vSAN Encryption – Tales From The Field

Over the past few months I have been working with a variety of customers on either enabling vSAN encryption on existing / scaling vSAN clusters or working with large scale customers enabling it for the first time.

I had a great opportunity to bring stories together into a single presentation with the team at VMware Learning Zone.

I had great fun on this Webinar episode  discussing the vSAN Encryption architecture, touch points and most importantly the day 2 operation considerations of running this technology at scale.

As promised the diagram and mind map I used in the webinar are available below.

vSAN Encryption Process Diagram

vSAN Encryption Mind Map 

VMware Learning Zone Webinar Recording

I have also added the deepdive links I referred to on the webinar for vSAN encryption to my useful vSAN Links page.

vSAN Specialist 2019 exam review, checklist mind map & useful links

As part of my role at VMware,  vSAN is a core focus area of mine.   

I originally completed the vSAN specialist certification at VMworld US in 2017.  Today  I managed to get a chance to take the newly updated 2019 version. 

The 2019 vSAN specialist certification comprises of a single  2 hour  60 multi-choice question exam.  It was a very enjoyable test with a mixture of design, product theory, and operational questioning.  

The style of the exam is similar to a VCP  (In fact it assumes an active VCP-DCV),  It is based on vSAN 6.7 / 6.7U1  and concentrates on the tasks a vSAN admin needs to know to run a production platform.

As shown below in my objective checklist the exam blueprint gives an overview of the areas to concentrate on. 

A good method of study for this exam  would be to take each objective, 

  • Understand the use case from a business perspective (DR, Performance )
  • Review the design decisions from the VMworld videos, or deep dive guide.
  • Practice related operational tasks using a session on the  VMware Hands-on labs.
  • Review the use of the vSAN release notes.  interoperability guide,  HCL.
  • Review vSAN tooling ( Sizing tools, vROps,  Support insight, pro-active alerts).
vSAN Specialist 2019 blueprint study checklist

 I would expect someone who has some real hands-on experience with day to day vSAN tasks and exposure to good infrastructure design could pass this test with some theory study and lab practice.

As an architect, I would recommend anyone who is looking to design or help a team support vSAN to have a go at the certification for validation of skils.  

A list of resources I would recommend reviewing prior to the exam is shown below.

 
 
Recommended VMworld Videos
 
Useful Articles 
Trim/UnMap info1 & info 2 
 
Mind Maps

Design BOMs & my vSAN licensing cheat sheet mind map

One of the important areas of any physical design is to create an appropriate bill of materials (BOM).

Matching infrastructure or software features that meet business requirements is an important skill,  initially for design success, but also in a lot of cases for the impact to the cost of projects at the running phase. 

For example, understanding feature use, scaling factors at different phases of a road map plan and any EULA restrictions (Number, site locality, combination, etc)  are critical to aid operational management.

Over the past few weeks, I have had the pleasure to present a series of “Operationalising vSAN” workshops.   Although not specifically involving licensing, a common question is “What feature, to which vSAN Edition”  & “What are the guidelines”.

Here is my mind map which I have used when discussing the subject.

vSAN Licensing Summary Mind Map

vSAN ROBO vThoughts

Recently  I have had some very interesting conversations on the use of “2 Node” and  “ROBO” with vSAN.   

Where does it fit in the enterprise?  When should a business use this approach etc?

It appears that the use of the terms “ROBO” and “2 Node”  have also become interchangeable with respect to vSAN. 

With the flexibility and features within the vSAN editions, it could be easy to misunderstand the concepts and use cases for this architectural approach and not consider the opportunity that is there for a ROBO deployment.

Based on a variety of workshops and discussions I thought I would highlight;

Some common architectural thoughts for vSAN ROBO.

  • vSAN ROBO is designed for platforms outside of a companies HQ or datacenter.
  • It is not a 2 node only SMB solution,  it is a scalable architecture with can start with 2 nodes running workloads & grow to maximums such as 64 nodes.
  • Using a repeatable design approach in & outside the corporate DC can help simplify storage needs, cost, time  &  operational management.
  • From an architecture perspective, 2 nodes can be used with any vSAN version,  while ROBO is a licensing approach with flexible deployment configurations based upon the number of VMs rather than sockets.
  • It is possible to expand a 2 node platform to a larger platform without an outage.
  • A 25 VM limit is based on powered on VMs and can be flexibility split between the site / VM number combination (ie 25 VMs across 4 locations) providing some real cost savings but still maintaining enterprise level storage experience.
  • There are different network requirements with ROBO topologies that can potentially make vSAN appropriate to provide availability, security, and automation for applications which have to run locally with localized constraints and limited IT.

To aid discussions  I have created a summary mindmap on the subject and listed some useful links below for more information.

vSAN ROBO Architecture Thoughts Mind Map

 

Useful Links 
ROBO  Solution Information
https://www.vmware.com/files/pdf/products/vsan/vmware-vsan-robo-solution-overview.pdf
Overview of vSAN 2 Node  
https://cormachogan.com/2017/03/10/2-node-vsan-topologies-review/
Licensing Documentation 
https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/vsan/vmware-vsan-67-licensing-guide.pdf
vSAN Witness Placement discussion  
http://www.yellow-bricks.com/2016/09/20/running-vsan-witness-2-node-cluster-2-node-cluster/
VVD - 2 Node ROBO Documentation  
https://docs.vmware.com/en/VMware-Validated-Design/4.0/com.vmware.vvd.sddc-robo-design.doc/GUID-36BE6218-F11F-412A-B76B-1E9B4AE3535A.html
2 Node Common Config Questions 
https://storagehub.vmware.com/t/vmware-vsan/vmware-r-vsan-tm-network-design/2-node-vsan-deployments-common-config-questions/
2 Node Direct Connect & WTS 
https://storagehub.vmware.com/t/vmware-vsan/vsan-6-6-proof-of-concept-guide/2-node-direct-connect/
Stretched Cluster 2 Node DR Scenarios 
https://storagehub.vmware.com/t/vmware-vsan/vsan-6-7-proof-of-concept-guide/vsan-stretched-cluster-and-2-node-without-wts-failover-scenarios/
Scaling 2-node VSAN (ROBO) to a 3-node or more 
https://blogs.vmware.com/virtualblocks/2016/02/26/scaling-2-node-vsan-robo-to-a-3-node-or-more/
Demo Video - Converting from 2 node to 3 node cluster 
https://www.youtube.com/watch?v=C3-RDxBprfc
Blog post : Scaling ROBO 
https://blogs.vmware.com/virtualblocks/2019/02/25/vsan-robo/
VMworld Video - Deploying vSAN to 300 Stores in 2 Weeks: An Automation Story
https://videos.vmworld.com/global/2018/videoplayer/26347

Read locality information
https://blogs.vmware.com/virtualblocks/2016/04/18/2node-read-locality/

WWKO Tech Summit 2019 & Operationalising HCI Mind Map

I recently had the opportunity to spend several days with my VMware colleagues in Las Vegas for the World Wide Kick Off & Tech Summit.

This was an awesome event, providing time to understand new technology and also to meet/ discuss the year ahead with my wider team.

I had the pleasure to present at the Tech Summit myself on “Operationalising HCI”, I discussed the impact of HCI,  how design choices, risk mitigation, and standard operating procedures link together.

As promised in my presentation the full mindmap I created has been posted here.