What is SPBM, how are vSAN policies used and what are the options for each setting within a new policy. That’s what I’ll be attempting to explain using this post which was created with vSAN 6.6 and will be updated as future revisions are released. vSAN policies can be applied to either the vSAN datastore, individual VMs, or disks within a VM including the VM Home.
Few acronyms to understand:
- SPBM = Storage Policy Based Management
- Policies that manage the redundancy and performance of VMs and the vSAN datastore.
- FTM = Failure Tolerance Method
- RAID 1 (mirroring)
- Data is mirrored across 2 nodes with a 3rd being a witness.
- RAID 5 (erasure coding)
- Data is striped across 3 nodes with a 4th being used as parity.
- RAID 6 (erasure coding)
- Data is striped across 5 nodes with a 6th being used as parity.
- RAID 1 (mirroring)
- FTT = Failures To Tolerate
- Used to provide redundancy in a node failure scenario.
In order to manipulate vSAN, storage policies need to be created. This is done within the vSphere Web Client’s ‘Policies and Profiles’ section that’s reachable from the Menu.
Once in the ‘Policies and Profiles’ section, select ‘VM Storage Policies’. This section will display the default policies created when vSAN was installed.
Those policies are:
- VM Encryption Policy
- Sample storage policy for VMware’s VM and virtual disk encryption.
- vSAN Default Storage Policy
- Storage policy used as default for vSAN datastores
- Host-local PMem Default Storage Policy
- Storage policy used as default for Host-local PMem datastores
- VVol No Requirements Policy
- Allow the datastore to determine the best placement strategy for storage objects
The only policy that is used by default is the vSAN Default Storage Policy that is applied at the vSAN datastore level. That policy is set for an FTT=1; FTM=RAID-1 (mirroring). Which is one of the reasons VMware recommends using 3 nodes to start out with for vSAN, 4 nodes if you want an N+1 redundancy.
To create a new policy, click on ‘Create VM Storage Policy’ and you’ll be greeted with a popup with 4 different options.
1. Name and Description
- vCenter Server, Name and Description
- Self explanatory.
2. Policy Structure (must select an option to continue)
- Enable host based services
- Allows the configuration for:
- Data at rest encryption – Encryption is enabled on a per cluster level and is native to vSAN. Encryption occurs using an AES 256 cipher in vSAN’s cache and capacity disks. Separate KMS server required.
- Storage I/O control – Ensures that every VM gets its fair share of storage resources.
- Allows the configuration for:
- Enable rules for “vSAN” storage
- Allows the configuration for:
- Site disaster tolerance – Defines whether the vSAN cluster will be stretched or not.
- Failures to tolerate – Determines how many nodes are allowed to fail before performance is impacted. Along with what RAID type to use.
- Number of disk stripes per object – Allows for the number of capacity disks an object can be striped across.
- IOPS limit for object – Sets IOPS restrictions on a disk and throttles any additional IO that surpasses that restriction.
- Object space reservation – Amount a specific storage space an object has reserved on the datastore. The rest of the space the object consumes will be thin provisioned.
- Flash read cache reservation (%) – Cache disk capacity reserved for reads of an object. Any capacity within the cache disk reserved will specifically be for the object assigned to this policy. Additional capacity is shared amongst all objects.
- Disable object checksum – When enabled does not allow checksum to be verified for objects.
- Force provisioning – This option will force an object to be compliant with its policy even when resources are constrained.
- Tags – Create tag rules to filter datastores to be used for placement of VMs.
- Allows the configuration for:
- Enable tag based placement rules
- Create tag rules to filter datastores to be used for placement of VMs.
3. Storage Compatibility
- Select compatible datastores with this policy
4. Review and Finish
That’s all there is to it. There are still additional requirements on when you can/can’t enable certain options which I’ll document at a later time along with new features just announced at VMworld 2018! So stay tuned!
