Configure the witness network on the vSAN witness host to enable vSAN data network communication to both availability zones.

Procedure

  1. Log in to the Management vCenter Server by using the vSphere Web Client.
    1. Open a Web browser and go to https://sfo01m01vc01.sfo01.rainpole.local/vsphere-client.
    2. Log in using the following credentials.

      Setting

      Value

      User name

      administrator@vsphere.local

      Password

      vsphere_admin_password

  2. In the Navigator pane, expand the entire sfo01m01vc01.sfo01.rainpole.local tree.
  3. Select the sfo03m01vsanw01.sfo01.rainpole.local host, and click the Configure tab.
  4. Under Networking click VMkernel adapters.
  5. In the VMkernel adapters panel, select vmk1 which has witnessPg as Network Label, and click the Edit settings icon.
  6. In the vmk1 - Edit Settings dialog box, click IPv4 settings, select Use static IPv4 settings, enter the following settings and click OK.

    Setting

    Value

    IPv4 address

    172.17.13.201

    Subnet mask

    255.255.255.0

    Default gateway

    Deselected

  7. Provision swap files on vSAN as thin for the vSAN witness host.
    1. In the Navigator pane, click Hosts and Clusters and expand the entire sfo01m01vc01.sfo01.rainpole.local tree.
    2. Select the sfo03m01vsanw01.sfo01.rainpole.local host.
    3. Click the Configure tab and under System click Advanced System Settings.
    4. Click the Edit button.
    5. In the Filter text box, enter vsan.swap.
    6. Change the value of VSAN.SwapThickProvisionDisabled to 1 and click OK.
  8. Create IP Sets and Security Groups on the NSX Manager for the vSAN witness host.
    1. In the Navigator pane click Networking & Security.
    2. Click NSX Managers and click the 172.16.11.65 instance.
    3. Click Manage, click Grouping Objects, and click IP Sets.
    4. Select SDDC, click the Edit IP Set icon.
    5. In the Edit IP Set dialog box, add both witness host management IP address and witness network IP address, 172.17.11.201,172.17.13.201 as IP Addresses and click OK.
    6. Click the Add new IP Set icon. In the New IP Set dialog box, enter the following settings and click OK.

      Setting

      Value

      Name

      vSAN Witness

      IP Address

      172.17.11.201

      Mark this object for Universal Synchronization

      Selected

    7. Click Security Group, click the Add new Security Group icon, enter the following settings and click Next.

      Setting

      Value

      Name

      vSAN Witness

      Mark this object for Universal Synchronization

      Selected

    8. Choose the vSAN Witness IP Set, move it to the Selected column and click Finish.
  9. Enable administrator SSH access to the vSAN witness host.
    1. In the Navigator pane, click Networking & Security and click Firewall.
    2. From the NSX Manager drop-down menu, select 172.16.11.65.
    3. Select the Allow SSH to admins rule, and click the Edit icon in the Destination column.
    4. Change the Object Type to Security Groups, add vSAN Witness to the Selected Objects list, and click OK.
    5. Click Publish Changes.