The witness is the commonly used feature to detect the split brain scenario in most of the clustered applications or clustered solution. Similar to that, VSAN Witness appliance is used to provide availability for the virtual machines running in the VSAN cluster. VSAN Witness appliance is needed for VSAN stretched cluster and 2-node VSAN cluster.

VSAN witness component determines the ownership of the virtual machine resources in case of host failures. If greater than 50% of the components that make up a virtual machine storage object are available, the virtual machine is still accessible. If less than 50 %, then virtual machine components will no longer accessible to the VSAN cluster.

Witness object plays an important role in determining the greater than 50% rule is in effect for VSAN components and also determining virtual machine object ownership in case of a failure event.

Now the next question is Physical VSAN witness or VSAN Witness Virtual Appliance?

VSAN Witness can be run in both physical and virtual appliance. Keeping a dedicated a physical ESXi host as witness host will need a license, Power consumption and hardware maintenance and data center space, etc as all condition applies to run a workload in the physical server as compared to virtualization.

I always recommend having VSAN witness virtual appliance which is nothing but an ESXi running in a VM. It is preconfigured and licensed. You don’t need to provide a license for ESXi (VSAN witness appliance). Unlike a general purpose ESXi host, the witness appliance does not run virtual machines. Its only purpose is to serve as a vSAN witness.

Now we are clear that VSAN witness appliance is the best option for VSAN stretched cluster and 2-node VSAN cluster witness configuration. let’s discuss the step by step procedure to understand how to deploy VSAN Witness virtual appliance.

Prerequisite to deploy VMware VSAN Witness appliance

• Two-host vSAN clusters must have less than 500 ms RTT between the data sites and the witness node
• Stretched clusters with less than 11 hosts per site must have less than 200 ms RTT between the data sites and witness node.
• Stretched clusters with 11 or more hosts per site must have less than 100 ms RTT between the data sites and witness node.
• Verify that data traffic and witness traffic use the same IP version.

How to Deploy VMWare VSAN Witness Appliance?

Log in to VMware portal and download the VMware VSAN witness virtual appliance. Deployment of VSAN witness appliance will be similar to other VMware virtual appliances.  Once you have downloaded the  VSAN witness appliance OVA file, we are ready to deploy the appliance.

Log in to vCenter using vSphere web cline t or HTML 5 client, Right-click the datacenter and select “Deploy OVF”. Click “Browse to select the downloaded the VSAN witness appliance. Click Next.

Specify the name and datacenter or folder location to deploy the VSAN witness appliance. Click Next.

Select the cluster or host to deploy the witness appliance. It should be deployed in the datacenter other than where the data hosts in VSAN Stretched cluster and ROBO cluster are deployed. Click Next.

Review the OVF template details. Click Next.

Click “Accept” to accept the license agreements. Click Next.

Select the deployment configuration based on the expected number of VMs supported by the VSAN stretched cluster. Choose one of the following options:

• Tiny (10 VMs or fewer)
• Medium (up to 500 VMs)
• Large (more than 500 VMs)

Based on the selected option, the VM Specs will differ.  Select the suitable configuration for your deployment and Click Next.

Since this Lab environment, I will be going with “Tiny (10 Vms of fewer). VM configuration for the option “Tiny” will be displayed. Click “Next” to proceed.

The witness appliance must use a different datastore than the vSAN stretched cluster datastore. Select the datastore to deploy the VSAN witness appliance and Click Next.

The vSAN Witness Appliance contains two network adapters that are connected to separate Standard switch (VSS). The vSAN Witness Appliance Management VMkernel is attached to one VSS, and the WitnessPG is attached to the other VSS.

The Management VMkernel (vmk0) is used to communicate with the vCenter Server for appliance management. The WitnessPG VMkernel interface (vmk1) is used to communicate with the vSAN Network. This is the recommended configuration.

Select the suitable port groups for Witness and Management Network for the VSAN witness appliance, Click Next.

Specify the root password for the VSAN witness appliance (aka nested ESXi root password). Click Next.

Review all the selected configuration and Click “Finish” to start the deployment of the VSAN witness appliance.

Once Import OVF task is competed, VSAN  witness appliance VM deployment is completed.

That’s it. we have successfully deployed the VSAN witness appliance. We need to power on and configure the witness appliance. I will explain the configuration in the upcoming posts. I believe this post will be informative for you. Thanks for Reading !!!. Be social and share it in social media, if you feel worth sharing it.