04 - Vce 1CN Vxrailam PDF
04 - Vce 1CN Vxrailam PDF
04 - Vce 1CN Vxrailam PDF
Deduplication and compression can be enabled for all flash VxRail systems, disabled by default.
vSAN data-at-rest encryption is disabled by default. Encryption requires an external vCenter Server and
an external key management system. Integrates with all KMIP-compliant key management technologies.
LZ4 compression is applied after the blocks are deduplicated and before being written to SSD. If the
compression results in a block size of 2 KB or less, the compressed version of the block is persistently
saved on SSD. If the compression does not result in a block size of less than 2 KB, the full 4 KB block is
written to SSD.
Almost all workloads benefit some from deduplication. However typical virtual-server workloads with highly
redundant data such as full-clone virtual desktops or homogenous-server operating systems benefit most.
Compression provides further data reduction. Text, bitmap, and program files are very compressible, and
2:1 is often possible. Other data types that are already compressed, such as certain graphics formats and
video files or encrypted files, may yield little or no reduction.
Deduplication and compression are enabled together at the cluster level. The process reformats the disk
groups. vSAN evacuates data from an existing disk group, removes, and recreates it with a new format.
Enabling deduplication and compression at initial setup is recommended to avoid the overhead and
potential performance impact of having to deduplicate and compress existing data.
To enable deduplication and compression, click the Edit button in the vSAN General window. Check the
Deduplication and Compression box, optionally check the Allow Reduced Redundancy box and then Click
OK. The Allow Reduced Redundancy box can be used during the enable process on a vSAN with limited
resources. For example, a three node cluster with FTT set to 1 does not have the resources to evacuate
data for the disk group reformat. The allow reduced redundancy option keeps the VMs running, but the
VMs might be unable to tolerate the defined failure level. Temporarily during the format change, the VMs
might be at risk of data loss. vSAN restores full compliance after the format conversion is complete.
vSAN encryption requires a Key Management Interoperability Protocol (KMIP) compliant Key
Management System (KMS). Per storagehub.vmware.com nearly all KMIP-compliant KMS vendors are
compatible, with specific testing completed for vendors such as HyTrust®, Gemalto®, Thales e-Security®,
CloudLink®, and Vormetric®.
VxRail deployments currently require an external vCenter Server to enable and use vSAN encryption. To
enable vSAN encryption, click the Edit button in the vSAN General window. Check the Encryption box,
optionally check the Erase disks before use box and specify the KMS cluster. Click OK to enable
encryption. When enabling encryption, vSAN performs a rolling reformat of every disk group in the cluster.
The best practice is to enable encryption on the vSAN datastore after VxRail first build.
vSAN encryption is data-at-rest encryption for the whole vSAN datastore. Supports deduplication and
compression, thus providing space savings benefits compared to vSphere encryption.
The vSAN performance service includes statistical charts used to monitor IOPS, throughput, latency, and
congestion. The performance service is disabled by default. Turn on the vSAN performance service to
monitor the performance of a vSAN cluster, host, disk group, disk, and VMs. The vSAN performance
service stores the statistical data in a Stats database object in the vSAN datastore. The Stats database
requires a storage policy.
To manage vSAN health and performance services, select the VxRail cluster, select the Configure tab,
select vSAN, and then select Health and Performance. To change the health check time interval or to turn
off/on the periodic health check, click the health service Edit settings button.
To turn on the performance service, click the performance service Edit settings button. The vSAN default
storage policy is adequate for the Stats database. Make sure that the vSAN cluster is properly configured
and has no unresolved health problems before the performance service is turned on.
Do not use the vSAN configuration assist and updates features to modify the VxRail vSAN configuration.
The VxRail vSAN cluster is automatically configured during the initial setup of VxRail. Enabling vSAN
automatically configures and registers a vSAN storage provider for each host in the cluster. The vSAN
storage providers report a set of underlying storage capabilities to vCenter Server. They also
communicate with the vSAN layer to report the storage requirements of the virtual machines.
To view storage providers in the vSphere Web Client, select the vCenter server under hosts and clusters.
Then select the Configure tab and select Storage Providers. The storage providers for vSAN appear on
the list. Each host has a vSAN storage provider, but only one storage provider is active. Storage providers
that belong to other hosts are in standby. If the host that currently has the active storage provider fails, the
storage provider for another host becomes active.
FTT is the number of failures the cluster should be designed to tolerate before data loss occurs. FTT=1,
and FTM = RAID-1 are the default settings. FTM is the failure tolerance method, either RAID-1 (Mirroring)
or RAID-5/6 (Erasure Coding). Mirroring can accommodate an FTT setting of 1–3. If FTM is set to
mirroring, then for N failures tolerated, N+1 copies of the object are created. Mirroring requires witness
components, the number of witnesses is equal to the FTT setting. Hence 2N+1 hosts contributing storage
are required. The witness components serve as tiebreakers when availability decisions are made in the
vSAN cluster. Erasure coding can only accommodate FTT=1 (RAID-5) or FTT=2 (RAID-6). Erasure
coding does not require a witness disk stripe per object.
Object space reservation is the percentage of the logical sized of the virtual machine disk object that must
be reserved when deploying virtual machines. The default is 0% – thin provisioned. A setting of 100% fully
provisions storage for the VM. Set the value to 0 or 100 if using RAID-5/6 with deduplication and
compression.
Number of disk stripes per object – default value is 1 – minimum number of drives across which each
replica of an object is striped. The recommendation is to leave the value at 1.
Other vSAN storage policy rules are available. Refer to the Administering VMware vSAN manual for a
complete listing of rules and descriptions.
The initial setup of VxRail creates two VxRail vSAN storage policies in addition to the default vSAN
storage policy as shown in the graphic. Do not delete the VxRail vSAN storage policies.
The VxRail system VMs use VXRAIL-SYSTEM-STORAGE-PROFILE which guarantees 100% object
space reservation with FTT set to 1. Thus in effect the VxRail system VMs have RAID-1 protection with
guaranteed storage.
VXRAIL-STORAGE-PROFILE has number of failures to tolerate set to 1, this policy is available for use by
any VMs deployed on the VxRail cluster. This policy is equivalent to the default vSAN storage policy.
The two VxRail policies and the default vSAN policy tolerate only one failure with RAID-1 fault tolerance.
Customers with all flash VxRail systems may want to use RAID-5/6 erasure coding. Other customers may
have mission critical applications requiring tolerance of two failures with RAID-1 mirroring. One can create
storage policies to match the required tolerance levels. The vSAN cluster should have the minimum
number of nodes to be compatible. We discuss the creation of a new storage policy next.
To create a VM storage policy, click Create VM Storage Policy. Select the vCenter Server, give the policy
a name, and optionally enter a description. Click Next.
In this example two rules have been defined for the vSAN storage policy:
• Primary level of failures to tolerate – 1
Failure tolerance method – RAID 5/6 (Erasure Coding)
• This combination of FTT and FTM is equivalent to RAID-5. A 100 GB virtual disk would consume
133.33 GB of storage space.
• Click Next.
Click Finish. The new policy is listed in the VM Storage Policies view. Even though the policy was created,
in this specific example the RAID-5 policy cannot be used.
Click Finish. The new policy is listed in the VM Storage Policies view. The new policy can be used as
needed – when deploying new VMs or on existing VMs.
The example shows the VxRail vSAN storage policy that is applied to all the VxRail system VMs. In the
VMs and Virtual Disks tab all the VMs and virtual disks that the policy applies to are listed. The
compliance status is also listed. The Storage Compatibility tab lists the compatible vSAN datastores. The
VxRail vSAN datastore is shown as a compatible datastore in this example.
You can use vSAN health checks to monitor the status of cluster components, diagnose issues, and
troubleshoot problems. The health checks present hardware compatibility, network configuration and
operation, advanced vSAN configuration options, storage device health, and virtual machine objects. The
vSAN health checks are divided into categories. Each category contains individual health checks. Drill into
each category to see the individual tests.
VMware Update Manager (VUM) is fully integrated into the VMware vCenter Server Appliance, however
VUM should never be used for updates in a VxRail cluster. VxRail Manager should be used for all
updates.
Customers may choose to participate in the VMware Customer Experience Improvement Program to
enable vSAN online health checks. Online health checks can monitor the vSAN cluster health and send to
the data to VMware’s analytics backend system for advanced analysis.
The Capacity Overview displays the storage capacity of the vSAN datastore, including used space, free
space, and vSAN overhead.
The Used Capacity Breakdown displays the percentage of capacity used by different object types or data
types. Object types – lists information about various objects – virtual disks, VM home objects, swap
objects, and so on. Object types also include file system overhead and checksum overhead. Data types –
displays the percentage of capacity used by primary VM data, vSAN overhead, and temporary overhead.
On all flash systems with deduplication and compression enabled, the Deduplication and Compression
Overview displays the space savings data.
Expand a VM, then select an object like one of the virtual disks and click the Physical Disk Placement tab.
The physical disk placement tab shows device information, such as name, identifier or UUID, and so on.
The distribution of the vSAN components is also shown. The example on the screen shows the physical
disk placement for Hard Disk 1 on the VxRail Manager VM. We see the placement of the witness and two
data components.
The Compliance Failures tab displays the VM storage policy compliance failures associated with a specific
object.
Expand each host to see the listing of vSAN disks. For each disk, the view displays the total capacity,
used capacity, reserved capacity, functional status, and disk group information. Selecting a specific
capacity disk displays the vSAN objects stored on that disk.
When a hardware device, host, or network fails, or if a host is placed into maintenance mode, vSAN
initiates resynchronization in the vSAN cluster. The view shows the number of vSAN components
currently being synchronized. The bytes left to resynchronize, and the time estimated remaining for the
objects to comply with the assigned storage policy are also shown.
The Resynch Throttling button allows one to reduce the bandwidth used to perform resynchronization on
disk groups in the vSAN cluster. Resynchronization throttling is a cluster-wide setting, and it is applied on
a per disk group basis. Consider resynchronization throttling only if latencies are rising in the cluster due
to resynchronization, or if resynchronization traffic is too high on a host. Resynchronization throttling can
increase the time required to complete resynchronization. Reprotection of noncompliant VMs might be
delayed.
To view the VM consumption charts, select vSAN – Virtual Machine Consumption. vSAN displays
performance charts for clients running on the cluster, including IOPS, throughput, latency, congestions,
and outstanding IO. The statistics on these charts are aggregated from the hosts within the cluster.
At the host level, you can view detailed statistical charts for virtual machine consumption and the vSAN
back end, including IOPS, throughput, latency, and congestion. One can also view statistical charts for
disk groups, disks, physical adapters, and VMkernel adapters.
vSAN displays performance charts for the VM, including IOPS, throughput, and latency. Performance
charts for virtual disks include IOPS, delayed normalized IOPS, virtual SCSI IOPS, virtual SCSI
throughput, and virtual SCSI latency.
The default alarms are automatically triggered when relevant events are activated or if conditions specified
in the alarms are met. To view the triggered alarms, select Triggered Alarms.
The number of failures to tolerate (FTT) policy for the cluster depends on the number of failures a virtual
machine is provisioned to tolerate. For example, a virtual machine is configured with FTT = 1 and using
fault domains. vSAN can tolerate a single failure of any kind and of any component in a fault domain,
including the failure of the rack. Fault domains ensure that protection objects, such as replicas and
witnesses, are placed in different fault domains.
A minimum of three fault domains are required. For best results, configure four or more fault domains in
the cluster. A cluster with three fault domains has the same restrictions as a three host cluster.
The vSAN cluster in the graphic consists of eight nodes esxi-01 through esxi-08. Four fault domains FD1,
FD2, FD3, FD4 have been defined. Each fault domain has two nodes. The storage policy has FTT set to
1, and FTM set to RAID-1. The vSAN components are spread over three fault domains.
Provide enough fault domains to satisfy the number of failures to tolerate. If possible, dedicate one fault
domain of free capacity for rebuilding data after a failure. Three fault domains do not support certain data
evacuation modes, and vSAN is unable to reprotect data after a failure.
Assign the same number of nodes to each fault domain. Use hosts that have uniform configuration.
If fault domains are enabled, vSAN applies the active virtual machine storage policy to the fault domains
instead of the individual hosts. If a host is not a member of a fault domain, vSAN interprets it as a stand-
alone fault domain.
A vSAN data migration option must be specified when placing a host into maintenance mode.
• Evacuate all data to other hosts – vSAN evacuates all data to the other hosts in the cluster,
maintains, or fixes availability compliance for affected components. Sufficient resources must exist
on the other hosts. This option is typically used when removing a node permanently. This option
results in the largest amount of data transfer and consumes the most time and resources.
• Ensure data accessibility from other hosts – The default option. vSAN only migrates the
components that are essential for running the VMs. The availability of VMs is affected if there is a
failure. The ensure data accessibility option does not reprotect data during failure and one might
experience unexpected data loss. Typically used when taking a host out of the cluster temporarily.
• No data evacuation – vSAN does not evacuate any data from the host. Typically used when shutting
down the entire cluster.
Keep the following considerations in mind when placing a host into maintenance mode:
Number of hosts needed in the cluster to meet the FTT requirement.
Number of capacity drives left on the remaining hosts to handle the stripe width policy requirement.
Is there enough capacity on the remaining hosts to handle the amount of data that must be migrated?
Is there enough flash cache capacity on the remaining hosts to handle any flash read cache reservations?
To place a host in maintenance mode, right click on the host, select Maintenance Mode, and then select
Enter Maintenance Mode. A confirmation dialog opens. We discuss the confirmation dialog next.
Evacuate all data to other objects – Shows if sufficient capacity is available on the other hosts and the
amount to data to be moved.
Ensure data accessibility from other hosts and No data evacuation both show the number of objects that
become noncompliant.
Click the See full results link, for the full list of noncompliant objects. Close the precheck window. Click OK
to place the host into maintenance mode.