Understanding the vSAN Witness Host

To have a better understand of vSAN Witness feature, first we need to have a look on how vSAN take care of data and VMs. As we already know, vSAN is an object datastore with a mostly flat hierarchy of objects and containers (folders). Items that make up a virtual machine are represented by objects. These are the most prevalent object types you will find on a vSAN datastore:

  • VM Home, which contains virtual machine configuration files and logs, e.g., VMX file
    • Virtual machine swap
    • Virtual disk (VMDK)
    • Delta disk (snapshot)
    • Performance database

Each object consists of one or more components. The number of components that make up an object depends primarily on a couple things: The size of the objects and the storage policy assigned to the object. The maximum size of a component is 255GB. If an object is larger than 255GB, it is split up into multiple components. vSAN will break down a large component into smaller components in certain cases to help balance capacity consumption across disks, optimize rebuild and resynchronize activities, and improve overall efficiency in the environment.

One of the best features of vSAN to protect data is Stretched Cluster. If you want to understand more, have a look on my previous article.

A vSAN Stretched Cluster provides resiliency against the loss of an entire site. The hosts in a Stretched Cluster are distributed evenly across two sites. The two sites are well-connected from a network perspective with a round trip time (RTT) latency of no more than five milliseconds (5ms). Stretched Cluster solution is based on Fault Domains. Instead of creating a fault domain per rack, now complete sites or data centers are considered to be a fault domain, which allows the administrator to configure a vSAN object across two separate geographical sites. The stretched cluster synchronously replicates between these two sites; if one of these sites should fail, a copy of the data will still be available. vSAN stretched clusters also includes a third witness site that conducts cluster quorum-type services in the event of a failure.


A vSAN Witness Host is placed at a third site to avoid “split-brain” issues if connectivity is lost between the two Stretched Cluster sites. It must be deployed in different host, environment than two sites. It provides quorum for Stretched Clusters may only be located in a tertiary site that is independent of the Preferred and Secondary Stretched Cluster sites. Witness Host does not store virtual machine data such as virtual disks. Only metadata is stored on the vSAN Witness Host. This includes witness components for objects residing on the data sites. Up to 200ms RTT latency is supported between the witness site and data sites.

The witness component arbitrates ownership of the virtual machine resources in the event of a failure. If greater than 50% of the components that make up a virtual machine’s storage object are available, the virtual machine is still accessible. If less than 50% of the virtual machine components are available, then it will no longer be accessible to the vSAN cluster/datastore. So, “witness” objects play a crucial role in ensuring the “greater than 50%” rule is in effect for vSAN component objects and determining virtual machine object ownership in a failure event.

A vSAN Witness Host may be a physical vSphere host, or a VMware provided virtual appliance, which can be easily deployed from an OVA. When using a physical host as a vSAN Witness Host, additional licensing is required, and the host must meet some general configuration requirements. Using the VMware provided vSAN Witness Appliance is generally recommended as a better option for the vSAN Witness Host than using a physical vSphere host. The utilization of a Witness Appliance is relatively low during normal operations. When using a vSAN Witness Appliance as the vSAN Witness Host, it can easily reside on other/existing vSphere infrastructure, with no additional need for licensing.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.