The Cranky Admin

VMware Releases VSAN 6.6

A host of useful upgrades are packed into the latest release.

VMware has released VSAN 6.6, the most significant update to VMware's Hyperconverged Infrastructure (HCI) platform since its initial release. VSAN 6.6 comes with more than twice as many new features as any previous release, meeting various needs for different groups of sysadmins. The new VSAN, of course, comes with a new vRealize management pack as well.

Certain features are useful for everyone. It doesn't matter if you run a large deployment or a manage a small shop; these features are great for you.

Native Encryption Support FTW
The first feature that jumps out at me, and which has already received rave reviews all from experts, bloggers and the tech press is VSAN's native encryption support. This means that VSAN can now provide your data-at-rest encryption support even when your operating systems don't, or you don't want to put that responsibility into the hands of the application owners.

VSAN 6.6 comes with an emphasis on resiliency that has some very real benefits to smaller shops. VSAN can be managed independent of vCenter, making it practical to run your vCenter virtual appliance on the same cluster as the VSAN it is managing. This, along with a newer, easier installer for VSAN reduces the amount of infrastructure required to support VSAN clusters in datacenters, making them self-contained and lowering costs.

VSAN 6.6. also comes with "Degraded Disk Handling v2.0 (DDHv2)," "smart repairs and enhanced rebalancing" (fabric reconvergence by another name), and "intelligent rebuilds using partial repairs" (reconvergence with some semblance of intelligence). All of this means that VSAN responds to failed disks and nodes more quickly, more intelligently and in a less disruptive fashion. Wins all around.

Multicast vs. Unicast
VSAN 6.6 brings with it a change from multicast networking to unicast networking. This is great news for most current and potential VSAN users. There are a lot of switches on the market today -- especially those aimed at SMBs -- that are absolutely terrible at multicast.

Multicast has traditionally provided an advantage over unicast in large HCI clusters. When a node  performs an action -- say a write or a rebuild -- that needs to be replicated to a partner, it can simply multicast that action. This lets as many partners as needed to perform the action as well, do so.

If there is only dual copy replication, this doesn't provide any real advantage over unicast. HCI solutions utilizing erasure coding, however, or those which support more than one copy of data within a cluster, saw great improvements by employing multicast. VSAN is one such HCI solution.

The switch issue, however, limited the gains one could practicably see from multicast. Combined with a lot of hard work in refining inter-node communication, the VSAN team claims to have managed to switch to unicast networking without any appreciable change in networking traffic or overhead. If true, this means better network support for the same price and with the same performance.

Stretched Clusters
If you use stretched clusters, VSAN 6.6 will be of particular interest to you. This latest update combines local failure protection with stretched cluster capability. This allows administrators to configure, for example, a local cluster to tolerate two failures while also configuring the overall cluster to tolerate the failure of a whole site. Stretched cluster support in VSAN also gains site affinity for stretched clusters and 1-click witness change, both of which aim to make managing change within a stretched cluster easier.

For automation nerds, the VSAN SDK has been updated to handle all of the new features. Similarly, PowerCLI support has been enhanced. This is particularly important for anyone planning to deploy encryption at serious scale, as the encryption capabilities require setting the clusters up with key management servers; it's probably best to automate all of that sort of configuration.

Regulated Environments
A lot of effort was put in by the VSAN team to make VSAN useful for regulated environments. Some regulatory environments specify that various bits of IT -- especially storage -- have certain features. Other regulatory regimes merely hint at it, and in most cases the belief in the requirement of these features is merely anecdotal.

Regardless, we're all better safe than sorry, and VMware's efforts for VSAN 6.6 have made it a valid choice as a storage solution for regulated environments. In addition, it's made certification efforts with third-party solutions that wish to run on top of VSAN easier. Expect to see a number of announcements from partners regarding certification on VSAN 6.6, both as a supported storage layer for virtualized services and as part of tickbox IT-style regulatory IT-in-a-can solutions.

Cloud Enhancements
VSAN 6.6 comes with some interesting looking cloud analytics options. When everything is set up, these can provide support notification and recommendations in real time. Combined with a vastly expanded VSAN health services, the goal is to help administrators be aware of potential problems with their clusters.

VSAN both regularly sends information back to the mothership about your hardware and configuration, and it regularly polls a Hardware Configuration List (HCL). If there's a known issue, it will alert administrators. The canonical example here would be if it was discovered after launch that a specific component -- a network card or SSD, for example -- caused problems; but in theory this could cover configuration items as well, as VMware talks about using the cloud analytics to cover "best practices" as well.

The new VSAN easy install and config assist also draw on these technologies to help alert administrators if they're about to deploy to unsupported hardware. If you're a shop that can afford to keep up with hardware churn at vendor speed, this will be exceedingly useful for you.

For those who stretch their hardware to breaking, or work with channel partners to use their third-party support mechanisms to extend hardware beyond vendor support periods, however, this could be a bit more of a challenge. VSAN's increasing -- and useful -- number of features reliant on the HCL means that, for example, older hardware which is perfectly functional in VSAN, but which vendors have chosen not to get recertified for the new version, will alert as problematic. Be aware of this before upgrading existing clusters.

There currently isn't a GUI-integrated method to point to a custom HCL, though command-line configuration of the repository source is possible.

VSAN 6.6 is even faster that before. VMware claims "up to 50% greater IOPS for all-flash with optimized checksum and dedupe." There is support for next-generation storage technologies, such as Intel's Optane, as well as a new mechanism to deploy firmware updates to drives, as distributed by the server vendors, in an automated fashion.

Photon! (Oh, and Docker, Too)
VSAN 6.6. brings support for Photon Platform 1.1 as well as a Docker volume driver. If your work is a little bit less hypervisor and a little bit more microvisor, VSAN 6.6 is here for you.

Photon support combines with iSCSI support from VSAN 6.5 and shows that VMware is interested in rounding out VSAN to be more than just an HCI solution. VMware wants VSAN to truly be a competitive storage solution capable of taking on all the roles that more traditional enterprise SANs serve.

Whether or not that includes native file services we'll have to wait and see; but given the rapid advance of features, it's one of the few notable services they haven't already added. Proper Photon and Docker support are not to be overlooked. Containers can put a lot more workloads in the same space as VMs, resulting in more files to be managed. VMware will have had to up their filesystem game in order to support Photon at scale with VSAN, so it isn't unreasonable to assume that native file services exports from VSAN are close.

Thumbs Up
Overall, VSAN 6.6 is an impressive looking release, one that will be fun to dig into for an in-depth review.

About the Author

Trevor Pott is a full-time nerd from Edmonton, Alberta, Canada. He splits his time between systems administration, technology writing, and consulting. As a consultant he helps Silicon Valley startups better understand systems administrators and how to sell to them.


Subscribe on YouTube