I posted the Site Maintenance demo, so I figured I would also do a post for the Site Takeover feature. I described those features in a few posts. So make sure to read that if you don’t know what it is about. If you already know, but haven’t seen a demo yet, here you go:
stretched cluster
vSAN 9.0 Site Maintenance Mode demo!
I had a few questions about this, so I figured I would record a quick demo showing Site Maintenance. In the demo, I have a stretched cluster configured in vSAN 9.0, and I am going to place the Preferred Site into maintenance mode. First a pre-check will occur to verify all workloads are replicated between locations, and then the site is placed into maintenance while maintaining data consistency across hosts. Next demo I will record will show the Manual Site Takeover command that was also introduced in 9.0 for OSA, but will be also available soon for ESA.
What do I do after a vSAN Stretched Cluster Site Takeover?
Over the last couple of months, various new vSAN features were announced. Two of those features are around the Stretched Cluster configuration, and have probably been the number 1 feature request for a few years. Now that we have Site Takeover and Site Maintenance functionality available, I am starting to get some questions about the impact of them, and in particular, the Site Takeover functionality is raising some questions.
For those who don’t know what these features are, let me describe them briefly:
Site Maintenance = The ability to place a full vSAN stretched cluster Fault Domain into maintenance mode at once. This ensures that all hosts within the fault domain have consistently stored the data, and all hosts will go into maintenance mode at the same time.
Site Takeover = This provides the ability when a Witness and a Data Site has failed to bring back the remaining site through a command line interface. This will reconstruct the remaining “site local” RAID configuration, making the objects available again, which will then allow vSphere HA to restart the VMs.
Now, the question that the above typically raises is what happens to the Witness and the Data Site that failed when you do the Site Takeover? If you look at the VMs RAID configuration, you will notice that both the Witness and the Data Site components of the sites that failed will completely disappear from the RAID configuration.
But what do you do next, because even after you run the Site Takeover, you still see your hosts and the witness in vCenter Server, and you still see a stretched cluster configuration in the UI. Now at first I thought that if the environment was completely up and running again, you had to go through some manual effort to reconstruct the stretched cluster. Basically, remove the failed hosts, wipe the disks, and recreate the stretched cluster. This is, however, not the case.
In the example above, if the Preferred site and the Witness site return for duty, vSAN will automatically discard the stale components in those previously failed sites. It will recreate new components for all objects, and it will do a full resync of the data.
If you end up in a situation where your hosts are completely gone (let’s say as a result of a fire), then you will have to do some kind of manual cleanup as follows, before you rebuild and add hosts back:
- Remove the failed hosts from the vCenter inventory
- Remove the witness from the vCenter inventory
- Delete the witness from the vCenter Server it is running, a real delete!
- Delete the surviving Fault Domain, this should be the only Fault Domain still listed in the vCenter interface
- You now have a normal cluster again
- Rebuild hosts and recreate the stretched cluster
I hope that helps,
vSAN Stretched Cluster vs Fault Domains in a “campus” setting?
I got this question internally recently: Should we create a vSAN Stretched Cluster configuration or create a vSAN Fault Domains configuration when we have multiple datacenters within close proximity on our campus? In this case, we are talking about less than 1ms latency RTT between buildings, maybe a few hundred meters at most. I think it is a very valid question, and I guess it kind of depends on what you are looking to get out of the infrastructure. I wrote down the pros and cons, and wanted to share those with the rest of the world as well, as it may be useful for some of you out there. If anyone has additional pros and cons, feel free to share those in the comments!
vSAN Stretched Clusters:
- Pro: You can replicate across fault domains AND protect additionally within a fault domain with R1/R5/R6 if required.
- Pro: You can decide whether VMs should be stretched across Fault Domains or not, or just protected within a fault domain/site
- Pro: Requires less than 5MS RTT latency, which is easily achievable in this scenario
- Con/pro: you probably also need to think about DRS/HA groups (VM-to-Host)
- Con: From an operational perspective, it also introduces a witness host, and sites, which may complicate things, and at the various least requires a bit more thinking
- Con: Witness needs to be hosted somewhere
- Con: Limited to 3 Fault Domains (2x data + 1x witness)
- Con: Limited to 20+20+1 configuration
vSAN Fault Domains:
- Pro: No real considerations around VM-to-host rules usually, although you can still use it to ensure certain VMs are spread across buildings
- Pro: No Witness Appliance to manage, update or upgrade. No overhead of running a witness somewhere
- Pro: No design considerations around “dedicated” witness sites and “data site”, each site has the same function
- Pro: Can also be used with more than 3 Fault Domains or Datacenters, so could even be 6 Fault Domains, for instance
- Pro: Theoretically can go up to 64 hosts
- Con: No ability to protect additionally within a fault domain
- Con: No ability to specify that you don’t want to replicate VMs across Fault Domains
- Con/Pro: Requires sub-1ms RTT latency at all times, which is low, but will be achievable in a campus cluster, usually
vSAN Stretched Cluster Site Maintenance Mode, where is it??
I had a question from a customer earlier who wanted to test the vSAN Stretched Cluster functionality that was introduced in 9.0 called Site Maintenance. Yes it is indeed what you would expect it to be, a new feature that allows you to place a whole site into maintenance mode at once. Very useful, but this customer was unable to find the button in the UI. Which, by the way, is not strange, as this capability (along with the Manual Site Takeover) capability is only available through an RPQ request at the moment, and it is also only available for vSAN OSA for now, so keep that in mind when filing an RPQ through your Broadcom/VMware contact! When you get approved, you will be informed on how you can get this functionality enabled, and then it will be added in the UI on the fault domain level as shown in the screenshot below, taken from my 9.0 lab!
