vSAN

VMware vSAN 7 Update 3 New Features

With the release of VMware vSphere 7 Update 3, this also means there is a new version of vSAN as well. VMware vSAN has been trailblazing in the world of HCI for several years now and with over 30,000 customers and many releases behind it, the solution has certainly grown, matured, and become a rock-solid HCI platform for business-critical data. Let’s take a look at VMware vSAN 7 Update 3 new features.

VMware vSAN 7 Update 3 New Features

VMware vSAN 7 Update 3 new features fall within three categories:

  • Developer ready infrastructure
  • Simplified operations
  • Platform enhancements

The following is a synopsis of the new features listed by VMware vSAN 7 Update 3, provided by VMware.

Developer ready infrastructure

VMware vSAN continues to help balance the needs of developers and vSphere admins by providing the capabilities and features needed by both teams. This balance allows delivering services and applications quickly in modern environments.

VMware vSAN 7 Update 3 introduces all-new flexibility and scalability for organizations running containerized workloads on top of vSphere with Tanzu. The use of file-base read-write many volumes is now supported in vSphere with Tanzu, in addition to the block-based read-write once volumes. This provides new flexibility and efficiency for microservices. You can simply mount and access the same persistent volume as other pods in the cluster. Read-write many volumes can be exposed to TKG guest clusters using vSAN File Services.

Use file and block based persistent volumes in vSphere with Tanzu
Use file and block based persistent volumes in vSphere with Tanzu

The data persistence platform (DPp) is the framework that helps integrate stateful applications in a vSAN environment through easy installation in vCenter. VMware vSAN Update 3 introduces new capabilities that help with storage device decommissioning as well as management of persistence services operators. VMware vSAN clusters that use the data persistence platform will now be able to decommission discrete devices more easily, similar to vSAN clusters running traditional workloads. It minimizes the cost of data movement when compared to host-based evacuation.

Efficient operations when powering cloud native applications
Efficient operations when powering cloud-native applications

With the latest version of vSAN, there are new certified versions of the persistence service operators from VMware partners. ISVs will be making their announcement around their offerings. Out of the announcements, in vSAN 7 Update 3, the ability for the operators to be updated will occur without the need to update vSphere, vSAN, or the vCenter Server. The decoupling of the persistence services operators means easier updates for those using the platform.

New certified cloud native solutions and improved updating
New certified cloud-native solutions and improved updating

A developer-ready infrastructure must meet many requirements. Both in the organization and developer requirements. Site-level availability is one of those requirements. VMware vSAN Update 3 has new capabilities to provide features when site-level resilience is needed. The use of stretched clusters can be ideal for those using persistent volumes consumed by vanilla Kubernetes. All of the same resilience features in vSAN stretched clusters for traditional workloads will be available when using upstream vanilla Kubernetes, including secondary levels of resilience and site affinity.

Site level availability for Kubernetes Workloads on vSAN
Site-level availability for Kubernetes Workloads on vSAN

Modern applications are often deployed and scaled automatically with very little knowledge of the underlying architecture or topology. With vSAN 7 Update 3 support was introduced for a new feature in Kubernetes, referred to as topology-aware volume provisioning. It provides a way to define a boundary or zone that represents the location in which a pod can run and ensures provisioning of a volume occurs in a location accessible by those pods.

For multi-vSAN cluster environments, this can be valuable. Traditional vSAN clusters treat storage as an exclusive cluster resource. With topology-aware volume provisioning is used, pods can be scaled across clusters while ensuring they have access to their relative persistent volumes.

Deploy and scale stateful workloads across multiple vSAN clusters
Deploy and scale stateful workloads across multiple vSAN clusters

Simplified Operations

Simplified operations leads to predictable outcomes. VMware continues to improve vSphere and by extension, vSAN, in this area. VMware vSAN 7 Update 3 has enhancements that are a result of customer feedback. The improved operational handling includes new levels of visibility for workloads.

Occassionally, there is a need to fully shutdown a vSAN cluster. VMware vSAN 7 Update 3 has new intelligence to help with fully shutting down a vSAN cluster. There are new guided workflows and precheck validation helps with power down and power up scenarios for consistent and predictable results.

The simplified shutdown and startup procedure aligns with other efforts to ensure the operational simplicity of a vSAN environment.

Intelligent cluster aware shutdown and startup workflows
Intelligent cluster aware shutdown and startup workflows

VMware vSphere Lifecycle Manager (vLCM), has introduced all new levels in the management of ESXi hosts that participate in vSphere and vSAN clusters. VMware vSphere 7 Update 3 introduces enhancements for vSAN topologies that use dedicated witness host appliances. Both stretched clusters and two-node environments that use their own dedicated witness host appliances will now be managed and updated by vLCM. This is important to guarantee a consistent and desired state of all hosts used in the cluster. It includes built-in prechecks and performs these updates in the recommended order to ensure availability.

Extending vLCM to Support Additional vSAN Workflows
Extending vLCM to Support Additional vSAN Workflows

The Skyline Healthchecks for vSAN provides detailed health checks to catch the most common issues such as misconfiguration and failures. New to vSAN 7 Update 3 is the ability to understand the relationship of one health check to another for effective troubleshooting. This correlation between triggered health checks helps to find the root cause more quickly. This functionality is also exposed via API as well. This allows it to be used in solutions such as vRealize Operations.

Easily identify relationship of multiple health check warnings
Easily identify relationship of multiple health check warnings

Understanding network health and performance is extremely important in HCI solutions like vSAN. VMware vSAN 7 Update 3 introduces new metrics and health checks to provide better visibility into switch fabric that connects vSAN hosts and ensures a higher level of consistency. Duplicate IP detection is now a part of the health checks and the discovery of LACP synchronization issues.

VMware vSAN 7 Update 3 adds configuration status check for the participating network interface cards and their configuration status of LRO/TSO. Ensuring consistency of LRO and TSO settings helps detect issues that may come as a result of an inconsistent configuration.

Improved troubleshooting with cluster network monitoring
Improved troubleshooting with cluster network monitoring

Understanding potential performance bottlenecks in distributed storage systems can be challenging. VMware vSAN 7 Update 3 introduces VM I/O trip analyzer to help administrators to identify the primary points of contention more easily. With the ability to visualize parts of the data path directly from vSphere Client UI, admins are presented with a simplified overview that helps to indicate the cause. Not only does it have a visual data path, but it measures the variability or standard deviation of the latency in the system. It helps answer the questions of performance and performance consistency.

Find potential vSAN bottleneck using vCenter Server
Find potential vSAN bottleneck using vCenter Server

Many environments are adopting applications that are built-in containers and used for persistent volumes. To ensure these are treated as “first-class citizens,” vSAN 7 Update 3 introduces enhanced levels of visibility for persistent volumes. You can now consistently view the persistent volume name when viewing logs and drill down for performance in looking at persistent volumes. The user interface has been reworked with comprehensive crosslinked information for easy navigation.

Enhanced identity and monitoring of cloud native volumes
Enhanced identity and monitoring of cloud-native volumes

Platform enhancements

Accounting for unplanned events and new security requirements is a challenge in the enterprise data center. A platform that ensures the availability and security of data is essential today. VMware vSAN Update 3 delivers a number of improvements to help with these challenges. Many customers have found vSAN two-node topologies are effective for remote and edge use cases. These are highly effective in providing resilience in the case of a host failure. Now it has been improved for secondary levels of resilience.

Two-node can now offer a secondary level of resilience when they have three or more disk groups in the host. It means a topology can suffer an entire host failure and the failure of a disk group on the remaining host and still provide full data availability.

Enhanced resilience for critical 2 node vSAN cluster environments
Enhanced resilience for critical 2 node vSAN cluster environments

VMware vSAN stretched clusters provide full resilience of an environment, even if a geographical site is unavailable for some reason. VMware vSAN 7 Update 3 increases the availability of data if one of the data sites becomes unavailable followed by a planned or unplanned availability of the witness host appliance.

It helps to improve the data availability by allowing for all site-level VMs and data to remain available when one data site and witness host appliance is offline. It mimics similar behavior available in storage array-based synchronous replication configuration configs. Not only does it apply to stretched clusters, it also works with vSAN two-node clusters as well.

Improved uptime for stretched cluster and two node topologies
Improved uptime for stretched cluster and two-node topologies

VMware vSAN offers encryption services to help ensure the integrity of data stored in the environment. For vSAN at-rest data encryption, key management can occur using the vSphere native key provider or an external KMS. VMware vSAN 7 Update 3 introduces the ability to use Trusted Platform Modules (TPM) on one of the hosts in the vSAN cluster to persist the encryption keys should there be an issue with communication to the key provider.

The use of TPM is fully supported using the vSphere NKP or an external KMS and is one of the best ways to build a robust key distribution and key storage.

Robust distribution of encryption keys on vSAN hosts
Robust distribution of encryption keys on vSAN hosts

Consistently throughout the vSAN releases is the continual effort to drive improved levels of performance by simply upgrading the hypervisor. VMware vSAN 7 Update 3 delivers improvements to performance with optimizations made to the data path when using RAID 5 or 6 erasure coding. VMware vSAN opportunity looks for ways to write data in a more efficient way.

VMware vSAN 7 Update 3 now evaluates characteristics of the incoming writes in the queues and now can write the stripe with parity in a more efficient way, reducing I/O amplification and the number of tasks occurring in a serial manner. The optimizations are particularly beneficial for workload patterns that issue sequential writes or “bursty” write workload activity found in database or streaming application workloads. This combined with RAID-caching enhancements is an example of the performance tuning VMware is delivering on existing hardware that you already have.

Improved performance for space efficient data placement schemes
Improved performance for space-efficient data placement schemes

With vSAN 7 Update 3, vSAN file services introduce support for a technique of intelligent disclosure known as “access-based enumeration” (ABE). This feature capable with file systems using SMB3 and newer will reduce the disclosure of content to only those with the proper permissions.

Support of an access-based enumeration will prevent a directory from listing all the folders in a share and will only list those with the proper permissions for access. It helps prevent unintentional disclosure of information around sensitive material, even though a user may not have full access to the information.

Improved security handling of vSAN file shares
Improved security handling of vSAN file shares

Concluding

VMware vSAN 7 Update 3 delivers the most powerful, robust, and comprehensive HCI solution from VMware to date. It provides enhancements across the realms of developer-ready infrastructure, simplified operations, and platform enhancements. The features included with vSAN 7 Update 3 provide a coordinated effort to meet the growing demands of the data center – on-premises, in the edge, or in the cloud.

Subscribe to VirtualizationHowto via Email 🔔

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at Virtualizationhowto.com and has over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, Brandon has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.