VMware vSAN is a leading software defined storage solution on the market today. Simple yet powerful, vSAN offers intelligent hyperconverged storage architecture that facilitates complete utilization of compute and storage resources, delivering them through a virtual common platform. This structural design not only initiates transformational change in how you host data, but also powers the leading hyperconverged infrastructure solutions today that is transforming data centers across the globe.
When it comes to the processes of cluster configurations, configuring a 2-node direct connect vSAN cluster takes all of about six clicks. With that being said, it is important to make sure that the underlying infrastructure is properly configured before following through with those six clicks. In this blog post we will talk about deploying the witness appliance, configuring Witness Traffic Separation, and configuring static routes between the data node network and the witness network.
Step 1: Deploying Witness Appliance
Deploying the Witness appliance is as easy as deploying an OVA. Right-click the cluster (or host if you do not have DRS enabled) and click Deploy OVF Template. Follow the wizard to complete the OVA deployment. Now that you have the OVA deployed we will need to configure the appliance. Open a console session to the newly created VM. Lo and behold, it looks just like the DCUI of an ESXi host. Press F2 to login to the interface and navigate to Configure Management Network. Add your Management IP address, Subnet, Gateway, and DNS information as you would any other ESXi host. We will now use this information to add a nested ESXi host to a Datacenter.
Step 2: Add and Identify Host
Now that the appliance OVA has been deployed and configured, create a Datacenter Object and a new cluster object within the Datacenter object you just created. Right-click the cluster object you created and select Add Host. Provide the FQDN of the VM you just deployed and provide the login credentials you used during the OVF deployment. When vCenter adds the host, notice how the host appears a light blue color as opposed to the typical grey color. This makes it easier to identify the nested ESXi host as a witness.
Witness Traffic Separation, or WTS, allows you to tag an alternate VMkernel for traffic destined for the Witness host from a directly connected vSAN tagged VMkernel. It is important to note that you cannot tag witness traffic via the web client. You must open a SSH session to each of the data nodes in the cluster and configure the witness tag from the command line. This does not get configured on the Witness host; only on the data nodes. You can use a VMkernel that is created specifically for this purpose or use a pre-existing VMkernel. Either way, running the following command will configure tagged witness traffic on the VMkernel:
[esxcli vsan network ip add -i vmkx -T=witness]
Step 3: Configure Static Routes
Configuring static routes is the last piece to allow communication between data nodes and the witness appliance. When initially installing and configuring ESXi, a default TCP/IP stack is created resulting in a single default gateway. Since the vSAN network is isolated from the Management interface, it is necessary to create static routes on both nodes as well as the witness. This must also be configured from the command line. In a direct connect cluster both data nodes should be configured with a static route to reach the witness network while the witness host should be configured with a static route to reach the data node network. Run the following command to add a static route to each node including the witness (make sure you substitute the correct subnets):
[esxcli network ip route ipv4 add –n 192.168.100.0/24 –g 172.10.20.1]
While there are other considerations when designing and deploying a 2-node direct connect vSAN ROBO cluster, making sure that the underlying infrastructure is properly setup will make life much easier when it comes time to six-click your way to a 2-node direct connect vSAN ROBO cluster. Properly deploying the witness appliance, configuring Witness Traffic Separation, and configuring static routes will put you on your way to a successful 2-node direct connect vSAN ROBO cluster. Good luck and happy clustering!
Next Steps: WEI employs a team of vSAN and virtualization experts ready to take on your toughest IT challenges. If you are considering vSAN for your environment check out our white paper, “A 360-Degree View of the Agile VMware vSAN Platform.”
