What is a vSAN witness host?
The vSAN witness host is basically an ESXi host that does not store VM data, It stores the witness components for each VM object from a Stretched cluster. It is used for an site failure in a vSAN stretched cluster using fault domain making sure vSAN data is redundant across fault domains.
First thing is to deploy vSAN witness host at the third site.
Deploy a ovf template
Upload the VMware vSAN witness ova.
Give it a vm name
Select a compute resource and continue
Review details and click next
Accept agreement and conintue
Size will depend on your current and future requirments
Select storage and continue
Select a port group and continue
Put in your password and scroll down
Put in your management details and leave secondary network blank (We will be using vSAN witness traffic as management on vmk0)
Click finish
Power on witness
Make you’re your esxi witness has connectivity, I needed to tag an vlan on it as the port group I used is using vlan trunking
Add the esxi witness host to datacenter not the cluster were your stretched cluster is
Put in the fqdn and continue
Put in the credentials and continue
Accept SSL certificate
Continue
Ensure the witness license is selected and continue
Click next on lockdown mode page
Continue
Click finish
Ensure you have ntp setup on the esxi witness host
Ensure the ntp daemon service on the ESXi witness host is start and stop with host
Ensure the ssh service on the ESXi witness host is start and stop with host
Under vmkernel adapters for the ESXI witness host remove vmk1
Remove secondary switch
Remove VM network from vSwitch0
Edit vmk0 in VMkernel adapters and add the vSAN service
Now we will stretch the cluster so esx1,2 will be site 1(Primary fault domain) and site 2 will be esx3,4 (Secondary fault domain)
Click the cluster > click configure tab > under vSAN click fault domains > Click configure stretched cluster
Sort out your primary and secondary fault domains.
Select your witness ESXi host
Claim your cache and capacity disks for your ESXi witness host.
Finish
Done
You can see the vcenter virtual machine component is in both sites. So in a event of a site failure vCenter will HA over and data will be intact.
In production I would normally create affinity rules so I know were my virtual machines compute is running from. Using ‘should’ rules.
So for example
Host group1 – esx1, esx2
Host group2 – esx3, esx4
vm group1 – websvr1, websvr2
vm group2 – websvr3, websvr4
vm/host group1 – Host group1, vm group1
vm/host group2 – Host group2, vm group2
So this would ensure my webservers are always running active from both sites
Official Configure the VMkernel Adapters on the vSAN Witness Host
Official vSAN stretched cluster guide.
https://core.vmware.com/resource/vsan-stretched-cluster-guide#overview