- How to use vRealize Log Insight to retrieve logs from your Windows and Linux servers - Fri, Jul 23 2021
- Analyze basic log output from VMware vSphere 7 products - Wed, Jul 21 2021
- Analyze drmdump files with VMware DRS Dump Insight - Fri, Jul 9 2021
- What's new in VMware vSAN 7 U1?
- New vSAN file services
- Secure Disk Wipe after drive decommission
- Maintenance mode improvements
- Secure data in transit encryption (secure over-the-wire)
- vSAN 7 U1 shared witness
- Faster restart of vSAN hosts
- Simplified configuration with routed vSAN topologies
- Precheck enhancements
- Final words
vSAN has become an important storage pillar for Kubernetes and the Tanzu platform. While there is no need to have vSAN for Tanzu, it's strongly recommended as vSAN can, for example, benefit from the new volume health functionality that can be exposed to third-party plugins.
vSphere with Tanzu and Kubernetes clusters can be deployed easier and faster in enterprise environments because vSAN is able to reduce raw storage overhead for cloud native stateful apps. vSAN is also able to extend volumes in Tanzu Kubernetes Grid (TKG) clusters.
What's new in VMware vSAN 7 U1? ^
In previous releases of vSAN, compression and deduplication were offered together. It wasn't one or the other, but both together. In this release, you'll be able to choose between compression alone or compression and deduplication together. Those space-efficiency techniques are here to save some precious vSAN storage by effectively deduplicating and (or) deduplicating and compressing the data.
VMware has always recommended maintaining 20% of space free on vSAN. However, in vSAN 7 U1, things are variable. You will have two storage reserves, one of which will be used for operations and the other for host rebuild. Basically, the storage requirements are reduced when new hosts are added to the cluster.
For now, we only have this screenshot from VMware as the product isn't widely available just yet. You can see that we have a new UI that enables us to view and configure the reserved capacity for Operation reserve (operational tasks) or for Host rebuild reserve (failures).
VMware showed an example of a 12-node cluster where there was an 18% need for free space to be kept free, while for the 24-node cluster it was only 14%. A significant space reduction for larger clusters, indeed. So, if you activate compression only, you'll increase usable capacity.
New vSAN file services ^
vSAN file services now support SMB protocol versions 2.1 and 3. In previous releases, vSAN file services were only capable of SMB v2.1. NFS support was added in VSAN 7, where NFS v3 and v4.1 are fully supported.
The deployment process remains the same. vSAN 7 Update 1 has the ability to create SMB shares with Active Directory support, and this share is created directly and natively in vSAN without the need for a file server.
You can now configure up to 32 hosts per cluster participating in vSAN file services.
Secure Disk Wipe after drive decommission ^
This feature allows you to wipe one or more disk devices in-parallel when replacing them. It uses PowerCLI or an API call for execution. Secure erasing is compliant with NIST standards and can be used for any type of Flash storage (NVMe, SATA, or SAS). This release supports this feature for Dell and HPE storage only. Future releases will add more vendors to the list.
Maintenance mode improvements ^
When you put a host in maintenance mode, there is an "Ensure Accessibility" option. If another host fails and this host has the data of the VMs to operate, the data are moved elsewhere to ensure no VMs fail.
The new feature is able to capture data writes to another host, which are merged to the original host when it comes back out of maintenance mode. This allows faster rebuilds of vSAN by maintaining the latest data redundantly in the event of an unplanned outage during planned maintenance.
Secure data in transit encryption (secure over-the-wire) ^
vSAN 7 U1 includes an internal encryption mechanism that enables encrypting data without an external KMS server.
With this feature, which is enabled independently or together with data-at-rest encryption, you can make sure that data and metadata are encrypted.
It uses the FIPS 140-2 validated VMware VMkernel cryptographic module. The keys are managed internally (no external KMS are required for this).
vSAN 7 U1 shared witness ^
As you know, 2-Node vSAN deployments need a third host, called a witness. The witness is usually deployed from an OVF file as an appliance for each 2-Node cluster. In this release, you can have one witness shared for multiple 2-Node clusters, which definitely saves resources.
The witness does not host any VMs, but only the bits that are used in the event of a split-brain scenario. There are some limitations, but they are quite wide as a single-witness host appliance can be shared among 64 2-Node vSAN clusters.
Usually, 2-Node witness clusters are used for remote Office deployments. The architecture with a shared witness looks like this:
Faster restart of vSAN hosts ^
Restart times were improved with the new save and restore workflow, where in-memory metadata are saved to disk before a normal restart operation. When the host restarts, the data are read from disk instead of being rebuilt from scratch.
Simplified configuration with routed vSAN topologies ^
When deploying vSAN, there are two types of network traffic to deal with: VM traffic and witness traffic. A VMkernel adapter with a proper IP configuration and different default gateway can now be assigned via the user interface (UI), where previously command line interface (CLI) commands had to be used.
For multi-cluster architectures, this allows you to quickly identify and correct misconfigurations because you can view the current configuration through the UI and easily override the default gateway configuration. This simplifies deployments for routed topologies or greenfield builds and cluster transitions.
Precheck enhancements ^
With vSphere 6.7 U3, VMware offered precheck simulations for disks and disk groups. The v7 U1 includes additional information with the precheck reporting for common administration tasks, such as disks or disk groups. You can see the object compliance, cluster capacity, and predicted health.
Subscribe to 4sysops newsletter!
Final words ^
Another very large VMware vSAN 7 U1 announcement. VMware improves with every release. While several years ago, many people were saying that hyper-converged infrastructures (HCI) from VMware were behind its competitors, the latest reports from IDC show VMware leading with 41% of the market share. This is more than the next two competitors combined. vSAN is a solid product that grows more robust and reliable with every release.