File services is a common requirement in today’s enterprise environments. Historically, providing these file-level services meant using physical storage arrays or VMs capable of serving file-level protocols such as NFS and SMB.
The vSAN File Service is a new feature of VMware vSAN and there are numerous reasons why vSAN native file services are interesting. Its flexibility, integration, and capabilities make it a good fit for a variety of use cases. It allows organizations to create file shares on top of their VMware vSAN storage.
vSAN 7 Update 1 improved on the capabilities of file services even further with support for SMB v2.1 and v3, Active Directory integration and Kerberos Support. vSAN 7 U2 extends the capabilities of vSAN file services in new and interesting ways including support for stretched clusters, data-in-transit encryption, snapshots and improved scale, performance and efficiency.
vSAN File Service is a layer that sits on top of vSAN to provide file shares. vSAN File Service comprises of vSAN Distributed File System (vDFS) which provides the underlying scalable filesystem by aggregating vSAN objects, a Storage Services Platform which provides resilient file server end points and a control plane for deployment, management, and monitoring. File shares are integrated into the existing vSAN Storage Policy Based Management, and on a per-share basis.
When you configure vSAN file service, vSAN creates a single VDFS distributed file system for the cluster which will be used internally for management purposes. A file service VM (FSVM) is placed on each host. The FSVMs manage file shares in the vSAN datastore. Each FSVM contains a file server that provides both NFS and SMB service.
A static IP address pool should be provided as an input while enabling file service workflow. One of the IP addresses is designated as the primary IP address. The primary IP address can be used for accessing all the shares in the file services cluster with the help of SMB and NFSv4.1 referrals. A file server is started for every IP address provided in the IP pool. A file share is exported by only one file server. However, the file shares are evenly distributed across all the file servers. To provide computing resources that help manage access requests, the number of IP addresses must be equal to the number of hosts in the vSAN cluster. vSAN file service supports stretched clusters and two-node clusters. A two-node cluster should have two data node servers in the same location or office, and the witness in a remote or shared location.
Limitations and Considerations
When configuring the vSAN File Service, keep the following in mind:
- vSAN 8.0 supports 100 file shares.
- vSAN 8.0 supports 64 file servers in a 64 host setup.
- With vSAN 8.0, File Service VMs are powered off and but no longer deleted when the vSAN cluster enters maintenance mode.
- vSAN 8.0 supports two-node configurations and stretched clusters.
- File Service does not support vSAN Express Storage Architecture.
- In releases prior to vSAN 7.0 Update 3, when a host enters maintenance mode, the Protocol Stack container moves to another FSVM. The FSVM on the host that entered maintenance mode is deleted. After the host exits maintenance mode, a new FSVM is provisioned. File Service VMs are powered off and deleted when the vSAN cluster enters maintenance mode, and recreated when the host exits maintenance mode.
- vSAN File Services VM (FSVM) docker internal network may overlap with the customer network without warning or reconfiguration.
- vSAN File Services does not support the following:
Read-Only Domain Controllers (RODC) for joining domains because the RODC cannot create machine accounts. As a security best practice, a dedicated org unit should be pre-created in the Active Directory and the user name mentioned here should be controlling this organization.
Disjoint namespace.
Spaces in organizational units (OUs) names.
Multi domain and Single Active Directory Forest environments.
With this, I'll wrap up the post here. We will discuss more about configuring the file services in the next blog.
Thank you for reading!
*** Explore | Share | Grow ***