Security, Software Defined, Storage, vSAN

Secure by Default – Why did it take something like GDPR to do this?

I look at Twitter, and see everyone talking about the massive amounts of emails surrounding the changes companies are having to make as a result of GDPR. What is GDPR? Well if you like to read legislation, you can start here:

That’s a lot of info and legalese.

One of the things that I took from reading the GDPR legislation, was that data needs to be secure by default. Data doesn’t need to be secured after the fact, but by default.

An experience with data security
Here is an experience I had about a year ago, and why I think “secure by default” is tremendously important.

I went to an auction looking for whatever deals I could find. Tech, furniture, whatever. Anything that looked like it was a deal, I’d bid for.

One of the lots I bid for, included “Computer Gear” – And I won for $55. Yes, $55.
12 pallets of “Computer Gear” in fact. After several trips of loading/unloading, I had quite a bit of old tech that was new to me. (more…)

Read more

Software Defined, Storage, Virtualization, vSAN

Sample 2 Node vSAN Deployment Script

A couple months back, I published a YouTube video of my deploying/setting up a 2 Node vSAN cluster with nothing but PowerCLI.

It got a few views and several people internally at VMware asked for the source code. Well, this has been a long time coming, with my working on it on/off for a while, with the vast majority of the coding done on weekends.

The foundation
I wanted to keep it simple/modular, so I put together a PowerCLI module. That way choices could be made like:

  • Will the data nodes be using vmk0 for Witness Traffic Separation? Or will a new VMkernel need to be  created and tagged for vSAN Witness Traffic?
  • Will I need to create a VDS? Enable NIOC? Assign vSAN recommended NIOC settings?
  • I’ll need to create disk groups. How many cache devices are there?
  • and so on.

That is where a good bit of the work/effort went into it. It isn’t as complete as I’d like, doesn’t have nearly the amount of error checking I’d like, but it has been live and published on my GitHub page, and shared on here:


Read more

Security, Software Defined, Storage, vSAN

How long does it take to… Enable vSAN Encryption?

With the addition of Data at Rest Encryption to vSAN in 6.6, I get this question… A LOT.

Typical questions
The typical question is something like this: “Hey Jase, how long will it take me to enable vSAN Encryption on my vSAN cluster?” Sometimes I’ll also get a “And I have 6 nodes with X much capacity, Y cache devices, and I’m using Z storage policy.”

Asking this question is like asking “Hey Jase, how long will it take for my Jeep to make it through the Poison Spider Mesa Trail in Moab, UT? Oh, and I have a Jeep Wrangler with 35″ tires.”

Both questions are somewhat headed in the right direction, but unfortunately lack a good bit of detail necessary to determine the amount of time required to accomplish the task. (more…)

Read more

Software Defined, Storage, Uncategorized, vSAN

vSAN Stretched Clusters & VM Swap Files

My buddy Pete Koehler put together a good post a few days ago about SPBM Policies with vSAN Stretched  Clusters: vSAN Operations: Use separate SPBM policies for VMs in stretched clusters

In that post, he covers definition changes from Number of Failures to Tolerate (FTT) which was available in pre vSAN 6.6 builds, to Primary Failures to Tolerate (PFTT) in vSAN 6.6 and higher. This change was added to address the addition of local protection within a Stretched Cluster. This is accomplished using the secondary rule, Secondary Failures to Tolerate (SFTT), to determine the local protection within a Stretched Cluster Fault Domain (Preferred or Secondary).  Pete covers this in the above post.

A question came up last week specific to the behavior of a VM’s swapfile in vSAN when using vSAN Stretched Clusters. There has been some confusion with my documentation on StorageHub, which I’m currently updating, but I wanted to post something specific to how a VM’s swapfile behaves.

I’ve setup a Stretched Cluster with a single VM on it for a little clarity. Once site is “Denver” and one is “Colorado Springs” in my demo environment. Since I’ve moved to CO, I figured I’d use some naming that has local flair.

Pre vSAN 6.6 Stretched Cluster Behavior (vSAN 6.1, 6.2, & 6.5)

In vSAN Stretched Clusters before 6.6, each object had 1 component in each Fault Domain (Preferred/Secondary) and a Witness component on the vSAN Witness Host. *If an object is greater than 255GB in size, it will be broken into multiple components (on each site) for every increment of 255GB.

Here’s a standard policy for Pre-vSAN 6.6 Stretched Clusters:

Read more

Software Defined, Storage, Virtualization, vSAN

VMworld 2017 Session Voting

Just a quick post asking for your votes for some sessions I’ve submitted and/or been included in.

Successful vSAN Stretched Clusters [1118]
GS Khalsa, Sr. Technical Marketing Manager, VMware
Jase McCarty, Staff Technical Marketing Architect, VMware

This session will provide a deep dive into using Stretched Clusters with VMware vSAN. Topics covered will include the foundation of vSAN Stretched Clusters, the latest updates, recommendations, and failure scenarios. For those interested in implementing Stretched Clusters with vSAN, this will be the session not to miss.

Automating vSAN Deployments at any scale [1119]
Kyle Ruddy, Senior Technical Marketing Engineer, VMware
Jase McCarty, Staff Technical Marketing Architect, VMware

This session will cover some of the mechanisms and workflow requirements when deploying vSAN in small or large deployments. This will include methods using the vSAN Management API as well as PowerCLI to deploy vSAN. Guidance around the how and why will be included to better ensure successful deployments of any size, from the smallest to largest clusters.

Interpreting performance metrics in your vSAN environment [1206]
Pete Koehler, Sr. Technical Marketing Manager, VMware
Jase McCarty, Staff Technical Marketing Architect, VMware

VMware vSAN is designed to deliver extraordinary performance to your data center. But how do you know it is performing well? And what are some of the ways you can diagnose the root cause of issues when performance doesn’t seem to be what you expected. This session is for the vSAN administrator who is responsible for delivering applications and services powered by vSAN. Learn how common metrics can be used to determine the demands of individual workloads, and their impact on the vSAN powered environment they run in. Learn how to identify anomalies versus patterns of behavior that might warrant further investigation, and remediation.

Dr. Sheldon Coopers Fun with vSAN [1241]
Aaron Dumbrow, VMware
Jase McCarty, Staff Technical Marketing Architect, VMware

Storage costs account for 50% of capital budgets and 75% of the challenges in most modern healthcare environments. Taking into consideration the cost of storage networking, devices, and maintaining complex storage environments, not to mention the exponential growth and retention of these environments. Budgets are too high, systems too complex, and teams too siloed to sustain future healthcare IT needs. vSAN provides an Enterprise storage solution for Healthcare environments, eliminating unnecessary complexity, adding additional functionality, and opening the new dialog for storage and virtualization teams. Because it is built into the kernel of the hypervisor, vSAN can take advantage of additional performance gains, and simplified management.

Continuous Availability with vSAN [1482]
Jase McCarty, Staff Technical Marketing Architect, VMware
Sumit Lahiri, VMware

Understand the design implications and options for deploying vSAN across 2 sites. Best practices, caveats and pitfalls

Successful vSAN for Remote Offices and Branch Offices [1994]
Jeff Hunter, Staff Technical Marketing Architect – Storage and Availability, VMware
Jase McCarty, Staff Technical Marketing Architect, VMware

Are you looking to deploy vSAN to 1 or more remote or branch offices? Come to this session to see how easy and cost effective vSphere and vSAN can be for your Remote Office Branch Office (ROBO) requirements. Have a few locations? Or a few hundred? More? See how vSphere and vSAN can be the most cost effective ROBO combination.

Running the vSAN Witness Appliance in vCloud Air [2463]
Jase McCarty, Staff Technical Marketing Architect, VMware
John Nicholson, Senior Technical Marketing Manager, VMware

Looking to deploy vSAN Stretched Clusters or 2 Node and don’t have a place to run the vSAN Witness Appliance? Attend this session to learn how to run the vSAN Witness Appliance in VMware’s vCloud Air. This session will cover the process of vCloud Air configuration as well as vSAN Witness Appliance preparation and deployment on vCloud Air. This will be a deep dive session and expects attendees to be familiar with vSAN Stretched Clusters or 2 Node vSAN.

Advanced vSAN Design Workload Considerations [2610]
Jase McCarty, Staff Technical Marketing Architect, VMware
Christian Rauber, Solutions Architect, VMware
Bradford Garvey, Solutions Architect, VMware
John Nicholson, Senior Technical Marketing Manager, VMware
Vuong Pham, VMware

vSAN offers revolutionary enterprise storage, but there are key designs principles to consider for specific workloads. You have migrated your workload onto vSAN. Now what? A deeper discussion beyond Hybrid vs. All Flash. How to implement vSAN for Exchange, Oracle, SQL. How vSAN features implementation: FTT, Fault Domains, Clusters, SBPM — All decisions that impact your organization and meeting performance requirements. Adoption of vSAN is accelerating at a faster pace share key success strategies. Notes from the field and lab to maximize your success.


Thanks for the consideration, and I hope these sessions are something that VMworld attendees are looking for.


Read more