VMware vSAN 7 Update 1 Features and Improvements

Yesterday, VMware made some huge announcements as related to the next release of their flagship products across the board. This included vSphere 7 Update 1, vSAN 7 Update 1, VMware Cloud Foundation (VCF) 4.1, vSphere 7 with Tanzu, and Tanzu editions among other details. In this post, I would like to highlight VMware vSAN 7 Update 1 features and improvements to showcase more in detail the new capabilities of this newest vSAN release. Let’s get started and see what vSAN 7 Update 1 brings to the table.

VMware vSAN 7 Update 1 Features and Improvements

VMware is continuing to listen to customers about features and functionality they would like to see included in vSAN and all the products for that matter. Let’s take a look at the following improvements and features that are found in this latest version of VMware vSAN 7 Update 1.

vSAN 7 Update 1 contains the following improvements, features, and capabilities as improvements over the previous releases:

• HCI Mesh
• Shared Witness capability
• Compression only option
• Improved enterprise file services
• vSAN Data Persistence Platform
• vSAN IO Insight
• Data encryption in-flight
• Secure Disk wipe
• Improved vSphere Lifecycle Manager (vLCM)
• vSAN Layer 3 GUI network gateway configuration
• Faster host reboots

Let’s dive into each new feature one-by-one to see how the new features provide benefits to your production environment.

HCI Mesh

VMware with this release of vSAN 7 Update 1 has introduced something they called disaggregated HCI or HCI Mesh. What is this to be exact? This new feature can certainly come into play for environments with a vSAN cluster that may be getting space constained. With HCI Mesh in vSAN 7.0 Update 1, vSAN administrators can now mount remote vSAN datastores from other vSAN clusters.

This means the compute for the virtual machine can be run locally with the local vSAN cluster and the storage backend for the VM may be running in the remote vSAN datastore. I would imagine this may most likely be suited for some corner cases as most may not want to be able to mount a remote vSAN datastore and start provisioning VMs that way. However, this certainly opens up some interesting capabilities from a storage perspective. A note here is this is not happening via iSCSI or NFS. Rather this is native vSAN traffic that is utilized between the clusters.

There will be some network constraints when it comes to configuring this new capability. However, it is a great new feature that will likely allow customers to make even better use of spare storage they have left on certain vSAN clusters.

Shared Witness Node

Prior to vSAN 7 Update 1, you were required to have a single witness node for each stretched cluster configuration. This meant that even for several small 2-node vSAN clusters, you had to have a dedicated witness node. Now with vSAN 7 Update 1, this requirement has been relaxed. You can now have a single witness node store the witness components of multiple vSAN stretched clusters. This will help offset the resource and capacity requirements that were prohibitive in spinning up dozens of witness nodes for multiple stretched clusters.

Compression Only Option

This is a longstanding request from many VMware customers to have more control over the compression and deduplication options that are available for vSAN. Up until vSAN 7 Update 1, you could only enable deduplication with compression.

With vSAN 7 Update 1, VMware has introduced the compression only option that allows customers to simply flag on compression instead of both compression and deduplication. This holds many advantages. These include:

• Many customers were not running workloads that responded well to deduplication
• Deduplication entails a performance hit
• When a capacity drive fails in a deduplicated and compressed datastore, since the hash table for the deduplication and compression data is striped across disks, you lose the entire disk group if you have a single disk failure. This will no longer be the case with the compression only option

Improved Enterprise File Services

With the past few releases, vSAN has been getting major improvements on the side of enterprise file services. With file services, vSAN can deliver not only block storage but also file storage.

New with this release is the integration of vSAN file services with Active Directory. This means that file service permissions hosted on vSAN can now take advantage of permissions models based on Active Directory users/groups. Additionally, with vSAN 7 Update 1, customers can now also use vSAN file services as an SMB v2.1 and 3 target and not simply NFS.

There have been new scalability improvements with the vSAN enterprise file services in the realm of how many ESX manager VMs are supported – from 8 to 32 which leads to better performance and scalability.

vSAN Data Persistence Platform

With each version of vSphere and vSAN, you can see that VMware is building better tools and integration with cloud services and especially with Kubernetes. With vSphere 7 natively having Kubernetes built-in, it makes sense that vSAN also receive cloud-native features that accelerate the building of cloud-native applications.

With vSAN Data Persistence, VMware is a framework that allows partner applications to be deployed into the Supervisor Cluster. Partner applications for the most part are “shared nothing” architectures. This means they do not need any data protection from the vSAN side of things.

These partner applications are able to access vSAN directly via technology that has been in the works for a while called vSAN Direct. With vSAN Direct, applications are able to consume vSAN storage directly and natively which helps to have a fast path to storage performance for these cloud-native applications.

This helps IT operations to take advantage of the best of both worlds and have cloud-native applications benefit from direct access to vSAN storage while at the same time having the ability to interact with and understand infrastructure operations such as maintenance on a host, etc.

This framework is going to be a model that will grow and evolve over time with more vendors and third-party partners supporting and building solutions for the vSAN Data Persistence model.

vSAN IO Insight

One of the things that I love that VMware is doing is building and improving the management tools that are available with VMware vSAN to have visibility into performance and other vSAN operations.

There has been a great little tool available on the VMware Flings site called VMware IOInsight which allows understanding VM storage I/O behavior. This allows better tuning and sizing, helping with support issues and VMware engineering to see and have the information they need for product enhancements. It captures and traces IO from ESXi and generates various aggregated metrics to display IO behavior.

With vSAN 7 Update 1, IO Insight is now built into the vSAN 7.0 Update 1 platform and it is not just a fling, but totally a supported module of the interface. This is a new entry in the vSAN Performance dashboard found in the vSphere Client next to the existing VM and Backend options.

vSAN Data-in-transit encryption

Outside of new features, security is generally one area that most of us look to improve in every aspect of the infrastructure. With this release of vSAN 7 Update 1, VMware has now closed the gap of security with vSAN traffic with the vSAN Data-in-transit encryption.

There are basically two areas that encryption is important. This is encryption at-rest and encryption in-flight. VMware vSAN already has the at-rest part covered with the vSAN encryption storage policy. Now with the data-in-transit encryption, your data as it is transmitted on the vSAN network in an encrypted form. This means your data is effectively protected in-flight.

Secure Disk Wipe for vSAN Disks

New with vSAN 7 Update 1, there is a new option you can use to securely wipe the data on the vSAN disks. This is a handy tool to have available when you need to make sure for compliance or other security reasons, you have made sure all data is scrubbed from vSAN storage before decommissioning the servers.

Improved vSphere Lifecycle Manager (vLCM)

One of my favorite new features of vSphere 7 in general is the vSphere Lifecycle Manager (vLCM) that replaces the Update Manager for performing updates. This brings tremendous benefits to vSAN as well. With vSAN 7 Update 1, there are many new improvements to vSAN 7 Update 1 vLCM.

Now, with vLCM in vSAN 7 Update 1, you have support for Lenovo hardware with vLCM which now adds Lenovo in addition to the existing Dell hardware that could be remediated and updated with vSAN 7.

Now, you get the ability to upgrade Lenovo firmware and other customized device drivers for this specific hardware. For Lenovo shops, this helps to bring the simplified operations to the vSAN platform for your environment.

vSAN Layer 3 GUI network gateway configuration

Now instead of having to revert to the ESXi CLI interface to add static routes, you can now simply use the vSAN GUI in the vSphere Client and change the gateway for the VMkernel interface. No longer, will you have to rely on CLI operations for this and it helps to have better visibility of these specific network settings in your vSAN environment.

Faster Host Reboots

Using a new mechanism to save and restore in-memory metadata, this allows for much quicker host reboots than previously. If you have worked with vSAN clusters before, you know that a simple host reboot can take a while due to the operation to restore vSAN data upon reboot. This should definitely help to alleviate the long wait times for this reason.

Concluding Thoughts

If you are wanting to deploy VMware vSAN, vSAN 7 Update 1 is certainly a great place to start. The VMware vSAN 7 Update 1 Features and Improvements provide many great new enhancements that help to make this version of vSAN the most powerful and capable one yet. If you are like me, you can’t wait to get your hands on the update and start putting some of these features and enhancements into production!