VMware vSAN 6.1 introduces for a first time a new feature called VMware Virtual SAN Stretched Cluster. vSAN Stretched Cluster is a specific configuration implemented in environments where disaster/downtime avoidance is a key requirement. vSAN Stretched Clusters provide resiliency against the loss of an entire site. vSAN is integrated tightly with vSphere Availability (HA). If a site goes offline unexpectedly, vSphere HA will automatically restart the virtual machines affected by the outage at the other site with no data loss. vSAN stretched clusters are also beneficial in planned downtime and disaster avoidance situations. Virtual machines at one site can be migrated to the other site with VMware vMotion.
The vSAN Stretched Cluster solution is based on Fault Domains. Instead of creating a fault domain per rack, now complete sites or data centers are considered to be a fault domain, which allows the administrator to configure a vSAN object across two separate geographical sites. The stretched cluster synchronously replicates between these two sites; if one of these sites should fail, a copy of the data will still be available. vSAN stretched clusters also includes a third witness site that conducts cluster quorum-type services in the event of a failure.
In order to get implementing vSAN Stretched Cluster you need to get in place some requirements.
- A Witness host
- RTT (Round Trip Time) between sites hosting virtual machine objects should not be greater than 5 msec.
- A 10Gbps network connection is recommended
- vSAN 6.1 or higher
- Layer 2 inter-host connectivity for vSAN (Layer 3 supported)
- vSAN traffic on dedicated VMkernel interface
- vSAN Enterprise License
The witness is a VM appliance running ESXi that is configured specifically for use with a vSAN stretched cluster. Its purpose is to enable the cluster to achieve quorum when one
of the two main data sites is offline. The witness also acts as “tie-breaker”. The witness does not store virtual machine data such as virtual disks. Only metadata such as witness
components is stored on the witness.
The minimum number of hosts in a vSAN Stretched Cluster is 3. The nomenclature for such a configuration is 1+1+1. The maximum number of hosts that can be in vSAN Stretched Cluster is 31. Site 1 contains ESXi 15 hosts, site 2 contains 15 ESXi hosts, and the witness host on the third site makes 31.
Each host in a vSAN cluster is an implicit fault domain. Stretched Cluster use this feature or configuration in order to implement the solution. A fault domain usually
refers to a group of servers, storage, and/or networking components. So in the case of vSAN Stretched Clusters, vSAN collects all the host in each site into a single entity called “Fault Domain” and all the decisions are made based on that fault domains as one unit.
A stretched cluster requires three fault domains: the preferred site, the secondary site, and a witness host. Each fault domain represents a separate site. When the witness host fails or enters maintenance mode, vSAN considers it a site failure.
Local failure protection within a vSAN stretched cluster further improves the resiliency of the cluster to minimize unplanned downtime. This feature also reduces or eliminates cross-site traffic in cases where components need to be resynchronized or rebuilt. This is configured and managed through a storage policy in the vSphere Web Client.
In vSAN 6.6 and later releases, we can provide an extra level of local fault protection for virtual machine objects in stretched clusters. When you configure a stretched cluster, the following policy rules are available for objects in the cluster:
– Primary level of failures to tolerate (PFTT). For stretched clusters, PFTT defines the number of host and device failures that a virtual machine can tolerate across the two sites. Only a value of 0 or 1 is supported.
– Secondary level of failures to tolerate (SFTT). For stretched clusters, SFTT defines the number of host and object failures that a virtual machine object can tolerate within a single site. The default value is 0, and the maximum value is 3.
– Affinity. This rule is available only if PFTT = 0. You can set the Affinity rule to None, Preferred, or Secondary. This rule enables you to restrict virtual machine objects to a selected site in the stretched cluster. The default value is None.
– Failure tolerance method (FTM) which specifies whether the data replication method optimizes for Performance or Capacity. There are different FTM to choose for an vSAN object, 3 different RAID types that vSAN supports: RAID 1, 5 and 6. RAID-5/6 is also called Erasure Coding.
For more detailed information about storage policies have a look on my previous article Understanding vSAN Storage Policies.
So everytime vSAN does a write locally on VM disk, it automatically goes on both sites and make a write to that vmdk, and both acknowledge that write back. So this means that Recovery Point Objective (RPO) between two sites protected is 0. It means you don’t need any extra software for disaster recovery or synchronization between two sites and storages.
vSAN lowers the total cost of ownership of a stretched cluster solution as there is no need to purchase additional hardware or software to achieve this level of resiliency. That’s why HCI systems powered by vSAN are the largest portion of the hyperconverged systems market.