

Do items such as backup and recovery, vSphere

Replication, and so on work with vSAN encryption?
Yes, as vSAN encryption was designed to maintain compatibility with other vSAN and vSphere
features, as well as, 3rd-party products including data protection solutions. Data is encrypted or
decrypted just above the physical storage device layer. APIs such as vSphere Storage APIs for Data
Protection (VADP) and vSphere APIs for IO Filtering (VAIO) that are used for data protection and other
solutions are located higher in the storage stack. Data at this layer is not yet encrypted. Therefore,
compatibility with these solutions is maintained when vSAN encryption is enabled.

Is two-factor authentication supported with vSAN?

2-factor authentication methods, such as RSA SecurID® and Common Access Card (CAC), are
supported with vSAN, vSphere, and vCenter Server.

Is vSAN part of a DISA STIG?

Yes, VMware vSAN is part of the VMware vSphere STIG Framework. The DISA STIG defines secure
installation requirements for deploying vSAN on DoD networks. VMware worked closely with DISA to
include vSAN in the existing vSphere STIG. See the Information Assurance Support Environment web
site for details.

1.5 Performance

What is the Number of Disk Stripes per Object rule

in a vSAN storage policy?
Setting this rule to a number other than the default of 1 instructs vSAN to stripe an object across
multiple drives in a RAID-0 configuration. For example, setting this rule to 4 instructs vSAN to stripe an
object with this policy assigned across four drives. This rule can be beneficial especially in hybrid
configurations when there are higher numbers of read cache misses. Since a read cache miss in a
hybrid configuration causes vSAN to read directly from the capacity tier, which is magnetic disks,
striping those reads across multiple drives can improve read performance. However, it is best to
properly size the cache tier in a hybrid configuration rather than relying on striping objects across
multiple drives to achieve better performance. In most cases, it is best to leave the striping rule at its
default setting of 1 for hybrid and all-flash vSAN configurations.

Why does vSAN sometimes stripe an object across

multiple components even though the Number of
Disk Stripes per Object rule is set to 1?
This can occur for a few reasons. The maximum component size is 255GB. If an object such as a virtual
disk (VMDK) is larger than 255GB, vSAN will stripe this object across multiple components. As an

15

Copyright © 2018 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

example, consider a virtual disk that is 600GB. vSAN will stripe this object across three components
that are approximately 200GB each in size. In this case, the components might reside on the same
drive, on separate drives in the same disk group, or across multiple drives in separate disk groups and/
or hosts (unlike the Number of Disk Stripes per Object rule where striped components are always
striped across separate drives). Another reason vSAN might stripe an object across multiple
components is to improve the balance of drive utilization across a cluster. Splitting large components
into smaller components enables more flexibility in placing these components across drives with
higher capacity utilization. The figure below shows a basic example of this.

What is the recommended way to test vSAN

performance?
VMware provides a tool called HCIBench . It is essentially an automation wrapper around the popular
and proven Vdbench open source benchmark tool that makes it easier to automate testing in an HCI
cluster.

HCIBench simplifies and accelerates proof-of-concept (POC) performance testing in a consistent and
controlled way. The tool fully automates the process of deploying test VMs, coordinating workload
runs, aggregating test results, and collecting data for troubleshooting purposes. The output from
HCIBench can be analyzed by the Performance Diagnostics feature in vSAN 6.6.1 and newer versions
of vSAN. See this VMware Knowledge Base article for more information: vSAN Performance
Diagnostics (2148770)

HCIBench can be used to evaluate the performance of vSAN and other HCI storage solutions in a
vSphere environment.

Recommendation : Use HCIBench to run performance tests versus running a workload from a single
VM. HCIBench can be configured to deploy and distribute multiple VMs across the hosts in an HCI
cluster to provide more realistic and accurate test results.

How do deduplication and compression affect

performance?
As with any storage solution that offers space efficiency features, there can be a slight trade-off in
performance and/or additional resource utilization. The latest flash device and CPU technologies
mitigate the vast majority of perceivable performance impacts and resource utilization when
deduplication and compression are enabled. vSAN 6.6 introduced changes to the way data is destaged
from the cache tier to the capacity tier. These changes offer more predictable performance, especially
with sequential writes. However, latency-sensitive applications should be tested prior to production
deployment on any storage platform including vSAN where space efficiency features such as
deduplication, compression, and erasure coding are enabled.

16

Copyright © 2018 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

1.6 Operations

How is vSAN licensed?

See the vSAN licensing guide for details: VMware vSAN 6.6 Licensing Guide

Is vSAN ROBO licensing limited to 2-node vSAN

configurations?
vSAN ROBO licensing is not tied to a specific vSAN configuration. While 2-node clusters is a popular
design choice for remote offices, ROBO licensing can also be used with other configurations such as a
4-node cluster. More information is available in the licensing guide above.

How do I add storage capacity to a vSAN cluster?

It is easy and cost-effective to add capacity to a vSAN cluster. Storage capacity can be increased in a
few ways:

• Hosts containing local storage devices can be added to a vSAN cluster. Disk groups must be
configured for the new hosts after the hosts are added to the cluster. The additional capacity is
available for use after configuration of the disk groups. This scale-out approach is most
common and also adds compute capacity to the cluster.
• More storage devices can be added to existing hosts assuming there is room in the server’s
chassis to add these devices. After the storage devices are added, additional disk groups can be
created or existing disk groups reconfigured to use the new devices. This is considered a scale-
up approach.
• Existing storage devices can be replaced with new, higher-capacity devices. Data should be
evacuated from the existing storage devices before replacing them. The evacuation of data is
performed using vSphere maintenance mode. This is also considered a scale-up approach.

Unlike traditional storage solutions, vSAN enables a “just-in-time” provisioning model. Storage and
compute capacity can be quickly provisioned as needed.

How do I monitor the health of a vSAN cluster?

vSAN features a comprehensive health service appropriately called vSAN Health that actively tests and
monitors many items such as hardware compatibility, verification of storage device controllers,
controller queue depth, and environmental checks for all-flash and hybrid vSAN configurations. vSAN
Health examines network connectivity and throughput, disk and cluster health, and capacity
consumption. Proactive monitoring and alerting in vSAN Health helps ensure the environment is
optimally configured and functioning properly for the highest levels of performance and availability.

Customers enabling the Customer Experience Improvement Program (CEIP) feature with vSAN 6.6
receive additional benefits through online health checks. These checks will be dynamically updated
from VMware’s online system as new issues are identified, knowledge base articles are created, and
new best practices are discovered.

17

Copyright © 2018 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

Is it possible to manage vSAN using a command

line interface (CLI)?
Yes, vSAN can be monitored and managed with PowerCLI and ESXCLI. There are also SDKs for popular
programming languages that can be used with vSAN. Details and sample code can be found on
VMware {code}

What vSphere maintenance mode option should I

use?
When a host that is part of a vSAN cluster is put into maintenance mode, the administrator is given
three options concerning the data (vSAN components) on the local storage devices of that host. The
option selected has a bearing on a couple of factors: The level of availability maintained for the objects
with components on the host and the amount of time it will take for the host to enter maintenance
mode. The options are:

• Ensure accessibility (default)

• Full data migration
• No data migration

Details on how data is handled are provided in the vSAN documentation. In summary, the default
option, “Ensure accessibility," is used when the host will be offline for a shorter period of time. For
example, during maintenance such as a firmware upgrade or adding memory to a host. “Full data
migration” is typically appropriate for longer periods (hours or days) of planned downtime or the host
is being permanently removed from the cluster. "No data migration" commonly allows the host to
enter maintenance mode in the shortest amount of time. However, any objects with “Primary Level of
Failures to Tolerate” (PFTT) set to zero with components on the host going into maintenance mode are
inaccessible until the host is back online.

How does vSAN report impact to a cluster when

putting a host into maintenance mode?
vSAN 6.6 reports the amount of data that must be moved, which depends on the maintenance mode
option selected. It verifies there is sufficient capacity in the cluster for the amount of data that will be
migrated. The number of objects with reduced redundancy is also reported for the “Ensure Data
Accessibility” and “No Data Evacuation” options. This helps administrators better understand the
impact Versions of vSAN prior to 6.6 do not report this information.

Note : As mentioned above, recent versions of vSAN take into account capacity when reporting cluster
impact. It does not factor in the number of fault domains. Entering host maintenance mode with the
"Full data migration" option will fail if there is an insufficient number of fault domains available to
satisfy storage policies (after a host enters maintenance mode).

18

Copyright © 2018 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

Is it possible to migrate a vSAN hybrid

configuration to an all-flash configuration?
Yes, a vSAN hybrid configuration can be migrated to an all-flash configuration. The details of this
process are discussed in the vSAN Operations Guide .

Can a standard vSAN cluster be converted to a

vSAN stretched cluster?
Yes, it is easy to convert a standard (non-stretched) vSAN cluster to a stretched cluster. This is
performed in the “Fault Domains & Stretched Cluster” section of the vSAN UI. More details can be
found in the vSAN Stretched Cluster Guide .

How do I upgrade vCenter Server for a cluster

where vSAN is enabled?
Upgrading vCenter Server in a vSAN environment is similar to any other vSphere environment. Follow
the process discussed in the vSphere Upgrade Guide, which can be found in VMware Documentation .

Recommendation : Read the vSphere Upgrade Guide and product release notes prior to performing an
upgrade.

What is the "vCenter state is authoritative" health

check?
This check verifies that all hosts in the vSAN cluster are using a vCenter Server as the source of truth
for the cluster configuration. This includes the vSAN cluster membership list. During normal operation,
vCenter Server publishes the latest host membership list and updates the configuration for all hosts in
the cluster. This health check reports an error if vCenter Server configuration is not synchronized with
a member host, and is no longer accepted as the source of truth. See this VMware Knowledge Base
article for more information: vSAN Health Service - Cluster health – vCenter state is authoritative
(2150916)

What does “Allow Reduced Redundancy” do when

enabling or disabling deduplication and
compression or encryption?
When deduplication and compression or encryption are enabled or disabled, vSAN performs a rolling
reformat of each disk group. All data on a disk group must be evacuated to other disk groups in the
cluster before the reformat process can proceed.

19

Copyright © 2018 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

By default, vSAN will ensure data is compliant with storage policies during the operation. If there is not
enough free capacity in other disk groups, the operation will fail. Clicking “Allow Reduced
Redundancy” when enabling deduplication and compression or encryption allows vSAN to reduce the
number of copies of data temporarily, if needed, to complete the requested operation.

“Allow Reduced Redundancy” is more commonly required in small vSAN clusters such as three or four
hosts with one disk group each. This option might also be required if the free capacity in the cluster is
low.

Does data need to be migrated or “rehydrated”

when adding a disk to a disk group with
deduplication and compression enabled?
vSAN does not migrate or “rehydrate” deduplicated and compressed data when a disk is added to a
disk group. The configuration change takes only a few mouse clicks in the vSAN UI and the additional
capacity is available immediately for use. This makes it very easy to incremental add capacity to a
vSAN cluster with no disruption.

Is there integration with VMware vSphere Update

Manager?
vSAN 6.6.1 and newer versions include integration with vSphere Update Manager. vSphere Update
Manager generates automated build recommendations for vSAN clusters. Information in the VMware
Compatibility Guide and vSAN Release Catalog is combined with information about the currently
installed ESXi release. The vSAN Release Catalog maintains information about available releases,
preference order for releases, and critical patches needed for each release. It is hosted on the VMware
Cloud. When a new, compatible update becomes available, a notification is proactively displayed in
vSAN Health. This eliminates the manual effort of researching and correlating information from
various sources to determine the best release for an environment.

The upgrade process is automated. Simply use the Remediate option in vSphere Update Manager to
perform a rolling upgrade of the cluster. vSphere Update Manager migrates virtual machines from the
host being upgraded to other hosts in the cluster with no downtime.

What is the easiest method to perform storage

controller firmware updates?
While this is a manual process in vSAN 6.5 and previous versions, vSAN 6.6 includes a hardware
lifecycle management component. Firmware upgrades to storage controllers can be initiated by a
single click and orchestrated across the entire cluster. This eliminates the need for hardware vendor-
specific tools. Automatic downloads and notifications reduce management overhead and lower the

20

Copyright © 2018 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

risk associated with manual processes. The software can also be downloaded from an OEM website for
offline use.

Does vSAN support NFS and SMB protocols?

While vSAN does not offer this functionality natively, there are a number of third-party solutions that
enable vSAN storage to be consumed using SMB and NFS protocols. These are commonly virtual
appliances deployed to a vSAN datastore. An example of this is Dell EMC Unity VSA .

Note : CIFS is a dialect of SMB.

1.7 Hardware

Where can I find the vSAN hardware compatibility

list (HCL)?
It is part of the VMware Compatibility Guide - here is the link: VMware Compatibility Guide for vSAN

Recommendation: Only use hardware that is found in the VMware Compatibility Guide (VCG). Use of
hardware not listed in the VCG can lead to undesirable results.

Where can find details about what can and can’t be

changed in a vSAN ReadyNode?
Refer following KB for details: What You Can (and Cannot) Change in a vSAN ReadyNode™ (52084)

Where can I find guidance on vSphere boot devices

for hosts in a vSAN cluster?
See these blog articles:

vSAN Considerations When Booting from a Flash Device

M.2 SSD as Boot Device for vSAN

What are the guidelines for sizing the cache tier in

an all-flash vSAN configuration?
Refer to the vSAN Design and Sizing Guide . Also, see this blog article for details: Designing vSAN Disk
groups – All Flash Cache Ratio Update

21

Copyright © 2018 VMware, Inc. All rights reserved.

 vSAN Frequently Asked Questions (FAQ)

I see my firmware and driver version is higher than

what is listed in the VMware Compatibility Guide
for vSAN. Am I supported by default for higher
version?
It depends on which components we are referring to. For IO controller, we need exact same version as
listed in vSAN HCL to provide support. For disk drives, there is a minimum version for each family and
as long as it is higher than what is listed in that family, we support it. This is decided and updated after
discussion with OEM partner.

Where can I find vSAN ReadyNode configurations

for Intel Skylake and AMD EPYC processor
families?
In the VMware Compatibility Guide for vSAN under the “vSAN ReadyNode Generation” section,
choose “Gen3 – Xeon Scalable” for Intel Skylake and “Gen3-AMD-EPYC”.

Are there "cookbooks" that cover new platforms

certified for vSAN?
We work with our OEM closely to create configuration and deployment guidance for some vSAN
platforms. Here is the current list:

HPE Apollo 2000

22

Copyright © 2018 VMware, Inc. All rights reserved.